Authentication not working

[dc42]

The authentication code never lets my browser session connect to the server. Wireshark shows that it is setting the correct password (reprap) but the server always returns err 1 and WRONG PASSWORD.

Workaround: change the "return false" at the end of function isLoggedIn() to "return true", thereby disabling authentication.

Some issues (possibly related) that I have spotted in the code:

1. Function logIn() doesn't check whether the IP address is already in the table, but always tries to append it. So I think the table will fill up rapidly if the same IP address tries to connect more than once without logging out in between.
2. In function logOut(), when it deletes an entry in the table by copying the following table entries down, I think it copies them in the wrong order. If there is more than one entry after the one being deleted, the effect will be to replicate the last entry.

[toxuin]

Function logIn() is called once you try to sign in the web interface, your password is right and your ip is not on the session table. These checks are performed in the authentication handler for http server.
Code for copiying the table was taken from RepRapFirmware implementation of webserver...
Did you set your web password when you first booted into WiFi AP mode? (The page where you had to select your house router and set wifi password).
It initially stores the web password in eeprom once you set it on that page. If the eeprom was never set - it is "dirty" and there's no easy way of telling that you have not yet set your password. I tried to init the vairable to the "reprap" value, but apparently it may not work in some conditions.
You can attach a button to ESP8266, set the pin it attached to to BUTTON_PIN and keep it pressed while booting. It will erase the wifi credentials and web password so next time you'll boot it it'l prompt you for new ones.

[dc42]

Thanks, that may explain it. I connected the esp8266 to my wifi while running the program that came preloaded on it, so I never set a web password. I'll check the code for managing the IP table in RepRapFirmware.

On 17 December 2015 20:58:21 GMT+00:00, Tony [email protected] wrote:

Function logIn() is called once you try to sign in the web interface,
your password is right and your ip is not on the session table. These
checks are performed in the authentication handler for http server.
Code for copiying the table was taken from RepRapFirmware
implementation of webserver...
Did you set your web password when you first booted into WiFi AP mode?
(The page where you had to select your house router and set wifi
password).
It initially stores the web password in eeprom once you set it on that
page. If the eeprom was never set - it is "dirty" and there's no easy
way of telling that you have not yet set your password. I tried to init
the vairable to the "reprap" value, but apparently it may not work in
some conditions.
You can attach a button to ESP8266, set the pin it attached to to
BUTTON_PIN and keep it pressed while booting. It will erase the wifi
credentials and web password so next time you'll boot it it'l prompt
you for new ones.

---

Reply to this email directly or view it on GitHub:
#4 (comment)

Sent from my Android phone with K-9 Mail. Please excuse my brevity.