Small changes to MQTT auth

Changed mqttPort to uint16 type
Password no longer transmitted to settings page
Chnaged topics and identifiers to last 6 bytes of mac format
Added security warning
This commit is contained in:
cschwinne 2019-08-18 18:14:17 +02:00
parent c57124e876
commit 492ec489a1
7 changed files with 35 additions and 30 deletions

View File

@ -252,11 +252,13 @@ For best results, only use one of these services at a time.<br>
Device Auth token: <input name="BK" maxlength="33"><br> Device Auth token: <input name="BK" maxlength="33"><br>
<i>Clear the token field to disable. </i><a href="https://github.com/Aircoookie/WLED/wiki/Blynk" target="_blank">Setup info</a> <i>Clear the token field to disable. </i><a href="https://github.com/Aircoookie/WLED/wiki/Blynk" target="_blank">Setup info</a>
<h3>MQTT</h3> <h3>MQTT</h3>
Broker: <input name="MS" maxlength="32"><br> Broker: <input name="MS" maxlength="32">
Port: <input name="MQTTPORT" maxlength="5"><br> Port: <input name="MQPORT" type="number" min="1" max="65535" required><br>
Username: <input name="MQTTUSER" maxlength="40"><br> <b>The MQTT credentials are sent over an unsecured connection.<br>
Password: <input type="password" input name="MQTTPASS" maxlength="40"><br> Never use the MQTT password for another service!</b><br>
Client ID: <input name="MQTTCID" maxlength="40"><br> Username: <input name="MQUSER" maxlength="40"><br>
Password: <input type="password" input name="MQPASS" maxlength="40"><br>
Client ID: <input name="MQCID" maxlength="40"><br>
Device Topic: <input name="MD" maxlength="32"><br> Device Topic: <input name="MD" maxlength="32"><br>
Group Topic: <input name="MG" maxlength="32"><br> Group Topic: <input name="MG" maxlength="32"><br>
<i>Reboot required to apply changes. </i><a href="https://github.com/Aircoookie/WLED/wiki/MQTT" target="_blank">MQTT info</a> <i>Reboot required to apply changes. </i><a href="https://github.com/Aircoookie/WLED/wiki/MQTT" target="_blank">MQTT info</a>

View File

@ -3,7 +3,7 @@
*/ */
/* /*
* @title WLED project sketch * @title WLED project sketch
* @version 0.8.5-dev #mqttauth @TimothyBrown * @version 0.8.5-dev
* @author Christian Schwinne * @author Christian Schwinne
*/ */
@ -98,7 +98,7 @@
//version code in format yymmddb (b = daily build) //version code in format yymmddb (b = daily build)
#define VERSION 190817 #define VERSION 1908181
char versionString[] = "0.8.5-dev"; char versionString[] = "0.8.5-dev";
@ -207,7 +207,7 @@ char mqttServer[33] = ""; //both domains and IPs should work
char mqttUser[41] = ""; //optional: username for MQTT auth char mqttUser[41] = ""; //optional: username for MQTT auth
char mqttPass[41] = ""; //optional: password for MQTT auth char mqttPass[41] = ""; //optional: password for MQTT auth
char mqttClientID[41] = ""; //override the client ID char mqttClientID[41] = ""; //override the client ID
char mqttPort[6] = ""; uint16_t mqttPort = 1883;
bool huePollingEnabled = false; //poll hue bridge for light state bool huePollingEnabled = false; //poll hue bridge for light state
uint16_t huePollIntervalMs = 2500; //low values (< 1sec) may cause lag but offer quicker response uint16_t huePollIntervalMs = 2500; //low values (< 1sec) may cause lag but offer quicker response

View File

@ -260,7 +260,8 @@ void saveSettingsToEEPROM()
writeStringToEEPROM(2399, mqttUser, 40); writeStringToEEPROM(2399, mqttUser, 40);
writeStringToEEPROM(2440, mqttPass, 40); writeStringToEEPROM(2440, mqttPass, 40);
writeStringToEEPROM(2481, mqttClientID, 40); writeStringToEEPROM(2481, mqttClientID, 40);
writeStringToEEPROM(2522, mqttPort, 5); EEPROM.write(2522, mqttPort & 0xFF);
EEPROM.write(2523, (mqttPort >> 8) & 0xFF);
EEPROM.commit(); EEPROM.commit();
} }
@ -481,7 +482,7 @@ void loadSettingsFromEEPROM(bool first)
readStringFromEEPROM(2399, mqttUser, 40); readStringFromEEPROM(2399, mqttUser, 40);
readStringFromEEPROM(2440, mqttPass, 40); readStringFromEEPROM(2440, mqttPass, 40);
readStringFromEEPROM(2481, mqttClientID, 40); readStringFromEEPROM(2481, mqttClientID, 40);
readStringFromEEPROM(2522, mqttPort, 5); mqttPort = EEPROM.read(2522) + ((EEPROM.read(2523) << 8) & 0xFF00);
} }
receiveDirect = !EEPROM.read(2200); receiveDirect = !EEPROM.read(2200);

