9a896a7ab1
* Asyncwebserver * Squashed commit of the following: commit 575ef02f593918ec6654c87407a4d11fc17071b8 Author: technyon <j.o.schuemann@gmx.de> Date: Mon Aug 12 17:56:11 2024 +0200 merge master commit 35e5adf4ecd80f9829e8801181f35dd2c1d94759 Merge: a2cc7be221adca01Author: technyon <j.o.schuemann@gmx.de> Date: Mon Aug 12 17:41:04 2024 +0200 Merge branch 'master' of github.com:technyon/nuki_hub into DM9051 commit a2cc7be2954cbd8767ab8186296c0b14134d1d0b Author: technyon <j.o.schuemann@gmx.de> Date: Mon Aug 12 10:51:50 2024 +0200 update nuki ble commit 20c809f3dca28b29b219d1ff3a183f1981316de5 Author: technyon <j.o.schuemann@gmx.de> Date: Mon Aug 12 10:44:46 2024 +0200 backup commit dd41c218efb5270f5efeb734e64dff695920db16 Merge: 153000b5e84b944aAuthor: technyon <j.o.schuemann@gmx.de> Date: Mon Aug 12 10:40:03 2024 +0200 Merge branch 'master' of github.com:technyon/nuki_hub into DM9051 commit 153000b5b1af7df1fbeb5263df94eb26f689cc0a Author: technyon <j.o.schuemann@gmx.de> Date: Mon Aug 12 10:23:07 2024 +0200 fix linker error commit a93bbfbfc4301e46ff3696a763dd13c6c89efefb Author: technyon <j.o.schuemann@gmx.de> Date: Sun Aug 11 11:27:07 2024 +0200 backup commit f611c75ce8c35f829bcad6cf7e86188f4b3ec331 Merge: f1964917063fbab6Author: technyon <j.o.schuemann@gmx.de> Date: Sun Aug 11 11:24:47 2024 +0200 merge master commit f1964917b4dade3920f1ecdb699c58630199e6da Author: technyon <j.o.schuemann@gmx.de> Date: Sat Aug 10 15:17:45 2024 +0200 update platformio.ini commit f448e5e8a7e93be38e09e2ab0b622199a3721af6 Author: technyon <j.o.schuemann@gmx.de> Date: Sat Aug 10 11:28:09 2024 +0200 add SPIClass instance for DM9051 commit 1f190e9aa08033535a2eb442a92e6e20409bbda1 Author: technyon <j.o.schuemann@gmx.de> Date: Sat Aug 10 11:22:26 2024 +0200 add definitions and constructor for DM9051 commit 726b3602ae91594ee1210ad5b6714f75cc5e42a7 Merge: 50a2eb134af90cbcAuthor: technyon <j.o.schuemann@gmx.de> Date: Sat Aug 10 10:19:34 2024 +0200 merge master commit 50a2eb136d75d90921f1c6974f18bc107bddc123 Author: technyon <j.o.schuemann@gmx.de> Date: Fri Aug 9 11:52:09 2024 +0200 add comment commit 9437e485cae169efdf8e5a7bf188a1c7e792d1e5 Author: technyon <j.o.schuemann@gmx.de> Date: Sun Aug 4 08:29:21 2024 +0200 move LAN8720 definitions to seperate file * Remove Core 2 Ethernet library * Custom Ethernet * GPIO and Preferences * H2
250 lines
7.1 KiB
C++
250 lines
7.1 KiB
C++
/*
|
|
Asynchronous WebServer library for Espressif MCUs
|
|
|
|
Copyright (c) 2016 Hristo Gochkov. All rights reserved.
|
|
This file is part of the esp8266 core for Arduino environment.
