Skip to content

Login fails with passwords containing special characters ($, +, =) #63

New issue
New issue
Open
#65
Open
Login fails with passwords containing special characters ($, +, =)#63
#65
@kwaczek

Description

@kwaczek
kwaczek
opened on Feb 26, 2026

Bug Description

Login fails with an IndexError when the account password contains special characters, specifically $, +, or =.

Steps to Reproduce

  1. Have a Rohlik.cz account with a password containing $ (e.g. Abc123$xyz+)
  2. Install the integration via HACS (v0.4.0)
  3. Add the integration from Devices & Services
  4. Enter email and password
  5. Login fails with "Unknown exception"

Error Log

Logger: custom_components.rohlikcz.config_flow
Source: custom_components/rohlikcz/config_flow.py:50

Traceback (most recent call last):
  File "/config/custom_components/rohlikcz/config_flow.py", line 50, in async_step_user
    info, data = await validate_input(self.hass, user_input)
  File "/config/custom_components/rohlikcz/config_flow.py", line 25, in validate_input
    reply = await api.get_data()
  File "/config/custom_components/rohlikcz/rohlik_api.py", line 196, in get_data
    result["login"] = await self.login(session)
  File "/config/custom_components/rohlikcz/rohlik_api.py", line 134, in login
    raise RohlikczError(f"Unknown error occurred during login: {login_response["messages"][0]["content"]}")
IndexError: list index out of range

Root Cause Analysis

Two issues at play:

1. Password with special characters causes authentication failure

The same credentials work perfectly when tested directly against the Rohlik API via curl or from outside HA. Changing the password to one without special characters ($, +, =) immediately resolves the issue. This suggests the password is getting mangled somewhere in the request chain inside HA (possibly URL encoding of the JSON payload, or the requests session handling special chars differently in the HA Python environment).

2. Empty messages array not handled in error path

When the login fails with a non-200, non-401 status, the Rohlik API sometimes returns an empty messages array ([]). The current code on line 134 assumes messages[0] exists:

raise RohlikczError(f"Unknown error occurred during login: {login_response["messages"][0]["content"]}")

This causes an IndexError instead of a meaningful error message.

Suggested Fix

if login_response["status"] != 200:
    # Safely extract error message
    messages = login_response.get("messages", [])
    error_detail = messages[0]["content"] if messages else f"status code {login_response['status']}, no message provided"
    
    if login_response["status"] == 401:
        raise InvalidCredentialsError(error_detail)
    else:
        _LOGGER.error(f"Login failed. Status: {login_response['status']}, Full response: {mask_data(login_response)}")
        raise RohlikczError(f"Unknown error occurred during login: {error_detail}")

This would:

  • Prevent the IndexError on empty messages
  • Log the full (masked) response for debugging
  • Include the status code in the error message

Workaround

Change your Rohlik.cz password to one that does not contain $, +, or = characters.

Environment

  • HA-RohlikCZ version: v0.4.0 (via HACS)
  • Home Assistant: latest

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions