Seventeentrack "Invalid username and password provided" #19020

hamishfagg · 2018-12-04T20:57:15Z

Home Assistant release with the issue:
0.83.3

Last working Home Assistant release (if known):
None

Operating environment (Hass.io/Docker/Windows/etc.):
Docker

Component/platform:
https://www.home-assistant.io/components/sensor.seventeentrack/

Description of problem:
This component reports "Invalid username and password provided" even though the user details are definitely correct.

Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):

- platform: seventeentrack
  username: EMAIL_ADDRESS
  password: YOUR_PASSWORD

The configuration above is in a "sensors.yaml" file alongside a large number of other sensors that are operating correctly. Info that may be relevant:

My email address starts with a number
The password is only alpha-numeric
Neither are in quotes

The text was updated successfully, but these errors were encountered:

fabaff · 2018-12-04T21:39:27Z

The error you see is thrown if the API reported a login error. Try it with quotes, just to be sure.

hamishfagg · 2018-12-04T22:05:25Z

Try it with quotes, just to be sure.

Yeah same error with e 8000 mail and password quoted.

bachya · 2018-12-06T04:30:13Z

Try running the example script that comes along with py17track. In a terminal:

Clone the py17track repo: $ git clone https://github.com/bachya/py17track.git
cd into it: $ cd py17track/
Initialize the dev environment: $ make init
Edit example.py by adding your username and password on line 14.
Run the example script: $ pipenv run python example.py

Post your results here (feel free to remove individual tracking numbers if desired).

hamishfagg · 2018-12-06T06:11:30Z

The output of that script is below:

INFO:root:Account ID: None
INFO:root:Account Summary: {}
INFO:root:Package Summary: []

EDIT: I get the feeling this is because 17track sometimes asks for a captcha. Their page might return 'incorrect username/password' when you don't supply a captcha response when it asks. But I'm guessing.

EDIT AGAIN: I have just tried the same on a machine that's not headless, so that I can log in on the same machine first. Unfortunately I get the same thing, and printing the raw response from the login request is:

{'Code': -10010401, 'Message': 'The email or password you entered is incorrect.'}

bachya · 2018-12-06T15:31:09Z

I just updated py17track to hopefully show a better look at what’s going on; let’s try that.

From within the py17track directory:

Undo the changes to example.py: $ git checkout -- example.py
Get my latest changes: $ git pull origin master
Open example.py for editing.
Use DEBUG-level logging on line 15: logging.basicConfig(level=logging.DEBUG)
Once again, input your email and password on line 21.
Close the file.
Run it: $ pipenv run python example.py

Thanks for the debugging help!

hamishfagg · 2018-12-06T18:22:44Z

Hi again,

Here's the output, it doesn't show much else =(

DEBUG:py17track.profile:Login response: {'Code': -10010401, 'Message': 'The email or password you entered is incorrect.'}
{'Code': -10010401, 'Message': 'The email or password you entered is incorrect.'}
INFO:root:Account ID: None
DEBUG:py17track.profile:Summary response: {'Code': -6, 'Message': "You haven't logged in for a long time, for your account security, please login again."}
INFO:root:Account Summary: {}
DEBUG:py17track.profile:Packages response: {'Code': -6, 'Message': "You haven't logged in for a long time, for your account security, please login again."}
INFO:root:Package Summary: []

bachya · 2018-12-06T18:24:29Z

This is interesting:

"You haven't logged in for a long time, for your account security, please login again."

You've for certain logged into the website (past the CAPTCHA) a few times before trying this?

hamishfagg · 2018-12-06T18:27:04Z

Yep, what I did just now to be sure was log out on the website, then copy-paste my login details from example.py into the login form (at https://user.17track.net/en). The login succeeded, and I just ran example.py again with the same result.

Do you have a 17track account and this is working for you?

EDIT: Just for fun I tried setting my laptop's user agent for aiohttp client. Didn't help.

bachya · 2018-12-07T00:40:05Z

Very strange. Unfortunately, without having access to your username and password, there's not much more I can do to debug. If you would feel comfortable sharing those credentials with me, hit me up on Discord.

bachya · 2018-12-09T04:50:29Z

Hi again – following up on our Discord chat. Thanks for your patience.

Today, I ran example.py and got back all correct data; no errors. Below is what I got (critical data obfuscated):

DEBUG:py17track.profile:Login response: {'Json': {'FUserRole': 4, 'FNickname': '', 'FEmail': 'email@address.com', 'FLanguage': 'en', 'FCountry': 9999, 'FPhoto': 99999, 'gid': '999999999999999999', 'ms': [{'ml': 0, 'mt': 0}]}, 'Code': 0}
INFO:root:Account ID: 999999999999999999
DEBUG:py17track.profile:Summary response: {'Json': {'utn': {'cnum': '40', 'unum': '0', 'inum': '0', 'anum': 0}, 'eitem': [{'e': 0, 'ec': 0}, {'e': 10, 'ec': 0}, {'e': 20, 'ec': 0}, {'e': 30, 'ec': 0}, {'e': 35, 'ec': 0}, {'e': 40, 'ec': 0}, {'e': 50, 'ec': 0}]}, 'Code': 0}
INFO:root:Account Summary: {'Not Found': 0, 'In Transit': 0, 'Expired': 0, 'Ready to be Picked Up': 0, 'Undelivered': 0, 'Delivered': 0, 'Returned': 0}
DEBUG:py17track.profile:Packages response: {'pageInfo': {'Page': 0, 'PerPage': 0, 'TotalCount': 0}, 'Json': [], 'Code': 0}
INFO:root:Package Summary: []

...which seems consistent with your account (i.e., no packages were there).

If you run example.py again (per the above instructions, do you get a similar result?

hamishfagg · 2018-12-09T08:27:34Z

Hahahahaha. Ok that did work for me, and that triggered a hilarious/infuriating chain of events.

Since the password I gave you worked, I decided to change the password back to the original one I sent. I happened to read their password requirements:

The password must contain at least 6 characters; it can't be longer than 16 characters.(Only numbers, letters and half-width symbols besides the space are supported)

My original password was 20 characters. So the website would accept it, but the API wouldn't. Aaaand - you guessed it - if I delete 4 characters off my password in example.py, suddenly everything works. Yes, I was able to set my 20 char password again right below that message about the 16 char limit.

I'm now a little concerned since either:

17track is storing 2 different hashes for my password - one for the site and one for the API
the password is stored in plain text and the API is truncating it before comparing to the sent password.

I think we can close this now but we should probably update the docs to really stress that longer passwords won't work. Thanks again for all your help.

bachya · 2018-12-10T16:54:14Z

WOW... That's a new one. 😆 Thanks for helping. I'll get a doc PR opened up.

cgarwood added the platform: sensor.seventeentrack label Dec 5, 2018

bachya self-assigned this Dec 6, 2018

bachya closed this as completed Dec 10, 2018

This was referenced Dec 10, 2018

17track updates home-assistant/home-assistant.io#7793

Closed

Add password caveat to 17track.net docs home-assistant/home-assistant.io#7794

Merged

ghost added integration: seventeentrack and removed platform: sensor.seventeentrack labels Mar 21, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Seventeentrack "Invalid username and password provided" #19020

Seventeentrack "Invalid username and password provided" #19020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Seventeentrack "Invalid username and password provided" #19020

Seventeentrack "Invalid username and password provided" #19020

Comments

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!