mirror of
https://github.com/wled/WLED.git
synced 2025-07-11 04:46:31 +00:00
Merge pull request #4307 from blazoncek/compile-pin
Compile time lock PIN definition
This commit is contained in:
commit
b908384ba2
@ -217,6 +217,10 @@ using PSRAMDynamicJsonDocument = BasicJsonDocument<PSRAM_Allocator>;
|
|||||||
#define WLED_AP_PASS DEFAULT_AP_PASS
|
#define WLED_AP_PASS DEFAULT_AP_PASS
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef WLED_PIN
|
||||||
|
#define WLED_PIN ""
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef SPIFFS_EDITOR_AIRCOOOKIE
|
#ifndef SPIFFS_EDITOR_AIRCOOOKIE
|
||||||
#error You are not using the Aircoookie fork of the ESPAsyncWebserver library.\
|
#error You are not using the Aircoookie fork of the ESPAsyncWebserver library.\
|
||||||
Using upstream puts your WiFi password at risk of being served by the filesystem.\
|
Using upstream puts your WiFi password at risk of being served by the filesystem.\
|
||||||
@ -277,7 +281,11 @@ WLED_GLOBAL char releaseString[] _INIT(WLED_RELEASE_NAME); // must include the q
|
|||||||
|
|
||||||
// AP and OTA default passwords (for maximum security change them!)
|
// AP and OTA default passwords (for maximum security change them!)
|
||||||
WLED_GLOBAL char apPass[65] _INIT(WLED_AP_PASS);
|
WLED_GLOBAL char apPass[65] _INIT(WLED_AP_PASS);
|
||||||
|
#ifdef WLED_OTA_PASS
|
||||||
|
WLED_GLOBAL char otaPass[33] _INIT(WLED_OTA_PASS);
|
||||||
|
#else
|
||||||
WLED_GLOBAL char otaPass[33] _INIT(DEFAULT_OTA_PASS);
|
WLED_GLOBAL char otaPass[33] _INIT(DEFAULT_OTA_PASS);
|
||||||
|
#endif
|
||||||
|
|
||||||
// Hardware and pin config
|
// Hardware and pin config
|
||||||
#ifndef BTNPIN
|
#ifndef BTNPIN
|
||||||
@ -570,11 +578,15 @@ WLED_GLOBAL byte macroLongPress[WLED_MAX_BUTTONS] _INIT({0});
|
|||||||
WLED_GLOBAL byte macroDoublePress[WLED_MAX_BUTTONS] _INIT({0});
|
WLED_GLOBAL byte macroDoublePress[WLED_MAX_BUTTONS] _INIT({0});
|
||||||
|
|
||||||
// Security CONFIG
|
// Security CONFIG
|
||||||
|
#ifdef WLED_OTA_PASS
|
||||||
|
WLED_GLOBAL bool otaLock _INIT(true); // prevents OTA firmware updates without password. ALWAYS enable if system exposed to any public networks
|
||||||
|
#else
|
||||||
WLED_GLOBAL bool otaLock _INIT(false); // prevents OTA firmware updates without password. ALWAYS enable if system exposed to any public networks
|
WLED_GLOBAL bool otaLock _INIT(false); // prevents OTA firmware updates without password. ALWAYS enable if system exposed to any public networks
|
||||||
|
#endif
|
||||||
WLED_GLOBAL bool wifiLock _INIT(false); // prevents access to WiFi settings when OTA lock is enabled
|
WLED_GLOBAL bool wifiLock _INIT(false); // prevents access to WiFi settings when OTA lock is enabled
|
||||||
WLED_GLOBAL bool aOtaEnabled _INIT(true); // ArduinoOTA allows easy updates directly from the IDE. Careful, it does not auto-disable when OTA lock is on
|
WLED_GLOBAL bool aOtaEnabled _INIT(true); // ArduinoOTA allows easy updates directly from the IDE. Careful, it does not auto-disable when OTA lock is on
|
||||||
WLED_GLOBAL char settingsPIN[5] _INIT(""); // PIN for settings pages
|
WLED_GLOBAL char settingsPIN[5] _INIT(WLED_PIN); // PIN for settings pages
|
||||||
WLED_GLOBAL bool correctPIN _INIT(true);
|
WLED_GLOBAL bool correctPIN _INIT(!strlen(settingsPIN));
|
||||||
WLED_GLOBAL unsigned long lastEditTime _INIT(0);
|
WLED_GLOBAL unsigned long lastEditTime _INIT(0);
|
||||||
|
|
||||||
WLED_GLOBAL uint16_t userVar0 _INIT(0), userVar1 _INIT(0); //available for use in usermod
|
WLED_GLOBAL uint16_t userVar0 _INIT(0), userVar1 _INIT(0); //available for use in usermod
|
||||||
|
@ -567,13 +567,14 @@ void serveSettings(AsyncWebServerRequest* request, bool post) {
|
|||||||
//else if (url.indexOf("/edit") >= 0) subPage = 10;
|
//else if (url.indexOf("/edit") >= 0) subPage = 10;
|
||||||
else subPage = SUBPAGE_WELCOME;
|
else subPage = SUBPAGE_WELCOME;
|
||||||
|
|
||||||
if (!correctPIN && strlen(settingsPIN) > 0 && (subPage > 0 && subPage < 11)) {
|
bool pinRequired = !correctPIN && strlen(settingsPIN) > 0 && (subPage > (WLED_WIFI_CONFIGURED ? SUBPAGE_MENU : SUBPAGE_WIFI) && subPage < SUBPAGE_LOCK);
|
||||||
|
if (pinRequired) {
|
||||||
originalSubPage = subPage;
|
originalSubPage = subPage;
|
||||||
subPage = SUBPAGE_PINREQ; // require PIN
|
subPage = SUBPAGE_PINREQ; // require PIN
|
||||||
}
|
}
|
||||||
|
|
||||||
// if OTA locked or too frequent PIN entry requests fail hard
|
// if OTA locked or too frequent PIN entry requests fail hard
|
||||||
if ((subPage == SUBPAGE_WIFI && wifiLock && otaLock) || (post && !correctPIN && millis()-lastEditTime < PIN_RETRY_COOLDOWN))
|
if ((subPage == SUBPAGE_WIFI && wifiLock && otaLock) || (post && pinRequired && millis()-lastEditTime < PIN_RETRY_COOLDOWN))
|
||||||
{
|
{
|
||||||
serveMessage(request, 401, FPSTR(s_accessdenied), FPSTR(s_unlock_ota), 254); return;
|
serveMessage(request, 401, FPSTR(s_accessdenied), FPSTR(s_unlock_ota), 254); return;
|
||||||
}
|
}
|
||||||
@ -609,7 +610,7 @@ void serveSettings(AsyncWebServerRequest* request, bool post) {
|
|||||||
if (!s2[0]) strcpy_P(s2, s_redirecting);
|
if (!s2[0]) strcpy_P(s2, s_redirecting);
|
||||||
|
|
||||||
bool redirectAfter9s = (subPage == SUBPAGE_WIFI || ((subPage == SUBPAGE_SEC || subPage == SUBPAGE_UM) && doReboot));
|
bool redirectAfter9s = (subPage == SUBPAGE_WIFI || ((subPage == SUBPAGE_SEC || subPage == SUBPAGE_UM) && doReboot));
|
||||||
serveMessage(request, (correctPIN ? 200 : 401), s, s2, redirectAfter9s ? 129 : (correctPIN ? 1 : 3));
|
serveMessage(request, (!pinRequired ? 200 : 401), s, s2, redirectAfter9s ? 129 : (!pinRequired ? 1 : 3));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user