View File

@ -308,10 +308,15 @@ void getSettingsJS(byte subPage, char* dest)
sappend('c',"SA",notifyAlexa); sappend('c',"SA",notifyAlexa);
sappends('s',"BK",(char*)((blynkEnabled)?"Hidden":"")); sappends('s',"BK",(char*)((blynkEnabled)?"Hidden":""));
sappends('s',"MS",mqttServer); sappends('s',"MS",mqttServer);
sappends('s',"MQTTPORT",mqttPort); sappend('v',"MQPORT",mqttPort);
sappends('s',"MQTTUSER",mqttUser); sappends('s',"MQUSER",mqttUser);
sappends('s',"MQTTPASS",mqttPass); sappends('s',"MQPASS",mqttPass);
sappends('s',"MQTTCID",mqttClientID); byte l = strlen(mqttPass);
char fpass[l+1]; //fill password field with ***
fpass[l] = 0;
memset(fpass,'*',l);
sappends('s',"MQPASS",fpass);
sappends('s',"MQCID",mqttClientID);
sappends('s',"MD",mqttDeviceTopic); sappends('s',"MD",mqttDeviceTopic);
sappends('s',"MG",mqttGroupTopic); sappends('s',"MG",mqttGroupTopic);
sappend('v',"H0",hueIP[0]); sappend('v',"H0",hueIP[0]);

View File

@ -177,10 +177,11 @@ void handleSettingsSet(AsyncWebServerRequest *request, byte subPage)
} }
strcpy(mqttServer, request->arg("MS").c_str()); strcpy(mqttServer, request->arg("MS").c_str());
strcpy(mqttPort, request->arg("MQTTPORT").c_str()); t = request->arg("MQPORT").toInt();
strcpy(mqttUser, request->arg("MQTTUSER").c_str()); if (t > 0) mqttPort = t;
strcpy(mqttPass, request->arg("MQTTPASS").c_str()); strcpy(mqttUser, request->arg("MQUSER").c_str());
strcpy(mqttClientID, request->arg("MQTTCID").c_str()); if (request->arg("MQPASS").charAt(0) != '*') strcpy(mqttPass, request->arg("MQPASS").c_str());
strcpy(mqttClientID, request->arg("MQCID").c_str());
strcpy(mqttDeviceTopic, request->arg("MD").c_str()); strcpy(mqttDeviceTopic, request->arg("MD").c_str());
strcpy(mqttGroupTopic, request->arg("MG").c_str()); strcpy(mqttGroupTopic, request->arg("MG").c_str());

View File

@ -69,8 +69,8 @@ void wledInit()
//start captive portal if AP active //start captive portal if AP active
if (onlyAP || strlen(apSSID) > 0) if (onlyAP || strlen(apSSID) > 0)
{ {
dnsServer.setErrorReplyCode(DNSReplyCode::ServerFailure); dnsServer.setErrorReplyCode(DNSReplyCode::NoError);
dnsServer.start(53, "wled.me", WiFi.softAPIP()); dnsServer.start(53, "*", WiFi.softAPIP());
dnsActive = true; dnsActive = true;
} }
@ -78,22 +78,18 @@ void wledInit()
if (strcmp(cmDNS,"x") == 0) //fill in unique mdns default if (strcmp(cmDNS,"x") == 0) //fill in unique mdns default
{ {
strcpy(cmDNS, "wled-"); strcpy(cmDNS, "wled-");
strcat(cmDNS, escapedMac.c_str()); sprintf(cmDNS+5, "%*s", 6, escapedMac.c_str()+6);
} }
if (mqttDeviceTopic[0] == 0) if (mqttDeviceTopic[0] == 0)
{ {
strcpy(mqttDeviceTopic, "wled/"); strcpy(mqttDeviceTopic, "wled/");
strcat(mqttDeviceTopic, escapedMac.c_str()); sprintf(mqttDeviceTopic+5, "%*s", 6, escapedMac.c_str()+6);
} }
if (mqttClientID[0] == 0) if (mqttClientID[0] == 0)
{ {
strcpy(mqttClientID, "WLED-"); strcpy(mqttClientID, "WLED-");
sprintf(mqttClientID+5, "%*s", 6, escapedMac.c_str()+6); sprintf(mqttClientID+5, "%*s", 6, escapedMac.c_str()+6);
} }
if (mqttPort[0] == 0)
{
strcpy(mqttPort, "1883");
}
strip.service(); strip.service();

View File

@ -47,13 +47,13 @@ void onMqttConnect(bool sessionPresent)
sendHADiscoveryMQTT(); sendHADiscoveryMQTT();
publishMqtt(); publishMqtt();
DEBUG_PRINTLN("MQTT ready"); DEBUG_PRINTLN("MQ ready");
} }
void onMqttMessage(char* topic, char* payload, AsyncMqttClientMessageProperties properties, size_t len, size_t index, size_t total) { void onMqttMessage(char* topic, char* payload, AsyncMqttClientMessageProperties properties, size_t len, size_t index, size_t total) {
DEBUG_PRINT("MQTT callb rec: "); DEBUG_PRINT("MQ callb rec: ");
DEBUG_PRINTLN(topic); DEBUG_PRINTLN(topic);
DEBUG_PRINTLN(payload); DEBUG_PRINTLN(payload);
@ -223,9 +223,9 @@ bool initMqtt()
IPAddress mqttIP; IPAddress mqttIP;
if (mqttIP.fromString(mqttServer)) //see if server is IP or domain if (mqttIP.fromString(mqttServer)) //see if server is IP or domain
{ {
mqtt->setServer(mqttIP, atoi(mqttPort)); mqtt->setServer(mqttIP, mqttPort);
} else { } else {
mqtt->setServer(mqttServer, atoi(mqttPort)); mqtt->setServer(mqttServer, mqttPort);
} }
mqtt->setClientId(mqttClientID); mqtt->setClientId(mqttClientID);
if (mqttUser[0] && mqttPass[0] != 0) mqtt->setCredentials(mqttUser, mqttPass); if (mqttUser[0] && mqttPass[0] != 0) mqtt->setCredentials(mqttUser, mqttPass);