From ff9ca1c77903481e8675baef950c0589a3f8629d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xose=20P=C3=A9rez?= Date: Sat, 6 Jan 2018 23:09:06 +0100 Subject: [PATCH] Build option to disable password check (USE_PASSWORD). Password check is enabled by default. Use at your own risk (#373) --- code/espurna/config/general.h | 3 ++- code/espurna/ota.ino | 4 +++- code/espurna/web.ino | 12 ++++++++---- code/espurna/wifi.ino | 6 +++++- code/espurna/ws.ino | 6 ++++-- 5 files changed, 22 insertions(+), 9 deletions(-) diff --git a/code/espurna/config/general.h b/code/espurna/config/general.h index 113c97af..74e9c0d6 100644 --- a/code/espurna/config/general.h +++ b/code/espurna/config/general.h @@ -7,8 +7,9 @@ // GENERAL //------------------------------------------------------------------------------ +#define DEVICE_NAME MANUFACTURER "_" DEVICE // Concatenate both to get a unique device name #define ADMIN_PASS "fibonacci" // Default password (WEB, OTA, WIFI) -#define DEVICE_NAME MANUFACTURER "_" DEVICE // Concatenate both to get a unique device name +#define USE_PASSWORD 1 // Insecurity caution! Disabling this will disable password querying completely. #define LOOP_DELAY_TIME 10 // Delay for this millis in the main loop [0-250] #define ARRAYINIT(type, name, ...) \ diff --git a/code/espurna/ota.ino b/code/espurna/ota.ino index 457fd576..5e514b49 100644 --- a/code/espurna/ota.ino +++ b/code/espurna/ota.ino @@ -15,7 +15,9 @@ Copyright (C) 2016-2017 by Xose PĂ©rez void _otaConfigure() { ArduinoOTA.setPort(OTA_PORT); ArduinoOTA.setHostname(getSetting("hostname").c_str()); - ArduinoOTA.setPassword(getSetting("adminPass", ADMIN_PASS).c_str()); + #if USE_PASSWORD + ArduinoOTA.setPassword(getSetting("adminPass", ADMIN_PASS).c_str()); + #endif } // ----------------------------------------------------------------------------- diff --git a/code/espurna/web.ino b/code/espurna/web.ino index 43de5ea3..c39b9273 100644 --- a/code/espurna/web.ino +++ b/code/espurna/web.ino @@ -267,10 +267,14 @@ void _onUpgradeData(AsyncWebServerRequest *request, String filename, size_t inde // ----------------------------------------------------------------------------- bool _authenticate(AsyncWebServerRequest *request) { - String password = getSetting("adminPass", ADMIN_PASS); - char httpPassword[password.length() + 1]; - password.toCharArray(httpPassword, password.length() + 1); - return request->authenticate(WEB_USERNAME, httpPassword); + #if USE_PASSWORD + String password = getSetting("adminPass", ADMIN_PASS); + char httpPassword[password.length() + 1]; + password.toCharArray(httpPassword, password.length() + 1); + return request->authenticate(WEB_USERNAME, httpPassword); + #else + return true; + #endif } // ----------------------------------------------------------------------------- diff --git a/code/espurna/wifi.ino b/code/espurna/wifi.ino index 81a45442..bf0bed17 100644 --- a/code/espurna/wifi.ino +++ b/code/espurna/wifi.ino @@ -73,7 +73,11 @@ void wifiReconnectCheck() { void wifiConfigure() { jw.setHostname(getSetting("hostname").c_str()); - jw.setSoftAP(getSetting("hostname").c_str(), getSetting("adminPass", ADMIN_PASS).c_str()); + #if USE_PASSWORD + jw.setSoftAP(getSetting("hostname").c_str(), getSetting("adminPass", ADMIN_PASS).c_str()); + #else + jw.setSoftAP(getSetting("hostname").c_str()); + #endif jw.setConnectTimeout(WIFI_CONNECT_TIMEOUT); wifiReconnectCheck(); jw.setAPMode(WIFI_AP_MODE); diff --git a/code/espurna/ws.ino b/code/espurna/ws.ino index 117947e0..a935c0d9 100644 --- a/code/espurna/ws.ino +++ b/code/espurna/ws.ino @@ -205,7 +205,7 @@ void _wsParse(AsyncWebSocketClient *client, uint8_t * payload, size_t length) { void _wsOnStart(JsonObject& root) { - #if WEB_FORCE_PASS_CHANGE + #if USE_PASSWORD && WEB_FORCE_PASS_CHANGE String adminPass = getSetting("adminPass", ADMIN_PASS); bool changePassword = adminPass.equals(ADMIN_PASS); #else @@ -350,7 +350,9 @@ void wsSend_P(uint32_t client_id, PGM_P payload) { } void wsConfigure() { - _ws.setAuthentication(WEB_USERNAME, (const char *) getSetting("adminPass", ADMIN_PASS).c_str()); + #if USE_PASSWORD + _ws.setAuthentication(WEB_USERNAME, (const char *) getSetting("adminPass", ADMIN_PASS).c_str()); + #endif } void wsSetup() {