From fd24204a8e4ccc7b6306f0a9c4e09c19f540fc17 Mon Sep 17 00:00:00 2001 From: Pigbibi <20649888+Pigbibi@users.noreply.github.com> Date: Mon, 11 May 2026 04:28:23 +0800 Subject: [PATCH] Extend IBKR live 2FA post-auth wait --- .github/workflows/main.yml | 2 +- Dockerfile | 1 + container_overrides/run.sh | 22 +++++++++++++++++----- docker-compose.yml | 1 + tests/test_docker_compose_ports.sh | 7 ++++++- tests/test_workflow_shared_config.sh | 2 +- 6 files changed, 27 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 74d0475..1c09e63 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -38,7 +38,7 @@ env: jobs: deploy: runs-on: ubuntu-latest - timeout-minutes: 35 + timeout-minutes: 60 permissions: contents: read id-token: write diff --git a/Dockerfile b/Dockerfile index 426139c..0fff871 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,7 @@ RUN apt-get update && \ libgtk-3-0 \ libxtst6 \ python3-pip \ + x11-apps \ xdotool && \ pip3 install pyotp ib_insync --break-system-packages && \ apt-get clean && \ diff --git a/container_overrides/run.sh b/container_overrides/run.sh index 02c18fe..90b813c 100644 --- a/container_overrides/run.sh +++ b/container_overrides/run.sh @@ -64,6 +64,7 @@ start_vnc() { start_IBC() { configure_ibc_login_dialog_timeout + configure_ibc_second_factor_exit_interval echo ".> Starting IBC in ${TRADING_MODE} mode, with params:" echo ".> Version: ${TWS_MAJOR_VRSN}" echo ".> program: ${IBC_COMMAND:-gateway}" @@ -83,8 +84,9 @@ start_IBC() { echo "$_p" >"/tmp/pid_${TRADING_MODE}" } -configure_ibc_login_dialog_timeout() { - local timeout="${IBC_LOGIN_DIALOG_DISPLAY_TIMEOUT:-180}" +set_ibc_config_value() { + local key="$1" + local value="$2" local files=( "${IBC_INI:-/home/ibgateway/ibc/config.ini}" "/home/ibgateway/ibc/config.ini" @@ -96,14 +98,24 @@ configure_ibc_login_dialog_timeout() { if [ ! -f "$file" ]; then continue fi - if grep -Eq '^LoginDialogDisplayTimeout\s*=' "$file"; then - sed -i -E "s/^LoginDialogDisplayTimeout\s*=.*/LoginDialogDisplayTimeout=${timeout}/" "$file" + if grep -Eq "^${key}\\s*=" "$file"; then + sed -i -E "s/^${key}\\s*=.*/${key}=${value}/" "$file" else - printf '\nLoginDialogDisplayTimeout=%s\n' "$timeout" >>"$file" + printf '\n%s=%s\n' "$key" "$value" >>"$file" fi done } +configure_ibc_login_dialog_timeout() { + local timeout="${IBC_LOGIN_DIALOG_DISPLAY_TIMEOUT:-180}" + set_ibc_config_value "LoginDialogDisplayTimeout" "$timeout" +} + +configure_ibc_second_factor_exit_interval() { + local interval="${IBC_SECOND_FACTOR_AUTHENTICATION_EXIT_INTERVAL:-180}" + set_ibc_config_value "SecondFactorAuthenticationExitInterval" "$interval" +} + configure_ib_gateway_vmoptions() { local parallel_threads="${IB_GATEWAY_PARALLEL_GC_THREADS:-2}" local conc_threads="${IB_GATEWAY_CONC_GC_THREADS:-1}" diff --git a/docker-compose.yml b/docker-compose.yml index 4938361..9d6ac65 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,7 @@ services: - TWOFA_DEVICE=${TWOFA_DEVICE:-} - TWOFA_TIMEOUT_ACTION=${TWOFA_TIMEOUT_ACTION:-restart} - RELOGIN_AFTER_TWOFA_TIMEOUT=${RELOGIN_AFTER_TWOFA_TIMEOUT:-yes} + - IBC_SECOND_FACTOR_AUTHENTICATION_EXIT_INTERVAL=${IBC_SECOND_FACTOR_AUTHENTICATION_EXIT_INTERVAL:-180} - EXISTING_SESSION_DETECTED_ACTION=${EXISTING_SESSION_DETECTED_ACTION:-primary} # Set to no when IBC should use IBKR Mobile push approval instead of # the local TOTP auto-fill helper. diff --git a/tests/test_docker_compose_ports.sh b/tests/test_docker_compose_ports.sh index 1c597e6..4defde2 100644 --- a/tests/test_docker_compose_ports.sh +++ b/tests/test_docker_compose_ports.sh @@ -16,11 +16,15 @@ grep -Fq 'chmod a+x /home/ibgateway/scripts/run.sh' "$dockerfile" grep -Fq 'libgtk-3-0' "$dockerfile" grep -Fq 'libglib2.0-0' "$dockerfile" grep -Fq 'libxtst6' "$dockerfile" +grep -Fq 'x11-apps' "$dockerfile" grep -Fq 'Xvfb "$DISPLAY" -ac -screen 0 "${IB_XVFB_SCREEN:-1024x768x24}" &' "$run_override" grep -Fq -- '-ncache_cr -noxdamage' "$run_override" grep -Fq 'configure_ibc_login_dialog_timeout' "$run_override" grep -Fq 'IBC_LOGIN_DIALOG_DISPLAY_TIMEOUT:-180' "$run_override" -grep -Fq 'LoginDialogDisplayTimeout=${timeout}' "$run_override" +grep -Fq 'set_ibc_config_value "LoginDialogDisplayTimeout" "$timeout"' "$run_override" +grep -Fq 'configure_ibc_second_factor_exit_interval' "$run_override" +grep -Fq 'IBC_SECOND_FACTOR_AUTHENTICATION_EXIT_INTERVAL:-180' "$run_override" +grep -Fq 'set_ibc_config_value "SecondFactorAuthenticationExitInterval" "$interval"' "$run_override" grep -Fq 'configure_ib_gateway_vmoptions' "$run_override" grep -Fq 'find "${TWS_PATH}" -maxdepth 3 -name ibgateway.vmoptions' "$run_override" grep -Fq 'IB_GATEWAY_PARALLEL_GC_THREADS:-2' "$run_override" @@ -34,6 +38,7 @@ grep -Fq ' - READ_ONLY_API=${READ_ONLY_API:-no}' "$compose_file" grep -Fq ' - TWOFA_DEVICE=${TWOFA_DEVICE:-}' "$compose_file" grep -Fq ' - TWOFA_TIMEOUT_ACTION=${TWOFA_TIMEOUT_ACTION:-restart}' "$compose_file" grep -Fq ' - RELOGIN_AFTER_TWOFA_TIMEOUT=${RELOGIN_AFTER_TWOFA_TIMEOUT:-yes}' "$compose_file" +grep -Fq ' - IBC_SECOND_FACTOR_AUTHENTICATION_EXIT_INTERVAL=${IBC_SECOND_FACTOR_AUTHENTICATION_EXIT_INTERVAL:-180}' "$compose_file" grep -Fq ' - EXISTING_SESSION_DETECTED_ACTION=${EXISTING_SESSION_DETECTED_ACTION:-primary}' "$compose_file" grep -Fq ' - IBKR_2FA_AUTOFILL=${IBKR_2FA_AUTOFILL:-yes}' "$compose_file" grep -Fq ' - IBKR_2FA_MAX_SUBMISSIONS=${IBKR_2FA_MAX_SUBMISSIONS:-1}' "$compose_file" diff --git a/tests/test_workflow_shared_config.sh b/tests/test_workflow_shared_config.sh index 4913542..b96f1aa 100644 --- a/tests/test_workflow_shared_config.sh +++ b/tests/test_workflow_shared_config.sh @@ -8,7 +8,7 @@ grep -Fq 'GCP_PROJECT_ID: interactivebrokersquant' "$workflow_file" grep -Fq 'providers/github-ibkr-gateway-main' "$workflow_file" grep -Fq 'ibkr-gateway-deploy@interactivebrokersquant.iam.gserviceaccount.com' "$workflow_file" grep -Fq 'id-token: write' "$workflow_file" -grep -Fq 'timeout-minutes: 35' "$workflow_file" +grep -Fq 'timeout-minutes: 60' "$workflow_file" grep -Fq 'sync_github_secrets_to_secret_manager:' "$workflow_file" grep -Fq 'deploy_mode:' "$workflow_file" grep -Fq 'workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}' "$workflow_file"