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with this library; if not, write to the Free Software
|
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
#include "WebAuthentication.h"
|
|
#include <libb64/cencode.h>
|
|
#if defined(ESP32) || defined(TARGET_RP2040)
|
|
#include <MD5Builder.h>
|
|
#else
|
|
#include "md5.h"
|
|
#endif
|
|
#include "literals.h"
|
|
|
|
using namespace asyncsrv;
|
|
|
|
// Basic Auth hash = base64("username:password")
|
|
|
|
bool checkBasicAuthentication(const char* hash, const char* username, const char* password) {
|
|
if (username == NULL || password == NULL || hash == NULL)
|
|
return false;
|
|
|
|
size_t toencodeLen = strlen(username) + strlen(password) + 1;
|
|
size_t encodedLen = base64_encode_expected_len(toencodeLen);
|
|
if (strlen(hash) != encodedLen)
|
|
// Fix from https://github.com/me-no-dev/ESPAsyncWebServer/issues/667
|
|
#ifdef ARDUINO_ARCH_ESP32
|
|
if (strlen(hash) != encodedLen)
|
|
#else
|
|
if (strlen(hash) != encodedLen - 1)
|
|
#endif
|
|
return false;
|
|
|
|
char* toencode = new char[toencodeLen + 1];
|
|
if (toencode == NULL) {
|
|
return false;
|
|
}
|
|
char* encoded = new char[base64_encode_expected_len(toencodeLen) + 1];
|
|
if (encoded == NULL) {
|
|
delete[] toencode;
|
|
return false;
|
|
}
|
|
sprintf_P(toencode, PSTR("%s:%s"), username, password);
|
|
if (base64_encode_chars(toencode, toencodeLen, encoded) > 0 && memcmp(hash, encoded, encodedLen) == 0) {
|
|
delete[] toencode;
|
|
delete[] encoded;
|
|
return true;
|
|
}
|
|
delete[] toencode;
|
|
delete[] encoded;
|
|
return false;
|
|
}
|
|
|
|
static bool getMD5(uint8_t* data, uint16_t len, char* output) { // 33 bytes or more
|
|
#if defined(ESP32) || defined(TARGET_RP2040)
|
|
MD5Builder md5;
|
|
md5.begin();
|
|
md5.add(data, len);
|
|
md5.calculate();
|
|
md5.getChars(output);
|
|
#else
|
|
md5_context_t _ctx;
|
|
|
|
uint8_t* _buf = (uint8_t*)malloc(16);
|
|
if (_buf == NULL)
|
|
return false;
|
|
memset(_buf, 0x00, 16);
|
|
|
|
MD5Init(&_ctx);
|
|
MD5Update(&_ctx, data, len);
|
|
MD5Final(_buf, &_ctx);
|
|
|
|
for (uint8_t i = 0; i < 16; i++) {
|
|
sprintf_P(output + (i * 2), PSTR("%02x"), _buf[i]);
|
|
}
|
|
|
|
free(_buf);
|
|
#endif
|
|
return true;
|
|
}
|
|
|
|
static String genRandomMD5() {
|
|
#ifdef ESP8266
|
|
uint32_t r = RANDOM_REG32;
|
|
#else
|
|
uint32_t r = rand();
|
|
#endif
|
|
char* out = (char*)malloc(33);
|
|
if (out == NULL || !getMD5((uint8_t*)(&r), 4, out))
|
|
return emptyString;
|
|
String res = String(out);
|
|
free(out);
|
|
return res;
|
|
}
|
|
|
|
static String stringMD5(const String& in) {
|
|
char* out = (char*)malloc(33);
|
|
if (out == NULL || !getMD5((uint8_t*)(in.c_str()), in.length(), out))
|
|
return emptyString;
|
|
String res = String(out);
|
|
free(out);
|
|
return res;
|
|
}
|
|
|
|
String generateDigestHash(const char* username, const char* password, const char* realm) {
|
|
if (username == NULL || password == NULL || realm == NULL) {
|
|
return emptyString;
|
|
}
|
|
char* out = (char*)malloc(33);
|
|
String res = String(username);
|
|
res += ':';
|
|
res.concat(realm);
|
|
res += ':';
|
|
String in = res;
|
|
in.concat(password);
|
|
if (out == NULL || !getMD5((uint8_t*)(in.c_str()), in.length(), out))
|
|
return emptyString;
|
|
res.concat(out);
|
|
free(out);
|
|
return res;
|
|
}
|
|
|
|
String requestDigestAuthentication(const char* realm) {
|
|
String header(T_realm__);
|
|
if (realm == NULL)
