bool WebServer::authenticate(const char * username, const char * password) { if(_autorization.length()>0) { String authReq = _autorization; if(authReq.startsWith("Basic")){ authReq = authReq.substring(6); authReq.trim(); char toencodeLen = strlen(username)+strlen(password)+1; char *toencode = new char[toencodeLen + 1]; if(toencode == NULL){ return false; } char *encoded = new char[base64_encode_expected_len(toencodeLen)+1]; if(encoded == NULL){ delete[] toencode; return false; } sprintf(toencode, "%s:%s", username, password); if(base64_encode_chars(toencode, toencodeLen, encoded) > 0 && authReq.equals(encoded)){ delete[] toencode; delete[] encoded; return true; } delete[] toencode; delete[] encoded; } } return false; }
bool ESP8266WebServer::authenticate(const char * username, const char * password){ if(hasHeader(AUTHORIZATION_HEADER)){ String authReq = header(AUTHORIZATION_HEADER); if(authReq.startsWith("Basic")){ authReq = authReq.substring(6); authReq.trim(); char toencodeLen = strlen(username)+strlen(password)+1; char *toencode = new char[toencodeLen]; if(toencode == NULL){ authReq = String(); return false; } char *encoded = new char[base64_encode_expected_len(toencodeLen)+1]; if(encoded == NULL){ authReq = String(); delete[] toencode; return false; } sprintf(toencode, "%s:%s", username, password); if(base64_encode_chars(toencode, toencodeLen, encoded) > 0 && authReq.equals(encoded)){ authReq = String(); delete[] toencode; delete[] encoded; return true; } delete[] toencode; delete[] encoded; } authReq = String(); } return false; }
String YubiOTP::base64EncodeString(String input) { int inputSize = input.length() + 1; char cInput[inputSize]; input.toCharArray(cInput, inputSize); int outputSize = base64_encode_expected_len(inputSize); char cOutput[outputSize]; base64_encode_chars(cInput, inputSize, cOutput); return String(cOutput); }
bool ESP8266WebServer::authenticate(const char * username, const char * password){ if(hasHeader(AUTHORIZATION_HEADER)){ String authReq = header(AUTHORIZATION_HEADER); if(authReq.startsWith("Basic")){ authReq = authReq.substring(6); authReq.trim(); char toencodeLen = strlen(username)+strlen(password)+1; char *toencode = new char[toencodeLen + 1]; if(toencode == NULL){ authReq = String(); return false; } char *encoded = new char[base64_encode_expected_len(toencodeLen)+1]; if(encoded == NULL){ authReq = String(); delete[] toencode; return false; } sprintf(toencode, "%s:%s", username, password); if(base64_encode_chars(toencode, toencodeLen, encoded) > 0 && authReq.equalsConstantTime(encoded)) { authReq = String(); delete[] toencode; delete[] encoded; return true; } delete[] toencode; delete[] encoded; }else if(authReq.startsWith("Digest")){ authReq = authReq.substring(7); #ifdef DEBUG_ESP_HTTP_SERVER DEBUG_OUTPUT.println(authReq); #endif String _username = _exractParam(authReq,"username=\""); if((!_username.length())||_username!=String(username)){ authReq = String(); return false; } // extracting required parameters for RFC 2069 simpler Digest String _realm = _exractParam(authReq,"realm=\""); String _nonce = _exractParam(authReq,"nonce=\""); String _uri = _exractParam(authReq,"uri=\""); String _response = _exractParam(authReq,"response=\""); String _opaque = _exractParam(authReq,"opaque=\""); if((!_realm.length())||(!_nonce.length())||(!_uri.length())||(!_response.length())||(!_opaque.length())){ authReq = String(); return false; } if((_opaque!=_sopaque)||(_nonce!=_snonce)||(_realm!=_srealm)){ authReq = String(); return false; } // parameters for the RFC 2617 newer Digest String _nc,_cnonce; if(authReq.indexOf("qop=auth") != -1){ _nc = _exractParam(authReq,"nc=",','); _cnonce = _exractParam(authReq,"cnonce=\""); } MD5Builder md5; md5.begin(); md5.add(String(username)+":"+_realm+":"+String(password)); // md5 of the user:realm:user md5.calculate(); String _H1 = md5.toString(); #ifdef DEBUG_ESP_HTTP_SERVER DEBUG_OUTPUT.println("Hash of user:realm:pass="******"GET:"+_uri); }else if(_currentMethod == HTTP_POST){ md5.add("POST:"+_uri); }else if(_currentMethod == HTTP_PUT){ md5.add("PUT:"+_uri); }else if(_currentMethod == HTTP_DELETE){ md5.add("DELETE:"+_uri); }else{ md5.add("GET:"+_uri); } md5.calculate(); String _H2 = md5.toString(); #ifdef DEBUG_ESP_HTTP_SERVER DEBUG_OUTPUT.println("Hash of GET:uri=" + _H2); #endif md5.begin(); if(authReq.indexOf("qop=auth") != -1){ md5.add(_H1+":"+_nonce+":"+_nc+":"+_cnonce+":auth:"+_H2); }else{ md5.add(_H1+":"+_nonce+":"+_H2); } md5.calculate(); String _responsecheck = md5.toString(); #ifdef DEBUG_ESP_HTTP_SERVER DEBUG_OUTPUT.println("The Proper response=" +_responsecheck); #endif if(_response==_responsecheck){ authReq = String(); return true; } } authReq = String(); } return false; }