Hi,
When setting (in System config) “Clear failcounter after minutes” to value 1 or …
U2F auth or TOTP fails to the privacyidea server with:
“Authentication failed. ‘NoneType’ object has no attribute ‘read’”
removing value restores expected behavior.
Can you please add the privacyidea.log and paste it at github.com/privacyidea/privacyidea as an issue.
Thanks!
Hi,
there is bug in file lib/tokenclass.py, function def check_failcount(self). In following code:
if timeout :
now = datetime.datetime.now(tzlocal())
failcounter_exceeded = parse_legacy_time(self.get_tokeninfo(
FAILCOUNTER_EXCEEDED), return_date=True)
if now > failcounter_exceeded + datetime.timedelta(minutes=timeout):
self.reset()
If you have ‘timeout’ set in config table.Reading nonexistent value for FAILCOUNTER_EXCEEDED causes failure in function parse_legacy_time. You can bypass this by replacing test ‘if timeout’ for ‘if 0:’ (it destroys unlocking accounts/tokens) or you can replace for condition ‘if (timeout > 0) and (self.token.failcount >= self.token.maxfail):’. Not the best but it the rest of code is OK, reading FAILCOUNTER_EXCEEDED should return time when your account/token is locked.
FAILCOUNTER_EXCEEDED is set when you have more failures on login then maxfail value. Better way of code repair is to repare reading FAILCOUNTER_EXCEEDED and check on return value (date validity) or assign some reasonable time (zeroes / now() / who knows what time).
I use:
if (timeout > 0) and (self.token.failcount >= self.token.maxfail):
now = datetime.datetime.now(tzlocal())
failcounter_exceeded = parse_legacy_time(self.get_tokeninfo(
FAILCOUNTER_EXCEEDED), return_date=True)
if now > failcounter_exceeded + datetime.timedelta(minutes=timeout):
self.reset()
Give a try.
Regards
Simple, clean code. Nice. Thanks.