diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServer.cpp b/libraries/ESP8266WebServer/src/ESP8266WebServer.cpp index bc41a5603b..c277cc287c 100644 --- a/libraries/ESP8266WebServer/src/ESP8266WebServer.cpp +++ b/libraries/ESP8266WebServer/src/ESP8266WebServer.cpp @@ -94,33 +94,51 @@ void ESP8266WebServer::begin() { collectHeaders(0, 0); } -bool ESP8266WebServer::authenticate(const char * username, const char * password){ +char* ESP8266WebServer::getUserPasswordHash(const char * username, const char * password) { + + char toencodeLen = strlen(username)+strlen(password)+1; + char *toencode = new char[toencodeLen + 1]; + if(toencode == NULL){ + return NULL; + } + char *encoded = new char[base64_encode_expected_len(toencodeLen)+1]; + if(encoded == NULL){ + delete[] toencode; + return NULL; + } + + sprintf(toencode, "%s:%s", username, password); + + if (base64_encode_chars(toencode, toencodeLen, encoded) > 0) { + + delete[] toencode; + return encoded; + } + + delete[] toencode; + return NULL; +} + +bool ESP8266WebServer::authenticate(const char * username, const char * password, const char * hashUNP) { if(hasHeader(AUTHORIZATION_HEADER)){ String authReq = header(AUTHORIZATION_HEADER); if(authReq.startsWith("Basic")){ authReq = authReq.substring(6); authReq.trim(); - char toencodeLen = strlen(username)+strlen(password)+1; - char *toencode = new char[toencodeLen + 1]; - if(toencode == NULL){ + + const char *encoded = (hashUNP == NULL) ? getUserPasswordHash(username, password) : hashUNP; + + if(encoded != NULL && authReq.equals(encoded)){ authReq = String(); - return false; - } - char *encoded = new char[base64_encode_expected_len(toencodeLen)+1]; - if(encoded == NULL){ - authReq = String(); - delete[] toencode; - return false; - } - sprintf(toencode, "%s:%s", username, password); - if(base64_encode_chars(toencode, toencodeLen, encoded) > 0 && authReq.equals(encoded)){ - authReq = String(); - delete[] toencode; - delete[] encoded; + if (hashUNP == NULL) { + delete[] encoded; + } return true; } - delete[] toencode; - delete[] encoded; + + if (hashUNP == NULL) { + delete[] encoded; + } } authReq = String(); } diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServer.h b/libraries/ESP8266WebServer/src/ESP8266WebServer.h index ab22fe659e..a5214ce5aa 100644 --- a/libraries/ESP8266WebServer/src/ESP8266WebServer.h +++ b/libraries/ESP8266WebServer/src/ESP8266WebServer.h @@ -66,6 +66,9 @@ class FS; class ESP8266WebServer { +private: + bool authenticate(const char * username, const char * password, const char * hashUNP); + public: ESP8266WebServer(IPAddress addr, int port = 80); ESP8266WebServer(int port = 80); @@ -77,7 +80,18 @@ class ESP8266WebServer void close(); void stop(); - bool authenticate(const char * username, const char * password); + + bool authenticate(const char * username, const char * password) + { + return authenticate(username, password, NULL); + } + + bool authenticate(const char * hashUNP) + { + return authenticate(NULL, NULL, hashUNP); + } + + char* getUserPasswordHash(const char * username, const char * password); void requestAuthentication(); typedef std::function THandlerFunction;