Part of the password is exposed in error message: You are about to log in to the site "example.com" with the username "user:partofpassword@", but the website does not require authentication. This may be an attempt to trick you. Is "example.com" the site you want to visit? Reproducible: Always Steps to Reproduce: 1. Create some online service with authentication, e.g. you can use owncloud's caldav. 2. Choose a password containing @. E.g. "partofpassword@restofthepassword" 3. If caldav is inaccessible for some reason, kio prints this warning message. Actual Results: Part of the password is exposed Expected Results: Only username is printed. I guess kio looks for the last '@' character in the string "username@password"
Actually, I had calendar account in korganizer and carddav account in kaddressbook, both pointing to owncloud. I hope it helps to reproduce bug.
KIO doesn't purposely show passwords, but the URL sent by the carddav implementation must construct the URL wrongly (e.g. not using QUrl::setPassword, which would correctly encode the '@' in the password). Reassigning to the davgroupware resource.
Hey, Which version are we talking about here? I can't have part of the password displayed when trying to reproduce this (non 401 response code and a password containing a '@'). Cheers, Grégory
This was tested on KDE 4.14.3. Well, since next kde-apps release will contain KF5 versions of kdepim, I can test this bug later, maybe it got fixed...
Nope, I've tested with 4.14.10 (well, what will be this version), not the KF5 version, and I can't reproduce it. Also I nothing has changed since 4.14.3 that may explain the bug, at least in the resource. Per chance, do you remember the status code you got, if you ever saw it? Cheers, Grégory
Unfortunately, I don't remember it now. I'll try to reproduce this again when I have some free time and see if status code is displayed...
Well, no news, assuming good news.
(In reply to Grégory Oestreicher from comment #7) > Well, no news, assuming good news. Ok, I just tested with KDE Application 15.12.1 and it still doesn't work. However, dialog with password is not shown anymore. But Akonadi console says Broken resource and "Malformed URL"
Created attachment 97094 [details] akonadi error message
Do you see anything in your ~/.xsession-errors? If the password is shown redact it but try to keep the rest intact :)
(In reply to Grégory Oestreicher from comment #10) > Do you see anything in your ~/.xsession-errors? If the password is shown > redact it but try to keep the rest intact :) Not really. Can't see anything related. Pasted here: https://paste.kde.org/pncluuopx
Ok, I completely deleted my Akonadi resources and settings and recreated my accounts. Seems that this is no longer a problem now.