Meshcentral Router hanging with 2FA

[Taapo]

Using the win32 version of the router, when I have 2FA enabled, it hangs upon startup (had it working once after restarting computer, but not when trying a second time).

When I disable 2FA in meshcentral, all is good and works flawlessly.

[PetieM]

This sounds like what is happening to me (#3344) but I haven't found a fix yet. It seems somewhat inconsistent and isn't affecting all users but is consistently freezing for my account. I worked around it by copying the 2FA token from my browser to the registry but it only works for as long as the token is valid. For reference, the registry path is HKEY_CURRENT_USER\SOFTWARE\Open Source\MeshCentral Router and you'd be updating the TwoFactorCookie key.

[Ylianst]

You can run MeshCentral Router like this:

MeshCentralRouter.exe -debug -tlsdump

When make it jam and send me the "debug.log" file that will be created in the same folder as the MeshCentral Router executable. You can send me the debug.log privately using my contact info here.

If I can replicate this issue, I am sure I can fix it quietly.

[Ylianst]

Ylianst/MeshCentralRouter#70 has a debug.log already. I will take another look at this, but as usual, the difficult part is making it happen on my computers.

[PetieM]

So, I just reproduced this when I tried to log in with the "don't ask" checkbox checked which resulted in the usual freeze. When I killed the task and re-ran MeshCentral Router with the debug and tlsdump flags, it logged in perfectly and correctly remembered my 2FA token so I'm not entirely sure what's going on here at this point.

[philerb]

I've been running into this issue for a while when trying to launch MeshRouter on any of my computers, but chose to ignore it just launch it via the web interface, which worked just fine. As such, it didn't occur to me that it was only happening when trying to save my 2FA - but that's definitely what's happening.

I've been able to produce this consistently on my Windows 10 and Windows 11 laptops.

If I launch MeshRouter (v1.8.8332) ... enter my server, username, and password ... enter my 2FA key and DO NOT check the box to "Don't ask for 30 days" ... I'm logged in as expected and my list of systems appears.

If, however, I DO check the box to "Don't ask for 30 days" ... I'm logged in, but the list of systems is blank and the window is unresponsive. I've left it sit for up to 15 minutes and it just stays like that.

After that happens, if I forcefully close MeshRouter and launch it again, I can enter my credentials and am then prompted for my 2FA key. If I do not check the box to not ask for it, then everything works just fine.

I've captured debug logs for both cases - when I check the box and when I don't - to send over to Ylian, in case he has a chance to look into this issue. But at least now I know how to work around it, thanks to stumbling across this bug report.

[trentdavis]

I've been running into this issue for a while when trying to launch MeshRouter on any of my computers, but chose to ignore it just launch it via the web interface, which worked just fine. As such, it didn't occur to me that it was only happening when trying to save my 2FA - but that's definitely what's happening.

I've been able to produce this consistently on my Windows 10 and Windows 11 laptops.

If I launch MeshRouter (v1.8.8332) ... enter my server, username, and password ... enter my 2FA key and DO NOT check the box to "Don't ask for 30 days" ... I'm logged in as expected and my list of systems appears.

If, however, I DO check the box to "Don't ask for 30 days" ... I'm logged in, but the list of systems is blank and the window is unresponsive. I've left it sit for up to 15 minutes and it just stays like that.

After that happens, if I forcefully close MeshRouter and launch it again, I can enter my credentials and am then prompted for my 2FA key. If I do not check the box to not ask for it, then everything works just fine.

I've captured debug logs for both cases - when I check the box and when I don't - to send over to Ylian, in case he has a chance to look into this issue. But at least now I know how to work around it, thanks to stumbling across this bug report.

I'm having this precise issue. Have we found a fix yet?

[si458]

i know what the bug is its crashing when asking the meshcentral server for a 2fa cookie for later use sendCommand: {"action":"twoFactorCookie"} but the meshcentralserver never gets the request for the cookie?

EDIT: its this line causing the issue https://github.com/Ylianst/MeshCentralRouter/blob/ebaa8c5b0ce26bdf4a4be30955cbaad689e8c900/src/MainForm.cs#L1135 if (tokenRememberCheckBox.Checked) { meshcentral.sendCommand("{\"action\":\"twoFactorCookie\"}"); }

[si458]

Hi all, just wanted to update i think ive fixed the issue, for some reason when the app calls the twoFactorCookie action (because you ticked the save token for x days), it appears to just HANG because the SendFragment in websocketclient.cs of meshcentralrouter seems to try locking something? and for some reason its hanging when it tries to lock, so a simply fix is to just delay running that command for 2 and a half seconds, then it works no problem! no crashing! if you want to try my build its attached here with the fix from the PR attached make sure to click ignore or NOT update when it probs for a different version MeshCentralRouter.zip

[philerb]

Hi all, just wanted to update i think ive fixed the issue, for some reason when the app calls the twoFactorCookie action (because you ticked the save token for x days), it appears to just HANG because the SendFragment in websocketclient.cs of meshcentralrouter seems to try locking something? and for some reason its hanging when it tries to lock, so a simply fix is to just delay running that command for 2 and a half seconds, then it works no problem! no crashing! if you want to try my build its attached here with the fix from the PR attached make sure to click ignore or NOT update when it probs for a different version MeshCentralRouter.zip

Confirmed that this version (v1.8.8795.35235) works for me when checking the option to not ask for MFA for 30 days. Thanks!!

[si458]

glad it works @philerb! i have no idea if the version number is the same as what you download from the web ui? can u tell me at all? i just learnt a little C lang, found the line causing the bug, recompiled it with the timer fix, and then uploaded it for other to try!

[philerb]

v1.8.8795.35235 is what you provided in the ZIP file above. That works for me.

I'm on v1.1.20 of MeshCentral and the version of Router available in my web ui is 1.8.8680.22189, which does not work with remembering MFA. But using your version of Router does work.

[si458]

@philerb great thank you! im guessing visual studio 2022 is increasing the version number every time i recompiled the exe haha!

[smartekIT]

Hi all, just wanted to update i think ive fixed the issue, for some reason when the app calls the twoFactorCookie action (because you ticked the save token for x days), it appears to just HANG because the SendFragment in websocketclient.cs of meshcentralrouter seems to try locking something? and for some reason its hanging when it tries to lock, so a simply fix is to just delay running that command for 2 and a half seconds, then it works no problem! no crashing! if you want to try my build its attached here with the fix from the PR attached make sure to click ignore or NOT update when it probs for a different version MeshCentralRouter.zip

Well my workaround to this long time ago, was logging to the webUI in the browser, then in the browser console (F12) look for the cookies value of "twoFactorCookie" then add that as a key in the windows registry in the router windows registry node. this way it doesn't even prompt for 2FA because the cookie value i copied from the browser was already set to not expire for the next 30 days. I know it was an ugly workaround and hope yours would fix this issue permanently.

[si458]

@smartekIT good idea! Never thought of that!