TelegramMessenger
Persistent Passcode Lockout Error ("Try again in 1 minute")
Checklist
- [x] I am reporting an issue in existing functionality that does not work as intended
- [x] I've searched for existing GitHub issues
Description
The app incorrectly displays the "Try again in 1 minute" error message for the passcode entry screen, even after extended waiting periods (over an hour), device restarts, and app offloading and reinstalling. This prevents the user from accessing the app.
Expected Behavior
After entering the correct passcode following the initial 1-minute lockout, the app should allow access. Restarting the device or reinstalling the app should also clear any temporary lockout states.
Actual Behavior
The "Try again in 1 minute" message remains indefinitely, preventing app access.
Steps to Reproduce
- Enter the incorrect passcode multiple times (6 or more) to trigger the "Try again in 1 minute" message.
- Wait for the indicated minute.
- The error message persists.
- Restart the device.
- The error message persists.
- Offload and reinstall the app.
- The error message persists.
Code Analysis (Based on Review):
The PasscodeEntryControllerNode.swift file contains the logic for handling failed passcode attempts.
-
The shouldWaitBeforeNextAttempt() function checks if the user should be locked out based on the number of failed attempts and the time elapsed since the last attempt. The waitInterval is set to 60 seconds.
-
The updateInvalidAttempts(_ attempts: AccessChallengeAttempts?, animated: Bool = false) function displays the "Try again in 1 minute" message when the lockout is active and starts a timer.
-
The timer is intended to clear the message after the waiting period, but there might be an issue with how the invalidAttempts state or the timer is managed, causing it to persist.
-
The code also checks for boot timestamp changes, which should, in theory, help reset the lockout state across device restarts.
Possible Root Causes (Based on Analysis):
-
Persistent invalidAttempts State: The invalidAttempts data (count and timestamp) might be incorrectly saved and loaded, and not cleared by app offload/reinstall or device restarts.
-
Issue with State Reset: A bug might exist that prevents the app from correctly resetting the failed attempt state under certain conditions.
Screenshots and Videos
Additional Information:
Has tried restarting the device, shutting it down and waiting, offloading, and reinstalling the app, all without success.
Environment
Device: iPhone 11 Pro
iOS version: 17.6.1
App version: 11.11.1
Another insight from Claude as i checked within this situations:
The Bug may come from this Code: Telegram-iOS/submodules/PasscodeUI/Sources/PasscodeEntryControllerNode.swift
private func shouldWaitBeforeNextAttempt() -> Bool {
if let attempts = self.invalidAttempts {
if attempts.count >= 6 {
var bootTimestamp: Int32 = 0
let uptime = getDeviceUptimeSeconds(&bootTimestamp)
if attempts.bootTimestamp != bootTimestamp {
return true
}
if uptime - attempts.uptime < waitInterval {
return true
} else {
return false
}
} else {
return false
}
} else {
return false
}
}
The key issue is this logic:
The code checks if the current device boot timestamp matches the stored one. If the timestamps don't match (meaning the device has restarted since the attempts were recorded), it returns true - keeping you locked out.
This is causing your problem - the device boot timestamp stored with your failed attempts doesn't match your current boot timestamp, so the condition attempts.bootTimestamp != bootTimestamp is true, causing the function to return true indefinitely.
The question is: Is this a feature to let user not able to enter the right passcode after > 6 failed attempts and the phone rebooted? if Not then please update this , because locked with account that has networking and wallet with balance is not a good feeling. Thank you
