From 49805aa269537907025698cc3445d076b3bd96e4 Mon Sep 17 00:00:00 2001
From: tinkerdudeno1 <65307209+tinkerdudeno1@users.noreply.github.com>
Date: Thu, 9 Dec 2021 16:57:58 +0100
Subject: [PATCH 1/3] Make TLS work without providing a ca cert file (#109)

* rework tls settings

Co-authored-by: jneilliii <jneilliii+github@gmail.com>
---
 octoprint_mqtt/__init__.py                    | 14 ++--
 octoprint_mqtt/static/js/mqtt.js              |  4 --
 octoprint_mqtt/templates/mqtt_settings.jinja2 | 71 +++++++++----------
 setup.py                                      |  2 +-
 4 files changed, 43 insertions(+), 48 deletions(-)

diff --git a/octoprint_mqtt/__init__.py b/octoprint_mqtt/__init__.py
index 2d56d03..700accc 100644
--- a/octoprint_mqtt/__init__.py
+++ b/octoprint_mqtt/__init__.py
@@ -98,6 +98,7 @@ def get_settings_defaults(self):
                 username=None,
                 password=None,
                 keepalive=60,
+                tls_active=False,
                 tls=dict(),
                 tls_insecure=False,
                 protocol="MQTTv31",
@@ -275,6 +276,7 @@ def mqtt_connect(self):
         broker_username = self._settings.get(["broker", "username"])
         broker_password = self._settings.get(["broker", "password"])
         broker_keepalive = self._settings.get_int(["broker", "keepalive"])
+        broker_tls_active = self._settings.get(["broker", "tls_active"])
         broker_tls = self._settings.get(["broker", "tls"], asdict=True)
         broker_tls_insecure = self._settings.get_boolean(["broker", "tls_insecure"])
         broker_protocol = self._settings.get(["broker", "protocol"])
@@ -298,17 +300,15 @@ def mqtt_connect(self):
 
         if self._mqtt is None:
             self._mqtt = mqtt.Client(client_id=client_id, protocol=protocol, clean_session=clean_session)
+        else:
+            self._mqtt.reinitialise() #otherwise tls_set might be called again causing the plugin to crash 
 
         if broker_username is not None:
             self._mqtt.username_pw_set(broker_username, password=broker_password)
 
-        tls_active = False
-        if broker_tls:
+        if broker_tls_active:
             tls_args = dict((key, value) for key, value in broker_tls.items() if value)
-            ca_certs = tls_args.pop("ca_certs", None)
-            if ca_certs:  # cacerts must not be None for tls_set to work
-                self._mqtt.tls_set(ca_certs, **tls_args)
-                tls_active = True
+            self._mqtt.tls_set(**tls_args)
 
         if broker_tls_insecure and tls_active:
             self._mqtt.tls_insecure_set(broker_tls_insecure)
@@ -393,7 +393,7 @@ def remove_sub(entry):
             subbed_topic, subbed_callback, _, _ = entry
             return not (callback == subbed_callback and (topic is None or subbed_topic == topic))
 
-        self._mqtt_subscriptions = filter(remove_sub, self._mqtt_subscriptions)
+        self._mqtt_subscriptions = list(filter(remove_sub, self._mqtt_subscriptions))
 
         if self._mqtt_connected and subbed_topics:
             self._mqtt.unsubscribe(*subbed_topics)
diff --git a/octoprint_mqtt/static/js/mqtt.js b/octoprint_mqtt/static/js/mqtt.js
index fdd092c..c4dcf20 100644
--- a/octoprint_mqtt/static/js/mqtt.js
+++ b/octoprint_mqtt/static/js/mqtt.js
@@ -5,7 +5,6 @@ $(function() {
         self.global_settings = parameters[0];
 
         self.showUserCredentials = ko.observable(false);
-        self.showSsl = ko.observable(false);
         self.showClientID = ko.observable(false);
 
         self.settings = undefined;
@@ -17,9 +16,6 @@ $(function() {
             // show credential options if username is set
             self.showUserCredentials(!!self.settings.broker.username());
 