|
|
header.concat(T_asyncesp);
|
|
else
|
|
header.concat(realm);
|
|
header.concat(T_auth_nonce);
|
|
header.concat(genRandomMD5());
|
|
header.concat(T__opaque);
|
|
header.concat(genRandomMD5());
|
|
header += (char)0x22; // '"'
|
|
return header;
|
|
}
|
|
|
|
#ifndef ESP8266
|
|
bool checkDigestAuthentication(const char* header, const char* method, const char* username, const char* password, const char* realm, bool passwordIsHash, const char* nonce, const char* opaque, const char* uri)
|
|
#else
|
|
bool checkDigestAuthentication(const char* header, const __FlashStringHelper* method, const char* username, const char* password, const char* realm, bool passwordIsHash, const char* nonce, const char* opaque, const char* uri)
|
|
#endif
|
|
{
|
|
if (username == NULL || password == NULL || header == NULL || method == NULL) {
|
|
// os_printf("AUTH FAIL: missing requred fields\n");
|
|
return false;
|
|
}
|
|
|
|
String myHeader(header);
|
|
int nextBreak = myHeader.indexOf(',');
|
|
if (nextBreak < 0) {
|
|
// os_printf("AUTH FAIL: no variables\n");
|
|
return false;
|
|
}
|
|
|
|
String myUsername;
|
|
String myRealm;
|
|
String myNonce;
|
|
String myUri;
|
|
String myResponse;
|
|
String myQop;
|
|
String myNc;
|
|
String myCnonce;
|
|
|
|
myHeader += (char)0x2c; // ','
|
|
myHeader += (char)0x20; // ' '
|
|
do {
|
|
String avLine(myHeader.substring(0, nextBreak));
|
|
avLine.trim();
|
|
myHeader = myHeader.substring(nextBreak + 1);
|
|
nextBreak = myHeader.indexOf(',');
|
|
|
|
int eqSign = avLine.indexOf('=');
|
|
if (eqSign < 0) {
|
|
// os_printf("AUTH FAIL: no = sign\n");
|
|
return false;
|
|
}
|
|
String varName(avLine.substring(0, eqSign));
|
|
avLine = avLine.substring(eqSign + 1);
|
|
if (avLine.startsWith(String('"'))) {
|
|
avLine = avLine.substring(1, avLine.length() - 1);
|
|
}
|
|
|
|
if (varName.equals(T_username)) {
|
|
if (!avLine.equals(username)) {
|
|
// os_printf("AUTH FAIL: username\n");
|
|
return false;
|
|
}
|
|
myUsername = avLine;
|
|
} else if (varName.equals(T_realm)) {
|
|
if (realm != NULL && !avLine.equals(realm)) {
|
|
// os_printf("AUTH FAIL: realm\n");
|
|
return false;
|
|
}
|
|
myRealm = avLine;
|
|
} else if (varName.equals(T_nonce)) {
|
|
if (nonce != NULL && !avLine.equals(nonce)) {
|
|
// os_printf("AUTH FAIL: nonce\n");
|
|
return false;
|
|
}
|
|
myNonce = avLine;
|
|
} else if (varName.equals(T_opaque)) {
|
|
if (opaque != NULL && !avLine.equals(opaque)) {
|
|
// os_printf("AUTH FAIL: opaque\n");
|
|
return false;
|
|
}
|
|
} else if (varName.equals(T_uri)) {
|
|
if (uri != NULL && !avLine.equals(uri)) {
|
|
// os_printf("AUTH FAIL: uri\n");
|
|
return false;
|
|
}
|
|
myUri = avLine;
|
|
} else if (varName.equals(T_response)) {
|
|
myResponse = avLine;
|
|
} else if (varName.equals(T_qop)) {
|
|
myQop = avLine;
|
|
} else if (varName.equals(T_nc)) {
|
|
myNc = avLine;
|
|
} else if (varName.equals(T_cnonce)) {
|
|
myCnonce = avLine;
|
|
}
|
|
} while (nextBreak > 0);
|
|
|
|
String ha1 = (passwordIsHash) ? String(password) : stringMD5(myUsername + ':' + myRealm + ':' + password);
|
|
String ha2 = String(method) + ':' + myUri;
|
|
String response = ha1 + ':' + myNonce + ':' + myNc + ':' + myCnonce + ':' + myQop + ':' + stringMD5(ha2);
|
|
|
|
if (myResponse.equals(stringMD5(response))) {
|
|
// os_printf("AUTH SUCCESS\n");
|
|
return true;
|
|
}
|
|
|
|
// os_printf("AUTH FAIL: password\n");
|
|
return false;
|
|
}
|