jacob.eva/arduino-esp32
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix authrization problem (#3329)

Browse Source 
I compiled the sample "WebServer -> HttpAdvancedAuth". But the right username and password can not login in. I found the file "Webserver.h" may be have some problem. So I fix it. Please check it.
This commit is contained in:
lightzl 2019-10-08 15:34:36 +08:00 committed by Me No Dev
parent 9ef3e2d2a6
commit a35035f827
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libraries/WebServer/src/WebServer.cpp
View File

@ -33,7 +33,7 @@
static const char AUTHORIZATION_HEADER[] = "Authorization"; static const char AUTHORIZATION_HEADER[] = "Authorization";
static const char qop_auth[] = "qop=auth"; static const char qop_auth[] = "qop=\"auth\"";
static const char WWW_Authenticate[] = "WWW-Authenticate"; static const char WWW_Authenticate[] = "WWW-Authenticate";
static const char Content_Length[] = "Content-Length"; static const char Content_Length[] = "Content-Length";
@ -161,17 +161,17 @@ bool WebServer::authenticate(const char * username, const char * password){
} else if(authReq.startsWith(F("Digest"))) { } else if(authReq.startsWith(F("Digest"))) {
authReq = authReq.substring(7); authReq = authReq.substring(7);
log_v("%s", authReq.c_str()); log_v("%s", authReq.c_str());
String _username = _extractParam(authReq,F("username=\"")); String _username = _extractParam(authReq,F("username=\""),'\"');
if(!_username.length() || _username != String(username)) { if(!_username.length() || _username != String(username)) {
authReq = ""; authReq = "";
return false; return false;
} }
// extracting required parameters for RFC 2069 simpler Digest // extracting required parameters for RFC 2069 simpler Digest
String _realm = _extractParam(authReq, F("realm=\"")); String _realm = _extractParam(authReq, F("realm=\""),'\"');
String _nonce = _extractParam(authReq, F("nonce=\"")); String _nonce = _extractParam(authReq, F("nonce=\""),'\"');
String _uri = _extractParam(authReq, F("uri=\"")); String _uri = _extractParam(authReq, F("uri=\""),'\"');
String _response = _extractParam(authReq, F("response=\"")); String _response = _extractParam(authReq, F("response=\""),'\"');
String _opaque = _extractParam(authReq, F("opaque=\"")); String _opaque = _extractParam(authReq, F("opaque=\""),'\"');
if((!_realm.length()) || (!_nonce.length()) || (!_uri.length()) || (!_response.length()) || (!_opaque.length())) { if((!_realm.length()) || (!_nonce.length()) || (!_uri.length()) || (!_response.length()) || (!_opaque.length())) {
authReq = ""; authReq = "";
@ -185,7 +185,7 @@ bool WebServer::authenticate(const char * username, const char * password){
String _nc,_cnonce; String _nc,_cnonce;
if(authReq.indexOf(FPSTR(qop_auth)) != -1) { if(authReq.indexOf(FPSTR(qop_auth)) != -1) {
_nc = _extractParam(authReq, F("nc="), ','); _nc = _extractParam(authReq, F("nc="), ',');
_cnonce = _extractParam(authReq, F("cnonce=\"")); _cnonce = _extractParam(authReq, F("cnonce=\""),'\"');
} }
String _H1 = md5str(String(username) + ':' + _realm + ':' + String(password)); String _H1 = md5str(String(username) + ':' + _realm + ':' + String(password));
log_v("Hash of user:realm:pass=%s", _H1.c_str()); log_v("Hash of user:realm:pass=%s", _H1.c_str());