Merge pull request #3445 from Moustachauve/ota-lock-post-fix
Update response code when access is denied
This commit is contained in:
commit
36290c20aa
@ -40,7 +40,7 @@ bool isIp(String str) {
|
|||||||
|
|
||||||
void handleUpload(AsyncWebServerRequest *request, const String& filename, size_t index, uint8_t *data, size_t len, bool final) {
|
void handleUpload(AsyncWebServerRequest *request, const String& filename, size_t index, uint8_t *data, size_t len, bool final) {
|
||||||
if (!correctPIN) {
|
if (!correctPIN) {
|
||||||
if (final) request->send(500, "text/plain", FPSTR(s_unlock_cfg));
|
if (final) request->send(401, "text/plain", FPSTR(s_unlock_cfg));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (!index) {
|
if (!index) {
|
||||||
@ -86,7 +86,7 @@ void createEditHandler(bool enable) {
|
|||||||
#endif
|
#endif
|
||||||
} else {
|
} else {
|
||||||
editHandler = &server.on("/edit", HTTP_ANY, [](AsyncWebServerRequest *request){
|
editHandler = &server.on("/edit", HTTP_ANY, [](AsyncWebServerRequest *request){
|
||||||
serveMessage(request, 500, "Access Denied", FPSTR(s_unlock_cfg), 254);
|
serveMessage(request, 401, "Access Denied", FPSTR(s_unlock_cfg), 254);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -201,7 +201,7 @@ void initServer()
|
|||||||
verboseResponse = deserializeState(root);
|
verboseResponse = deserializeState(root);
|
||||||
} else {
|
} else {
|
||||||
if (!correctPIN && strlen(settingsPIN)>0) {
|
if (!correctPIN && strlen(settingsPIN)>0) {
|
||||||
request->send(403, "application/json", F("{\"error\":1}")); // ERR_DENIED
|
request->send(401, "application/json", F("{\"error\":1}")); // ERR_DENIED
|
||||||
releaseJSONBufferLock();
|
releaseJSONBufferLock();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -282,7 +282,7 @@ void initServer()
|
|||||||
//init ota page
|
//init ota page
|
||||||
server.on("/update", HTTP_GET, [](AsyncWebServerRequest *request){
|
server.on("/update", HTTP_GET, [](AsyncWebServerRequest *request){
|
||||||
if (otaLock) {
|
if (otaLock) {
|
||||||
serveMessage(request, 500, "Access Denied", FPSTR(s_unlock_ota), 254);
|
serveMessage(request, 401, "Access Denied", FPSTR(s_unlock_ota), 254);
|
||||||
} else
|
} else
|
||||||
serveSettings(request); // checks for "upd" in URL and handles PIN
|
serveSettings(request); // checks for "upd" in URL and handles PIN
|
||||||
});
|
});
|
||||||
@ -292,7 +292,11 @@ void initServer()
|
|||||||
serveSettings(request, true); // handle PIN page POST request
|
serveSettings(request, true); // handle PIN page POST request
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (Update.hasError() || otaLock) {
|
if (otaLock) {
|
||||||
|
serveMessage(request, 401, "Access Denied", FPSTR(s_unlock_ota), 254);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (Update.hasError()) {
|
||||||
serveMessage(request, 500, F("Update failed!"), F("Please check your file and retry!"), 254);
|
serveMessage(request, 500, F("Update failed!"), F("Please check your file and retry!"), 254);
|
||||||
} else {
|
} else {
|
||||||
serveMessage(request, 200, F("Update successful!"), F("Rebooting..."), 131);
|
serveMessage(request, 200, F("Update successful!"), F("Rebooting..."), 131);
|
||||||
@ -533,7 +537,7 @@ void serveSettingsJS(AsyncWebServerRequest* request)
|
|||||||
}
|
}
|
||||||