-            // show SSL/TLS config options if any of the corresponding settings are set
-            self.showSsl(!!self.settings.broker.tls && !!self.settings.broker.tls.cacerts && !!self.settings.broker.tls.cacerts())
-
             // show client_id options if client_id is set
             self.showClientID(!!self.settings.client.client_id());
         };
diff --git a/octoprint_mqtt/templates/mqtt_settings.jinja2 b/octoprint_mqtt/templates/mqtt_settings.jinja2
index be6d424..1d6f48b 100644
--- a/octoprint_mqtt/templates/mqtt_settings.jinja2
+++ b/octoprint_mqtt/templates/mqtt_settings.jinja2
@@ -107,52 +107,51 @@
             <div class="control-group">
                 <div class="controls">
                     <label class="checkbox">
-                        <input type="checkbox" data-bind="checked: showSsl"> {{ _('The broker requires TLS to connect, show SSL/TLS options') }}
+                        <input type="checkbox" data-bind="checked: settings.broker.tls_active"> {{ _('The broker requires TLS to connect (If you change from true to false, you need to restart OctoPrint)') }}
                     </label>
                 </div>
             </div>
-            <div data-bind="visible: showSsl" style="display: none">
-                <div class="control-group">
-                    <label class="control-label">{{ _('Path to server certificate chain') }}</label>
-                    <div class="controls">
-                        <input type="text" class="input-large" id="settings_plugin_mqtt_broker_tls_caCerts" data-bind="value: settings.broker.tls.ca_certs" />
-                        <span class="help-block">{{ _('Path to the server\'s certificate chain file. Mandatory, required for TLS to work.') }}</span>
-                    </div>
-                </div>
 
-                <div class="control-group">
-                    <label class="control-label">{{ _('Path to client certificate') }}</label>
-                    <div class="controls">
-                        <input type="text" class="input-large" id="settings_plugin_mqtt_broker_tls_certfile" data-bind="value: settings.broker.tls.certfile" />
-                        <span class="help-block">{{ _('Paths to the PEM encoded client certificate, <strong>must not be password protected</strong>, only necessary if broker requires client certificate authentication.') }}</span>
+            <div class="advanced-options-container">
+                <div><small><a href="#" class="muted" data-bind="toggleContent: { class: 'fa-caret-right fa-caret-down', parent: '.advanced-options-container', container: '.hide' }"><i class="fa fa-caret-right"></i> {{ _('Advanced TLS options') }}</a></small></div>
+                <div class="hide">
+                    <div class="control-group">
+                        <label class="control-label">{{ _('Path to server certificate chain') }}</label>
+                        <div class="controls">
+                            <input type="text" class="input-large" id="settings_plugin_mqtt_broker_tls_caCerts" data-bind="value: settings.broker.tls.ca_certs" />
+                            <span class="help-block">{{ _('Path to the server\'s certificate chain file (optional).') }}</span>
+                        </div>
                     </div>
-                </div>
 
-                <div class="control-group">
-                    <label class="control-label">{{ _('Path to client key') }}</label>
-                    <div class="controls">
-                        <input type="text" class="input-large" id="settings_plugin_mqtt_broker_tls_keyfile" data-bind="value: settings.broker.tls.keyfile" />
-                        <span class="help-block">{{ _('Paths to the PEM encoded private keys, <strong>must not be password protected</strong>, only necessary if broker requires client certificate authentication.') }}</span>
+                    <div class="control-group">
+                        <label class="control-label">{{ _('Path to client certificate') }}</label>
+                        <div class="controls">
+                            <input type="text" class="input-large" id="settings_plugin_mqtt_broker_tls_certfile" data-bind="value: settings.broker.tls.certfile" />
+                            <span class="help-block">{{ _('Paths to the PEM encoded client certificate, <strong>must not be password protected</strong>, only necessary if broker requires client certificate authentication.') }}</span>
+                        </div>
                     </div>
-                </div>
 
