Update response code when access is denied
Having the wrong pin would result in a server error (500). The more appropriate error code for that would be 401. This also changes the page that asks for users to login from 200 to 401.
This commit is contained in:
parent
3847bfc41a
commit
225fd0d05b
@ -40,7 +40,7 @@ bool isIp(String str) {
|
||||
|
||||
void handleUpload(AsyncWebServerRequest *request, const String& filename, size_t index, uint8_t *data, size_t len, bool final) {
|
||||
if (!correctPIN) {
|
||||
if (final) request->send(500, "text/plain", FPSTR(s_unlock_cfg));
|
||||
if (final) request->send(401, "text/plain", FPSTR(s_unlock_cfg));
|
||||
return;
|
||||
}
|
||||
if (!index) {
|
||||
@ -86,7 +86,7 @@ void createEditHandler(bool enable) {
|
||||
#endif
|
||||
} else {
|
||||
editHandler = &server.on("/edit", HTTP_ANY, [](AsyncWebServerRequest *request){
|
||||
serveMessage(request, 500, "Access Denied", FPSTR(s_unlock_cfg), 254);
|
||||
serveMessage(request, 401, "Access Denied", FPSTR(s_unlock_cfg), 254);
|
||||
});
|
||||
}
|
||||
}
|
||||
@ -201,7 +201,7 @@ void initServer()
|
||||
verboseResponse = deserializeState(root);
|
||||
} else {
|
||||
if (!correctPIN && strlen(settingsPIN)>0) {
|
||||
request->send(403, "application/json", F("{\"error\":1}")); // ERR_DENIED
|
||||
request->send(401, "application/json", F("{\"error\":1}")); // ERR_DENIED
|
||||
releaseJSONBufferLock();
|
||||
return;
|
||||
}
|
||||
@ -282,7 +282,7 @@ void initServer()
|
||||
//init ota page
|
||||
server.on("/update", HTTP_GET, [](AsyncWebServerRequest *request){
|
||||
if (otaLock) {
|
||||
serveMessage(request, 500, "Access Denied", FPSTR(s_unlock_ota), 254);
|
||||
serveMessage(request, 401, "Access Denied", FPSTR(s_unlock_ota), 254);
|
||||
} else
|
||||
serveSettings(request); // checks for "upd" in URL and handles PIN
|
||||
});
|
||||
@ -292,7 +292,11 @@ void initServer()
|
||||
serveSettings(request, true); // handle PIN page POST request
|
||||
return;
|
||||
}
|
||||
if (Update.hasError() || otaLock) {
|
||||
if (otaLock) {
|
||||
serveMessage(request, 401, "Access Denied", FPSTR(s_unlock_ota), 254);
|
||||
return;
|
||||
}
|
||||
if (Update.hasError()) {
|
||||
serveMessage(request, 500, F("Update failed!"), F("Please check your file and retry!"), 254);
|
||||
} else {
|
||||
serveMessage(request, 200, F("Update successful!"), F("Rebooting..."), 131);
|
||||
@ -533,7 +537,7 @@ void serveSettingsJS(AsyncWebServerRequest* request)
|
||||
}
|
||||
if (subPage > 0 && !correctPIN && strlen(settingsPIN)>0) {
|
||||
strcpy_P(buf, PSTR("alert('PIN incorrect.');"));
|
||||
request->send(403, "application/javascript", buf);
|
||||
request->send(401, "application/javascript", buf);
|
||||
return;
|
||||
}
|
||||
strcat_P(buf,PSTR("function GetV(){var d=document;"));
|
||||
@ -575,7 +579,7 @@ void serveSettings(AsyncWebServerRequest* request, bool post)
|
||||
// if OTA locked or too frequent PIN entry requests fail hard
|
||||
if ((subPage == SUBPAGE_WIFI && wifiLock && otaLock) || (post && !correctPIN && millis()-lastEditTime < PIN_RETRY_COOLDOWN))
|
||||
{
|
||||
serveMessage(request, 500, "Access Denied", FPSTR(s_unlock_ota), 254); return;
|
||||
serveMessage(request, 401, "Access Denied", FPSTR(s_unlock_ota), 254); return;
|
||||
}
|
||||
|
||||
if (post) { //settings/set POST request, saving
|
||||
@ -605,7 +609,7 @@ void serveSettings(AsyncWebServerRequest* request, bool post)
|
||||
if (!s2[0]) strcpy_P(s2, s_redirecting);
|
||||
|
||||
bool redirectAfter9s = (subPage == SUBPAGE_WIFI || ((subPage == SUBPAGE_SEC || subPage == SUBPAGE_UM) && doReboot));
|
||||
serveMessage(request, 200, s, s2, redirectAfter9s ? 129 : (correctPIN ? 1 : 3));
|
||||
serveMessage(request, (correctPIN ? 200 : 401), s, s2, redirectAfter9s ? 129 : (correctPIN ? 1 : 3));
|
||||
return;
|
||||
}
|
||||
}
|
||||
@ -633,7 +637,7 @@ void serveSettings(AsyncWebServerRequest* request, bool post)
|
||||
serveMessage(request, 200, strlen(settingsPIN) > 0 ? PSTR("Settings locked") : PSTR("No PIN set"), FPSTR(s_redirecting), 1);
|
||||
return;
|
||||
}
|
||||
case SUBPAGE_PINREQ : response = request->beginResponse_P(200, "text/html", PAGE_settings_pin, PAGE_settings_pin_length); break;
|
||||
case SUBPAGE_PINREQ : response = request->beginResponse_P(401, "text/html", PAGE_settings_pin, PAGE_settings_pin_length); break;
|
||||
case SUBPAGE_CSS : response = request->beginResponse_P(200, "text/css", PAGE_settingsCss, PAGE_settingsCss_length); break;
|
||||
case SUBPAGE_JS : serveSettingsJS(request); return;
|
||||
case SUBPAGE_WELCOME : response = request->beginResponse_P(200, "text/html", PAGE_welcome, PAGE_welcome_length); break;
|
||||
|
Loading…
Reference in New Issue
Block a user