forum

Since 2.3.5 I have some strange behaviour with browser-login.
First login after restarting zway works just fine. Some while later a new loging trial runs into authentication failure.

The log shows the following output:

This is related to some of the enabled module leaving OpenSSL in some wrong state.

Can you give us more info to let test this?

This happened after some while (couple of hours) being logged in the UI, although inactive most of the time.
As soon as I actively logout then and try to re-login, this happened, regardless of the browser. When this error occurs, they is no login possible anymore (Also not from other browsers e.g. Safari, Google Chrome) until I finally restart zwave.
Immediately before I logged out from Google Chrome I was still able to reload screens and do things in the UI. Just after that I couldn't immediately re-login again...
So I am not really sure if it's a combination between a server side session/cookie timeout or such.
Will keep you informed if I find more informations...

This problem is not related to your browser. During login SHA512 is used (from OpenSSL lib) to check your password. We have noticed before that some unpredictable state of OpenSSL might lead to the impossibility to use this function anymore. This can happen after wrong usage of HTTPS, wss websockets or something else that uses OpenSSL.

The question is what is causing it on your side. We need to reproduce it to understand how to fix.

Newer OpenSSL might are better separating different contexts, bit on most platforms it is still not adopted

Hmm...okay. I think I just found a way how to reproduce it.
Interestingly it even seems to be related to my other websocket disconnect problem.
Here is what I did:

1. Login into zwave and go to Apps (where I used a JS-App to connect to my test websocket server)
2. Try to activate the JS-App which tries to connect to websocket (and unsuccessfully disconnects)
3. Logout of UI
4. Try to login again and then the problem occurs.

So it's related to the websocket situation...

root@raspberrypi3-jkl1:~# tail -f /var/log/z-way-server.log
[2017-08-12 21:30:43.586] [core] --- Starting module Load custom JavaScript code
[2017-08-12 21:30:43.741] [core] Executing script: var knausock = new sockets.websocket("ws://192.168.1.61:9000","toptron-protocol"); ...
[2017-08-12 21:31:00.861] [E] [HTTP] Callback execution error: Error: Invalid digest
at Error (native)
at Object.crypto.sha512 (zway/crypto:25:51)
at hashPassword (automation/Utils.js:72:51)
at ZAutomationAPIWebRequest._.extend.verifyLogin (automation/ZAutomationAPIProvider.js:281:181)
at ZAutomationAPIWebRequest.ZAutomationWebRequest.handleRequest (automation/WebserverRequestRouter.js:259:41)
at automation/WebserverRequestRouter.js:32:35
at WebServer.document_root (automation/Webserver.js:35:11)