ESP3D  3.0
Firmware for ESP boards connected to 3D Printer
handle-login.cpp
Go to the documentation of this file.
1 /*
2  handle-login.cpp - ESP3D http handle
3 
4  Copyright (c) 2014 Luc Lebosse. All rights reserved.
5 
6  This library is free software; you can redistribute it and/or
7  modify it under the terms of the GNU Lesser General Public
8  License as published by the Free Software Foundation; either
9  version 2.1 of the License, or (at your option) any later version.
10 
11  This library is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  Lesser General Public License for more details.
15 
16  You should have received a copy of the GNU Lesser General Public
17  License along with this library; if not, write to the Free Software
18  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20 #include "../../../include/esp3d_config.h"
21 #if defined (HTTP_FEATURE)
22 #include "../http_server.h"
23 #if defined (ARDUINO_ARCH_ESP32)
24 #include <WebServer.h>
25 #endif //ARDUINO_ARCH_ESP32
26 #if defined (ARDUINO_ARCH_ESP8266)
27 #include <ESP8266WebServer.h>
28 #endif //ARDUINO_ARCH_ESP8266
29 #include "../../authentication/authentication_service.h"
30 #include "../../../core/esp3doutput.h"
31 #include "../../../core/settings_esp3d.h"
32 
33 //login status check
34 void HTTP_Server::handle_login()
35 {
36 #ifdef AUTHENTICATION_FEATURE
37  int code = 401;
38  String status = "Wrong authentication!";
39  //Disconnect can be done anytime no need to check credential
40  if (_webserver->hasArg("DISCONNECT")) {
41  AuthenticationService::ClearCurrentSession();
42  _webserver->sendHeader("Set-Cookie","ESPSESSIONID=0");
43  _webserver->sendHeader("Cache-Control","no-cache");
44  _webserver->send(200, "application/json", "{\"status\":\"ok\",\"authentication_lvl\":\"guest\"}");
45  return;
46  }
47  level_authenticate_type auth_level = AuthenticationService::authenticated_level();
48  //check is it is a submission or a query
49  if (_webserver->hasArg("SUBMIT")) {
50  //is there a correct list of query?
51  if (_webserver->hasArg("PASSWORD") && _webserver->hasArg("USER")) {
52  //User
53  String sUser = _webserver->arg("USER");
54  //Password
55  String sPassword = _webserver->arg("PASSWORD");
56  if((((sUser == DEFAULT_ADMIN_LOGIN) && (AuthenticationService::isadmin(sPassword.c_str()))) ||
57  ((sUser == DEFAULT_USER_LOGIN) && (AuthenticationService::isuser(sPassword.c_str()))))) {
58  //check if it is to change password or login
59  if (_webserver->hasArg("NEWPASSWORD")) {
60  String newpassword = _webserver->arg("NEWPASSWORD");
61  //check new password
62  if (Settings_ESP3D::isLocalPasswordValid(newpassword.c_str())) {
63  if (!Settings_ESP3D::write_string (ESP_ADMIN_PWD, newpassword.c_str())) {
64  code = 500;
65  status = "Set failed!";
66  } else {
67  code = 200;
68  status = "ok";
69  }
70  } else {
71  code = 500;
72  status = "Incorrect password!";
73  }
74  } else { //do authentication
75  //allow to change session timeout when login
76  if (_webserver->hasArg("TIMEOUT")) {
77  String timeout = _webserver->arg("TIMEOUT");
78  AuthenticationService::setSessionTimeout(timeout.toInt());
79  }
80  //it is a change or same level
81  if (((auth_level == LEVEL_USER) && (sUser == DEFAULT_USER_LOGIN)) ||
82  ((auth_level == LEVEL_ADMIN)&& (sUser == DEFAULT_ADMIN_LOGIN))) {
83  code = 200;
84  status = "ok";
85  } else { //new authentication
86  String session = AuthenticationService::create_session_ID();
87  if (AuthenticationService::CreateSession((sUser == DEFAULT_ADMIN_LOGIN)?LEVEL_ADMIN:LEVEL_USER,sUser.c_str(), session.c_str())) {
88  AuthenticationService::ClearCurrentSession();
89  code = 200;
90  status = "ok";
91  String tmps ="ESPSESSIONID=";
92  tmps+=session;
93  _webserver->sendHeader("Set-Cookie",tmps);
94  }
95  }
96  }
97  }
98  }
99  }//SUBMIT
100  _webserver->sendHeader("Cache-Control","no-cache");
101  String smsg = "{\"status\":\"";
102  smsg+=status;
103  smsg+="\",\"authentication_lvl\":\"";
104  if (auth_level == LEVEL_USER) {
105  smsg += "user";
106  } else if (auth_level == LEVEL_ADMIN) {
107  smsg += "admin";
108  } else {
109  smsg += "guest";
110  }
111  smsg += "\"}";
112  _webserver->send(code, "application/json", smsg);
113 #else // No AUTHENTICATION_FEATURE
114  _webserver->sendHeader("Cache-Control","no-cache");
115  _webserver->send(200, "application/json", "{\"status\":\"ok\",\"authentication_lvl\":\"admin\"}");
116 #endif //AUTHENTICATION_FEATURE
117 }
118 
119 #endif //HTTP_FEATURE
Settings_ESP3D::isLocalPasswordValid
static bool isLocalPasswordValid(const char *password)
Definition: settings_esp3d.cpp:1236
AuthenticationService::authenticated_level
static level_authenticate_type authenticated_level(const char *pwd=nullptr)
Definition: authentication_service.cpp:61
DEFAULT_USER_LOGIN
const char DEFAULT_USER_LOGIN[]
Definition: authentication_service.h:32
level_authenticate_type
level_authenticate_type
Definition: authentication_service.h:25
DEFAULT_ADMIN_LOGIN
const char DEFAULT_ADMIN_LOGIN[]
Definition: authentication_service.h:31
Settings_ESP3D::write_string
static bool write_string(int pos, const char *byte_buffer)
Definition: settings_esp3d.cpp:870
LEVEL_ADMIN
@ LEVEL_ADMIN
Definition: authentication_service.h:28
ESP_ADMIN_PWD
#define ESP_ADMIN_PWD
Definition: settings_esp3d.h:58
LEVEL_USER
@ LEVEL_USER
Definition: authentication_service.h:27