.

Changelog.md

@@ -1,3 +1,22 @@
+## [16.0.0-RC6] - 2024-12-xx
+
+For a full list of changes see [Full list of changes](https://github.com/jomjol/AI-on-the-edge-device/compare/v15.7.0...v16.0.0)
+
+#### Known issues
+Please check the [issues](https://github.com/jomjol/AI-on-the-edge-device/issues) and
+[discussions](https://github.com/jomjol/AI-on-the-edge-device/discussions) before reporting a new issue.
+
+#### Core Changes
+Only changes since RC5 are listed:
+- Added basic authentification of the Web Interface and the REST API
+  xxxxx
+
+  **:warning: Please check your Homeassistant instance to make sure it is handled correctly!**
+
+#### Bug Fixes
+Only changes since RC5 are listed:
+ - xxx
+
 ## [16.0.0-RC5] - 2024-12-05
 
 For a full list of changes see [Full list of changes](https://github.com/jomjol/AI-on-the-edge-device/compare/v15.7.0...v16.0.0)
@@ -22,11 +41,11 @@ Only changes since RC4 are listed:
   **:warning: Please check your Homeassistant instance to make sure it is handled correctly!**
 
 #### Bug Fixes
-Only changes since RC3 are listed:
+Only changes since RC4 are listed:
  - Added fix for ledintensity (#3418)
  - Added fix for OV2640 brightness contrast saturation (#3417)
  - Added fix for 'AnalogToDigitTransitionStart' always using 9.2 regardless of the configured value (#3393)
- - Addef fix for HA menu entry (#3342)
+ - Added fix for HA menu entry (#3342)
 
 
 ## [16.0.0-RC4] - 2024-10-06

code/components/jomjol_wlan/basic_auth.cpp

@@ -4,7 +4,7 @@
 #include <esp_log.h>
 
 
-#define HTTPD_401      "401 UNAUTHORIZED"
+#define HTTPD_401 "401 UNAUTHORIZED"
 
 static const char *TAG = "HTTPAUTH";
 
@@ -54,6 +54,8 @@ esp_err_t basic_auth_request_filter(httpd_req_t *req, esp_err_t original_handler
     size_t buf_len = 0;
     esp_err_t ret = ESP_OK;
 
+    char unauthorized[] = "You are not authorized to use this website!";
+
     if (basic_auth_info.username == NULL || basic_auth_info.password == NULL) {
         ret = original_handler(req);
     } else {
@@ -81,10 +83,10 @@ esp_err_t basic_auth_request_filter(httpd_req_t *req, esp_err_t original_handler
             if (strncmp(auth_credentials, buf, buf_len)) {
                 ESP_LOGE(TAG, "Not authenticated");
                 httpd_resp_set_status(req, HTTPD_401);
-                httpd_resp_set_type(req, "application/json");
+                httpd_resp_set_type(req, HTTPD_TYPE_TEXT);
                 httpd_resp_set_hdr(req, "Connection", "keep-alive");
-                httpd_resp_set_hdr(req, "WWW-Authenticate", "Basic realm=\"Hello\"");
-                httpd_resp_send(req, NULL, 0);
+                httpd_resp_set_hdr(req, "WWW-Authenticate", "Basic realm=\"AIOTED\"");
+                httpd_resp_send(req, unauthorized, strlen(unauthorized));
             } else {
                 ESP_LOGI(TAG, "Authenticated calling http handler now!");
                 ret=original_handler(req);
@@ -94,10 +96,10 @@ esp_err_t basic_auth_request_filter(httpd_req_t *req, esp_err_t original_handler
         } else {
             ESP_LOGE(TAG, "No auth header received");
             httpd_resp_set_status(req, HTTPD_401);
-            httpd_resp_set_type(req, "application/json");
+            httpd_resp_set_type(req, HTTPD_TYPE_TEXT);
             httpd_resp_set_hdr(req, "Connection", "keep-alive");
-            httpd_resp_set_hdr(req, "WWW-Authenticate", "Basic realm=\"Hello\"");
-            httpd_resp_send(req, NULL, 0);
+            httpd_resp_set_hdr(req, "WWW-Authenticate", "Basic realm=\"AIOTED\"");
+            httpd_resp_send(req, unauthorized, strlen(unauthorized));
         }
     }
 

sd-card/wlan.ini

@@ -37,12 +37,13 @@ password = ""
 
 RSSIThreshold = 0
 
-
 ;++++++++++++++++++++++++++++++++++
 ; Password Protection of the Web Interface and the REST API
 ; When those parameters are active, the Web Interface and the REST API are protected by a username and password.
 ; Note: This might be a weak and insecure way to protect the Web Interface and the REST API.
-;       There was no audith nor a security review to check the security of the protection!
-;       Use at your own risk!
-;http_username = "test"
-;http_password = "changeme"
+;       There was no audit nor a security review to check the correct implementation of the protection!
+;       The password gets transmitted unencrypted (plain text), this means it is very easy to extract it
+;       once somebody has access to your WIFI!
+;       USE AT YOUR OWN RISK!
+;http_username = "myusername"
+;http_password = "mypassword"