Account "enabled" switch setting itself to off (#24)
Artur Hefczyc opened 8 years ago

This actually happens on all version I tested so far.

I have 2 accounts: kobit@tigase.org and artur.hefczyc@tigase.org. The account kobit@tigase.org connects to the server without any problems for most of the time. The other account: artur.hefczyc@tigase.org often fails to authenticate. I would say that it logins OK and login fails half/half. When the login fails it sets the account enabled to off switch and no longer attempts to connect. While I understand the logic behind this when the login credentials are incorrect, the account actually successfully logins sometimes.

Andrzej Wójcik (Tigase) commented 8 years ago

While account is set to disabled you should get error page with information that it failed to authenticated. Do you get this alert?

Yes, I disable account if it fails to authenticated due to wrong password, but only when I get error from server about sasl failure.

The real question here is why server fails to authenticate this account randomly. I have my 2 accounts used with 2 devices and I do not get any authentication exceptions on any of them. 100% successful authentication rate.

Before I will follow with logs analysis on server side to find cause of this issue, could you tell me how would you like to improve user experience in this case?

Maybe I should try 5 times before reporting error? But I do not think this is a good solution for password error.

Artur Hefczyc commented 8 years ago

Andrzej Wójcik wrote:

While account is set to disabled you should get error page with information that it failed to authenticated. Do you get this alert?

Yes, I get this error message (authentication failed or something like this) if the application is running as the primary application on iOS but sometimes, when it runs in background, then I just find the account disabled and that's it.

Yes, I disable account if it fails to authenticated due to wrong password, but only when I get error from server about sasl failure.

The real question here is why server fails to authenticate this account randomly. I have my 2 accounts used with 2 devices and I do not get any authentication exceptions on any of them. 100% successful authentication rate.

That's strange. I am having SASL problems with bot framework (JaXMPP) on RPi quite frequently. I even shared exceptions with %bmalkow already. He cannot replicate the problem but it does happen often to me. Even more strange, that I get SASL exception from JaXMPP but the XMPP connection appears to be OK and everything is working correctly.

Before I will follow with logs analysis on server side to find cause of this issue, could you tell me how would you like to improve user experience in this case?

Maybe I should try 5 times before reporting error? But I do not think this is a good solution for password error.

Yes, I think retrying authentication would be a good idea but not as a solution but rather to track this down somehow. I wonder if you could build-in the app some additional debug options which would provide you with more information about such a case.

On the other hand, it is possible that authentication fails sometimes due to some network errors maybe. So retrying before disabling account might be a good idea.

Artur Hefczyc commented 8 years ago

I experience the problem all the time. The error message when I see it is:

"Authentication issue

Authentication for account artur.hefczyc@tigase.org failed:

aborted

Verify provided account password"

Then account is disabled. When I enable it back without changing any account settings it usually logins correctly. I wonder if this has something to do with the fact that both accounts attempt to login at the same time to the same server? On the other hand, as explained before I also get SASL exceptions from JaXMPP even though the login is successful and everything is working fine after that.

Why it is only me, who experience this?

Artur Hefczyc commented 8 years ago

Any update on this? It still happens with the most recent version today.

Artur Hefczyc commented 8 years ago

I was thinking if retrying to login before making the account inactive would be a solution. However, first of all it would be rather masking the problem rather than solving it and secondly retrying does not always work either. Sometimes I have to retry a few times, 3, 4 before successful login. I think this is something we have to get to the bottom of this.

Andrzej Wójcik (Tigase) commented 8 years ago

First of all, I have not worked on this task yet, so this issue exists. However as I mentioned before it always works for me.

I agree. We should get to the bottom of this issue. I will look into this.

Andrzej Wójcik (Tigase) commented 8 years ago

Ok, after first look it seams that this behavior can occur if your connection is weak and connection is dropped when client tries to send <auth/> stanza to server. In this case SaslError.aborted is fired.

I will work on a fix by ignoring SaslError of type aborted as there is no indication that password is wrong, so we should not disable this account - just try to reconnect.

%kobit What do you think? Is is possible that it is caused by poor network connection?

Andrzej Wójcik (Tigase) commented 8 years ago

I've changed handling of SASL aborted error which should fix this issue.

New build is being processed by AppStore and will be release as a new test build in test flight.

Let me know if this fixes issue.

Artur Hefczyc commented 8 years ago

Yes, indeed. I downloaded the last version right after you published it. The accounts no longer becomes inactive although I can see that authentication takes longer time then for the other account. The other account turns green right away and this problematic one, stays yellow/orange for a while and they turns green.

I consider the problem resolved, although I am still concerned that this happens. Your explanation makes sense but it does not convince me in this particular case. Both accounts are on the same server and domain tigase.org. Both start to login at the same time and one account always logins successfully and the problem happens always for the other account.

Andrzej Wójcik (Tigase) commented 8 years ago

%kobit I start reconnection process account after account. Reconnection process should be done on both accounts at the same time. However if for some reason your network is slow and accounts and one account would wait until other account finishes then it could lead to situation in which second account would not connect in limited time we have and this would lead to exception due to failed connection once account finally tries to send authentication request.

Artur Hefczyc commented 8 years ago

I do not think this is a case here. I tested this on my WiFi (300Mb) and on LTE. When application was opened, one account connected right away, send displayed SASL error. When retried for this one account only, I got another SASL error. It could be 3 or 4 attempts until successful login.

So, while your explanation could make sense, just after application is opened and both accounts tried to connect (although highly unlikely with the connectivity I have), subsequent attempts/retries were run for a single account only. Also, the problem manifested itself always for the same account only, never for the other. From your description, I get this would be random, although order in which accounts were added to the app can matter I guess as this make imply the order authentication is performed.

In any case, in the updated version I no longer experience the same problem. I usually see an orange dot next to this problematic account for a while just after I open the app.

I opened the ticket only to get some feedback from you, not because I want you to do additional work on this. You can close the ticket if you have nothing to add.

issue 1 of 1
Type
Consulting
Priority
Normal
Assignee
RedmineID
4652
Version
Public testflight version.
Issue Votes (0)
Watchers (0)
Reference
tigase/_clients/siskin-im#24
Please wait...
Page is in error, reload to recover