View Issue Details

IDProjectCategoryView StatusLast Update
00033183 - Current Dev ListBugpublic2019-09-14 02:24
ReporterPD9FERAssigned ToPD9FER 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version6.7.0.226 
Summary0003318: Passwords containing non Alpha characters are converted
DescriptionWhen having a LoTW account or QRZ one and your login pass contains special Chars like !@#$%^&*()_+
These will not be sent correctly when customer wants to upload their log.
Steps To ReproduceGo to the LoTW site
Change your password and add some NON Alpha chars to it
In Logbook define the password and try to upload.

It will fail.
TagsNo tags attached.
ModuleLogbook
Sub-ModuleGeneral
TestingNot Started

Activities

K7ZCZ

2019-05-23 17:12

administrator   ~0007943

My password has numeric characters an works fine.

Maybe this bug report actually means to say "non-alphanumeric". Can you please clarify?

Also, there are at least two different ways to upload to LOTW. Can you please specify which one you're using when experiencing this problem?

PD9FER

2019-05-24 03:09

updater   ~0007944

With a little common sense you would have seen I mentioned "contains special Chars like !@#$%^&*()_+"
And it does not matter which upload you use... it's the same and that also goes for QRZ.com upload

K7ZCZ

2019-05-24 16:13

administrator   ~0007945

In email, Ferry explained that the issue is special characters of a certain set that's causing the issue, not that all non-alphabetic characters are a problem.

K7ZCZ

2019-05-25 12:28

administrator   ~0007948

Last edited: 2019-05-26 18:15

View 2 revisions

There seems to be at least a little confusion about which characters are actually causing problems. Turns out that not all non-alpha characters are reported, so I'm ignoring that part of the report. Of the set given {!@#$%^&*()_+} I'm not able to reproduce a problem with %, ^, _, or ".

The LOTW website places the password in the URL string (ugh!), which means some characters should be escaped when sent. I've added code which escapes the characters specified in RFC 3968 as reserved; these are {:/?#[]@!$&'()*+,;=}. I was able to reproduce issues with these characters in passwords, and this is the technically correct fix.

If there are still problems with {%^_"}, then please write up steps that demonstrate the issues with those characters and I can have a look.

The repro steps provided are vague, so I want to document what I specifically examined and tested. There are four separate ways to reproduce this issue. The'll all start with the logbook open:

1) start up the logbook
2) open a database with at least one new QSO in it -- at least one QSO not previously sent to LOTW
3) visit lotw.arrl.org to set your password appropriately for testing

The first way is with an LOTW download:

3) Right-click on the logbook database view to get a context menu
4) In the context menu, choose the "File" tear-off
5) In the the File tear-off, choose "LOTW"
6) In the "LOTW" tear-off, choose "Download"
7) In the resulting "LOTW" dialog, enter the password in the "Password" field.
8) Press the "Download" button

BUG#1) The download appears to work, but it really doesn't -- the error reporting here is terrible. You'll notice that the "LOTW Import" window says "Contains 0 records". Try using the "View ADIF" button, and you'll find that the ADIF file isn't ADIF at all. Instead, it's HTML text explaining the password verification failure.

Then with an LOTW upload:

9) Right-click on the logbook database view to get a context menu
10) In the context menu, choose the "File" tear-off
11) In the the File tear-off, choose "LOTW"
12) In the "LOTW" tear-off, choose "Upload"
13) In the resulting "LOTW" dialog, enter the password in the "Password" field.
14) Press the "Upload" button

BUG#2) This message appears, and the contacts fail to upload:

---------------------------
HRD Logbook
---------------------------
LOTW verification Failed!
Please check the HRD logfile located in Logbook under View/Logfile for details.
---------------------------
OK
---------------------------

BUG#3) Note that the status box at the bottom of the LOTW dialog says "Login: Logon OK", but the logon actually didn't work. That fact can be verified in the Logfile view of the logbook, which reports these two conflicting lines:

09:59:29  LOTW Login                    Logon OK
09:59:29  GetHttpConnection             Failure ........: Login


The "Logon OK" message is erroneously reported because a page of HTML came back rather than any useful status info.

Steps 7 and 8 can be performed after pressing the "LOTW Download" button in the Logbook database toolbar. Steps 13 and 14 can be performed after pressing the "LOTW Upload" button in the Logbook database toolbar. These toolbar buttons run the same code as the menu-based instructions.

The state of error handling in this feature is unacceptable, and it must be fixed. I'll open separate issues to track that work. This issue only tracks the problems with passwords being encoded for URLs.

K7ZCZ

2019-05-25 12:37

administrator   ~0007949

As above -- note that I'm only partially able to reproduce the reported issue.
https://hrdsoftware.visualstudio.com/HRD/_versionControl/changeset/4995

PD9FER

2019-06-01 06:15

updater   ~0007968

Does this also fixes it for QRZ?

K7ZCZ

2019-06-01 08:38

administrator   ~0007969

This doesn't attempt to fix QRZ. If something to do with QRZ has issues, then a separate Mantis issue should be opened to facilitate tracking and documentation. Please remember to include a clear description and repro steps for the issue your'e reporting.

PD9FER

2019-06-01 09:32

updater   ~0007970

If you see the Description., you will see QRZ is mentioned having the exact same issue

K7ZCZ

2019-06-02 13:12

administrator   ~0007971

Please open a separate Mantis issue with a clear description and repro steps for the QRZ issue. It's best to use individual Mantis issues for tracking each issue in the software.

Issue History

Date Modified Username Field Change
2019-05-23 14:31 PD9FER New Issue
2019-05-23 17:09 K7ZCZ Project 1 - Backlog => 2 - Next Dev List (Holding Area)
2019-05-23 17:10 K7ZCZ Project 2 - Next Dev List (Holding Area) => 3 - Current Dev List
2019-05-23 17:12 K7ZCZ Assigned To => K7ZCZ
2019-05-23 17:12 K7ZCZ Status new => feedback
2019-05-23 17:12 K7ZCZ Note Added: 0007943
2019-05-24 03:09 PD9FER Note Added: 0007944
2019-05-24 03:09 PD9FER Status feedback => assigned
2019-05-24 11:18 K7ZCZ Assigned To K7ZCZ =>
2019-05-24 16:13 K7ZCZ Note Added: 0007945
2019-05-25 12:28 K7ZCZ Note Added: 0007948
2019-05-25 12:37 K7ZCZ Assigned To => K7ZCZ
2019-05-25 12:37 K7ZCZ Status assigned => resolved
2019-05-25 12:37 K7ZCZ Resolution open => fixed
2019-05-25 12:37 K7ZCZ Note Added: 0007949
2019-05-25 15:51 WA9PIE Assigned To K7ZCZ => WA9PIE
2019-05-25 15:51 WA9PIE Assigned To WA9PIE =>
2019-05-26 18:15 K7ZCZ Note Edited: 0007948 View Revisions
2019-06-01 06:15 PD9FER Note Added: 0007968
2019-06-01 08:38 K7ZCZ Note Added: 0007969
2019-06-01 09:32 PD9FER Note Added: 0007970
2019-06-02 13:12 K7ZCZ Note Added: 0007971
2019-06-15 11:36 WA9PIE Project 3 - Current Dev List => 2 - Next Dev List (Holding Area)
2019-08-30 13:40 K7ZCZ Project 2 - Next Dev List (Holding Area) => 3 - Current Dev List
2019-08-30 15:16 K7ZCZ Fixed in Version => 6.7.0.226
2019-09-14 02:24 WA9PIE Assigned To => PD9FER