-                <div class="advanced-options-container">
-                    <div><small><a href="#" class="muted" data-bind="toggleContent: { class: 'fa-caret-right fa-caret-down', parent: '.advanced-options-container', container: '.hide' }"><i class="fa fa-caret-right"></i> {{ _('Advanced TLS options') }}</a></small></div>
-                    <div class="hide">
-                        <div class="control-group">
-                            <label class="control-label">{{ _('Ciphers') }}</label>
-                            <div class="controls">
-                                <input type="text" class="input-large" id="settings_plugin_mqtt_broker_tls_ciphers" data-bind="value: settings.broker.tls.ciphers" />
-                                <span class="help-block">{{ _('A string specifying which encryption ciphers are allowable for this connection. See <a href="%(url)s" target="_blank">the OpenSSL documentation on ciphers</a>.', url = "https://www.openssl.org/docs/manmaster/man1/ciphers.html") }}</span>
-                            </div>
+                    <div class="control-group">
+                        <label class="control-label">{{ _('Path to client key') }}</label>
+                        <div class="controls">
+                            <input type="text" class="input-large" id="settings_plugin_mqtt_broker_tls_keyfile" data-bind="value: settings.broker.tls.keyfile" />
+                            <span class="help-block">{{ _('Paths to the PEM encoded private keys, <strong>must not be password protected</strong>, only necessary if broker requires client certificate authentication.') }}</span>
+                        </div>
+                    </div>
+                    
+                    <div class="control-group">
+                        <label class="control-label">{{ _('Ciphers') }}</label>
+                        <div class="controls">
+                            <input type="text" class="input-large" id="settings_plugin_mqtt_broker_tls_ciphers" data-bind="value: settings.broker.tls.ciphers" />
+                            <span class="help-block">{{ _('A string specifying which encryption ciphers are allowable for this connection. See <a href="%(url)s" target="_blank">the OpenSSL documentation on ciphers</a>.', url = "https://www.openssl.org/docs/manmaster/man1/ciphers.html") }}</span>
                         </div>
+                    </div>
 
-                        <div class="control-group">
-                            <div class="controls">
-                                <label class="checkbox">
-                                    <input type="checkbox" data-bind="checked: settings.broker.tls_insecure" /> {{ _('Do not verify the server hostname in the server certificate') }} <span class="label label-important">Caution</span>
-                                </label>
-                            </div>
+                    <div class="control-group">
+                        <div class="controls">
+                            <label class="checkbox">
+                                <input type="checkbox" data-bind="checked: settings.broker.tls_insecure" /> {{ _('Do not verify the server hostname in the server certificate') }} <span class="label label-important">Caution</span>
+                            </label>
                         </div>
                     </div>
                 </div>
diff --git a/setup.py b/setup.py
index 852b1d7..22898f7 100644
--- a/setup.py
+++ b/setup.py
@@ -11,7 +11,7 @@
 plugin_name = "OctoPrint-MQTT"
 
 # The plugin's version. Can be overwritten within OctoPrint's internal data via __plugin_version__ in the plugin module
-plugin_version = "0.8.9"
+plugin_version = "0.8.10"
 
 # The plugin's description. Can be overwritten within OctoPrint's internal data via __plugin_description__ in the plugin
 # module

From c60168d68a5689530f472c43d21fcf0c16724def Mon Sep 17 00:00:00 2001
From: jneilliii <jneilliii+github@gmail.com>
Date: Thu, 9 Dec 2021 10:59:15 -0500
Subject: [PATCH 2/3] 0.8.11

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 22898f7..ad2a5fc 100644
--- a/setup.py
+++ b/setup.py
@@ -11,7 +11,7 @@
 plugin_name = "OctoPrint-MQTT"
 
 # The plugin's version. Can be overwritten within OctoPrint's internal data via __plugin_version__ in the plugin module
-plugin_version = "0.8.10"
+plugin_version = "0.8.11"
 
 # The plugin's description. Can be overwritten within OctoPrint's internal data via __plugin_description__ in the plugin
 # module

From d39587bfa8c2c4b1b8b11164a6db29593a2bc1db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20P=C3=B6sch?=
 <34485446+mechaot@users.noreply.github.com>
Date: Fri, 17 Dec 2021 23:35:32 +0100
Subject: [PATCH 3/3] Fix: NameError when loading config with tls

The variable 'broker_tls_active' was incorrectly referenced as 'tls_active' only resulting in name error when loading config with TLS enabled.
---
 octoprint_mqtt/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/octoprint_mqtt/__init__.py b/octoprint_mqtt/__init__.py
index 700accc..ad5469c 100644
--- a/octoprint_mqtt/__init__.py
+++ b/octoprint_mqtt/__init__.py
@@ -310,7 +310,7 @@ def mqtt_connect(self):
             tls_args = dict((key, value) for key, value in broker_tls.items() if value)
             self._mqtt.tls_set(**tls_args)
 
-        if broker_tls_insecure and tls_active:
+        if broker_tls_insecure and broker_tls_active:
             self._mqtt.tls_insecure_set(broker_tls_insecure)
 
         _retain = self._settings.get_boolean(["broker", "retain"])