False Failed Login Notifications

My HA instance often has a notification that an attempt to login has failed. I have my instance behind my firewall and I use VPN to access it. In addition the IP address of the failed attempt is from my known iPhone IP. So I know the problem is a false failed login detection.

I find this happens when I connect to the system via VPN from my phone.

The steps I take are

  1. Start the VPN connection from my phone
  2. Launch the HomeAssistant app.
    At this point the app spins trying to connect and I have to do one of two things to make it connect.
    a) swipe kill the app and re-launch
    b) tap one the"Devices and Zones" icon and select Done (this reloads the app and it works on reload. Oddly if I use the reload icon to attempt reload it just fails. I found the hack of opening the Devices and Zones page and dismissing it through trial and error.

This was fine until they release the new authentication system. Now doing these steps always causes the HA system to detect what it thinks is a failed login. I don’t understand why that is. The app has the login and password stored so I don’t see how it is passing incorrect data to the HA system.

I think this is a bug related to my specific use case of using a VPN to access HA. But I know others do this so I was wondering if others are experiencing the same issue.

What is the best way to report this bug to the developers?

Same issue here

I’m experiencing a similar issue.

I’m getting false failed login notifications on my iOS app (tried with the current beta and with the official app store version) whenever I’m not on my local network (so when I’m not at home) and when I open entity details (i.e. open a camera image, clicking on a number to access the graph, and similar). It happens seemingly random - so not each and every time I do this. It never happens when the app is just opened and access is made.

I’m logged in to the app with my username and password (new auth), so legacy auth is turned off in the app. I, however, do have the api_password configured in my http component because I still need it.

robbiet480 if you think I should report this to the 1.5.0 Feedback thread (or GitHub repo issues) please let me know and I will.

@milosm I don’t think it’s the latest version causing it. I get them on the mobile app since they added security as a user/login. I think it happens mostly when my mobil app was launched previously either on or off my VPN and then when I switch to the opposite then the app fails. I then have to force kill it or sometimes switching tabs fixes it. But then I get the failed login. Not sure what is causing it but the failed attempt always comes from my iPhone.

As of yesterday I’m suddenly getting failed APIs calls from 127.0.0.1 despite this being in my trusted networks.

http:
    api_password: !secret http_api
    trusted_networks:
     - 192.168.1.0/24
     - 127.0.0.1

The .log is not very helpful. It would be much better if it also recorded the call that failed - then I might stand a chance of finding what’s calling it rather than not having the slightest clue.

I’m also running iOS app - however the source is 127.0.0.1 AND it’s trusted…

I’ve recently disabled the legacy auth (don’t have api_password configured anymore), Home Assistant and the iOS app (beta) are both updated to the latest version and I still occasionally get the failed login notification, always when clicking on an entity to view it’s graph or opening a camera live stream. Very strange behaviour…

Interesting, I use camera live stream a lot I bet this is where the issue resides.

Same issue here, but without really making any changes of network…
I noticed that the Mobile App sometimes hangs… or it take some time to reload the current view with the most up2date info, I think on those attempt to reload somethings goes south… and HA reports login filed, which is obviously not true as the App is on an already logged-in state (And just to clarify, the fact that the mobile App is the one causing this is confirmed by the IP address within the failed login notification)

I’ve read on another thread, related to the iOS App, that not enabling “Advanced Options” might help, will give it a try.