Build option to disable password check (USE_PASSWORD). Password check…

… is enabled by default. Use at your own risk (#373)
xoseperez · Jan 6, 2018 · ff9ca1c · ff9ca1c
1 parent 7f70d6f
commit ff9ca1c
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 9 deletions.
diff --git a/code/espurna/config/general.h b/code/espurna/config/general.h
@@ -7,8 +7,9 @@
 // GENERAL
 //------------------------------------------------------------------------------
 
+#define DEVICE_NAME             MANUFACTURER "_" DEVICE     // Concatenate both to get a unique device name
 #define ADMIN_PASS              "fibonacci" // Default password (WEB, OTA, WIFI)
-#define DEVICE_NAME             MANUFACTURER "_" DEVICE // Concatenate both to get a unique device name
+#define USE_PASSWORD            1           // Insecurity caution! Disabling this will disable password querying completely.
 #define LOOP_DELAY_TIME         10          // Delay for this millis in the main loop [0-250]
 
 #define ARRAYINIT(type, name, ...) \

diff --git a/code/espurna/ota.ino b/code/espurna/ota.ino
@@ -15,7 +15,9 @@ Copyright (C) 2016-2017 by Xose Pérez <xose dot perez at gmail dot com>
 void _otaConfigure() {
     ArduinoOTA.setPort(OTA_PORT);
     ArduinoOTA.setHostname(getSetting("hostname").c_str());
-    ArduinoOTA.setPassword(getSetting("adminPass", ADMIN_PASS).c_str());
+    #if USE_PASSWORD
+        ArduinoOTA.setPassword(getSetting("adminPass", ADMIN_PASS).c_str());
+    #endif
 }
 
 // -----------------------------------------------------------------------------

diff --git a/code/espurna/web.ino b/code/espurna/web.ino
@@ -267,10 +267,14 @@ void _onUpgradeData(AsyncWebServerRequest *request, String filename, size_t inde
 // -----------------------------------------------------------------------------
 
 bool _authenticate(AsyncWebServerRequest *request) {
-    String password = getSetting("adminPass", ADMIN_PASS);
-    char httpPassword[password.length() + 1];
-    password.toCharArray(httpPassword, password.length() + 1);
-    return request->authenticate(WEB_USERNAME, httpPassword);
+    #if USE_PASSWORD
+        String password = getSetting("adminPass", ADMIN_PASS);
+        char httpPassword[password.length() + 1];
+        password.toCharArray(httpPassword, password.length() + 1);
+        return request->authenticate(WEB_USERNAME, httpPassword);
+    #else
+        return true;
+    #endif
 }
 
 // -----------------------------------------------------------------------------

diff --git a/code/espurna/wifi.ino b/code/espurna/wifi.ino
@@ -73,7 +73,11 @@ void wifiReconnectCheck() {
 void wifiConfigure() {
 
     jw.setHostname(getSetting("hostname").c_str());
-    jw.setSoftAP(getSetting("hostname").c_str(), getSetting("adminPass", ADMIN_PASS).c_str());
+    #if USE_PASSWORD
+        jw.setSoftAP(getSetting("hostname").c_str(), getSetting("adminPass", ADMIN_PASS).c_str());
+    #else
+        jw.setSoftAP(getSetting("hostname").c_str());
+    #endif
     jw.setConnectTimeout(WIFI_CONNECT_TIMEOUT);
     wifiReconnectCheck();
     jw.setAPMode(WIFI_AP_MODE);

diff --git a/code/espurna/ws.ino b/code/espurna/ws.ino
@@ -205,7 +205,7 @@ void _wsParse(AsyncWebSocketClient *client, uint8_t * payload, size_t length) {
 
 void _wsOnStart(JsonObject& root) {
 
-    #if WEB_FORCE_PASS_CHANGE
+    #if USE_PASSWORD && WEB_FORCE_PASS_CHANGE
         String adminPass = getSetting("adminPass", ADMIN_PASS);
         bool changePassword = adminPass.equals(ADMIN_PASS);
     #else
@@ -350,7 +350,9 @@ void wsSend_P(uint32_t client_id, PGM_P payload) {
 }
 
 void wsConfigure() {
-    _ws.setAuthentication(WEB_USERNAME, (const char *) getSetting("adminPass", ADMIN_PASS).c_str());
+    #if USE_PASSWORD
+        _ws.setAuthentication(WEB_USERNAME, (const char *) getSetting("adminPass", ADMIN_PASS).c_str());
+    #endif
 }
 
 void wsSetup() {