if (subPage > 0 && !correctPIN && strlen(settingsPIN)>0) {
|
if (subPage > 0 && !correctPIN && strlen(settingsPIN)>0) {
|
||||||
strcpy_P(buf, PSTR("alert('PIN incorrect.');"));
|
strcpy_P(buf, PSTR("alert('PIN incorrect.');"));
|
||||||
request->send(403, "application/javascript", buf);
|
request->send(401, "application/javascript", buf);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
strcat_P(buf,PSTR("function GetV(){var d=document;"));
|
strcat_P(buf,PSTR("function GetV(){var d=document;"));
|
||||||
@ -575,7 +579,7 @@ void serveSettings(AsyncWebServerRequest* request, bool post)
|
|||||||
// if OTA locked or too frequent PIN entry requests fail hard
|
// if OTA locked or too frequent PIN entry requests fail hard
|
||||||
if ((subPage == SUBPAGE_WIFI && wifiLock && otaLock) || (post && !correctPIN && millis()-lastEditTime < PIN_RETRY_COOLDOWN))
|
if ((subPage == SUBPAGE_WIFI && wifiLock && otaLock) || (post && !correctPIN && millis()-lastEditTime < PIN_RETRY_COOLDOWN))
|
||||||
{
|
{
|
||||||
serveMessage(request, 500, "Access Denied", FPSTR(s_unlock_ota), 254); return;
|
serveMessage(request, 401, "Access Denied", FPSTR(s_unlock_ota), 254); return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (post) { //settings/set POST request, saving
|
if (post) { //settings/set POST request, saving
|
||||||
@ -605,7 +609,7 @@ void serveSettings(AsyncWebServerRequest* request, bool post)
|
|||||||
if (!s2[0]) strcpy_P(s2, s_redirecting);
|
if (!s2[0]) strcpy_P(s2, s_redirecting);
|
||||||
|
|
||||||
bool redirectAfter9s = (subPage == SUBPAGE_WIFI || ((subPage == SUBPAGE_SEC || subPage == SUBPAGE_UM) && doReboot));
|
bool redirectAfter9s = (subPage == SUBPAGE_WIFI || ((subPage == SUBPAGE_SEC || subPage == SUBPAGE_UM) && doReboot));
|
||||||
serveMessage(request, 200, s, s2, redirectAfter9s ? 129 : (correctPIN ? 1 : 3));
|
serveMessage(request, (correctPIN ? 200 : 401), s, s2, redirectAfter9s ? 129 : (correctPIN ? 1 : 3));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -633,7 +637,7 @@ void serveSettings(AsyncWebServerRequest* request, bool post)
|
|||||||
serveMessage(request, 200, strlen(settingsPIN) > 0 ? PSTR("Settings locked") : PSTR("No PIN set"), FPSTR(s_redirecting), 1);
|
serveMessage(request, 200, strlen(settingsPIN) > 0 ? PSTR("Settings locked") : PSTR("No PIN set"), FPSTR(s_redirecting), 1);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
case SUBPAGE_PINREQ : response = request->beginResponse_P(200, "text/html", PAGE_settings_pin, PAGE_settings_pin_length); break;
|
case SUBPAGE_PINREQ : response = request->beginResponse_P(401, "text/html", PAGE_settings_pin, PAGE_settings_pin_length); break;
|
||||||
case SUBPAGE_CSS : response = request->beginResponse_P(200, "text/css", PAGE_settingsCss, PAGE_settingsCss_length); break;
|
case SUBPAGE_CSS : response = request->beginResponse_P(200, "text/css", PAGE_settingsCss, PAGE_settingsCss_length); break;
|
||||||
case SUBPAGE_JS : serveSettingsJS(request); return;
|
case SUBPAGE_JS : serveSettingsJS(request); return;
|
||||||
case SUBPAGE_WELCOME : response = request->beginResponse_P(200, "text/html", PAGE_welcome, PAGE_welcome_length); break;
|
case SUBPAGE_WELCOME : response = request->beginResponse_P(200, "text/html", PAGE_welcome, PAGE_welcome_length); break;
|
||||||
|
Loading…
Reference in New Issue
Block a user