Added examples

Added OTA/HTTP update example
Added cookieAuth example

Minor changes
Added decryption error 6 for empty key

Author: marecl

README.md

@@ -24,4 +24,9 @@ It's meant to be an universal, secure toolbox.
 * OTAUpdateConfiguration - how to configure OTA update service
 * saveToSPIFFS - saving and loading settings
 * setUpAP - configure Access Point
-* updateServerConfiguration - how to configure default HTTP update server
+* updateServerConfiguration - how to configure default HTTP update server
+
+## Known issues
+* Cookie auth works best with Firefox
+* encryptKey takes values >=1 because of how key verification works
+* Using a function without configuring it (or loading settings) may cause crash

examples/OTAUpdateConfiguration/OTAUpdateConfiguration.ino

@@ -0,0 +1,39 @@
+#include <settingsManager.h>
+
+/* Settings */
+const char* _name = "Workbench";
+const char* _login = "admin";
+const char* _pass = "admin";
+
+/* WiFi */
+const char* _ssid = "";
+const char* _stapass = "";
+
+settingsManager settings;
+
+void setup() {
+  Serial.begin(115200);
+  pinMode(D0, OUTPUT);
+
+  settings.name(_name);
+  settings.configUser(_login, _pass);
+  settings.configSTA(_ssid, _stapass);
+
+  if (settings.beginSTA()) {
+    Serial.print("Connected to ");
+    Serial.println(settings.ssid());
+    Serial.print(WiFi.localIP());
+  } else {
+    Serial.println("Unable to connect to WiFi\r\nRebooting");
+    delay(1000);
+    ESP.reset();
+  }
+
+  settings.beginOTA();
+}
+
+void loop() {
+  while (millis() % 1000 != 0)
+    ArduinoOTA.handle();
+  digitalWrite(D0, !digitalRead(D0));
+}

examples/cookieAuth/cookieAuth.ino

@@ -0,0 +1,123 @@
+#include <ESP8266WebServer.h>
+#include <settingsManager.h>
+
+/*
+  Cookie based authentication mechanism
+  Handles timeouts and login page
+*/
+
+settingsManager settings;
+ESP8266WebServer server;
+
+/* Settings */
+const char* _name = "Workbench";
+const char* _login = "admin";
+const char* _pass = "admin";
+
+/* WiFi */
+const char* _ssid = "";
+const char* _stapass = "";
+
+/* Server must collect cookies */
+const char* headerkeys[] = {"Cookie"};
+
+/* Valid init timebase */
+uint32_t timebase;
+
+void setup() {
+  Serial.begin(115200);
+  settings.name(_name);
+  settings.configUser(_login, _pass);
+  settings.configSTA(_ssid, _stapass);
+  /* Token will be valid for 3 minutes */
+  /* Depends what is used as counter */
+  settings.tokenLifespan = 180;
+
+  /* Configure server */
+  server.collectHeaders(headerkeys, sizeof(headerkeys) / sizeof(char*));
+  server.on("/login", handleLogin);
+  server.on("/logout", handleLogout);
+  server.on("/", handleRoot);
+  server.begin();
+
+  if (settings.beginSTA()) {
+    Serial.print("Connected to ");
+    Serial.println(settings.ssid());
+    Serial.println(WiFi.localIP());
+  } else {
+    Serial.println("Unable to connect to WiFi\r\nRebooting");
+    delay(1000);
+    ESP.reset();
+  }
+}
+
+void loop() {
+  server.handleClient();
+  timebase = millis() / 1000;
+}
+
+void handleLogin() {
+  Serial.println("Log in");
+  if (server.method() == HTTP_GET) {
+    String content = "<html><body><form action='/login' method='POST'>";
+    content += "User:<input type='text' name='USERNAME' placeholder='username'><br>";
+    content += "Password:<input type='password' name='PASSWORD' placeholder='password'><br>";
+    content += "<input type='submit' name='SUBMIT' value='Submit'></form><br>";
+    content += "</body></html>";
+    server.send(200, "text/html", content);
+  } else if (server.method() == HTTP_POST) {
+    if (!verifyLogin()) {
+      redirectToLogin();
+      return;
+    }
+    Serial.println("Everything is correct");
+    /* Redirect to root */
+    server.sendHeader("Location", "/");
+    server.send(301);
+  }
+}
+
+void handleRoot() {
+  /* Must be checked on every page */
+  if (!verifyLogin())
+    redirectToLogin();
+
+  server.sendContent(F("<html><head><title>ESP8266 Server</title></he"));
+  server.sendContent(F("ad><body><a href=\"/logout\"><input type=\"bu"));
+  server.sendContent(F("tton\" value=\"Logout\" /></a><h1>You have su"));
+  server.sendContent(F("ccessfully logged in!</h1></body></html>"));
+}
+
+void handleLogout() {
+  /* Send incorrect cookie to avoid restoring session */
+  server.sendHeader("Set-Cookie", settings.encryptKey(1));
+  redirectToLogin();
+}
+
+bool verifyLogin() {
+  String toVerify = server.header("Cookie");
+  uint8_t status = settings.verifyEncryptedKey(toVerify, timebase);
+  Serial.print("Cookie verification status: ");
+  Serial.println(status);
+  /* No cookie or it's expired */
+  if (status >= 5) {
+    /* Check if clients wants to authenticate */
+    if (!server.hasArg("USERNAME") || !server.hasArg("PASSWORD"))
+      return false;
+    if (!settings.authenticate(server.arg("USERNAME").c_str(), server.arg("PASSWORD").c_str()))
+      return false;
+  } else if (status > 0)
+    return false;
+  /* Codes 1-4 are invalid */
+  /* Clear cookies if you can't log in */
+
+  /* Sending a cookie anyway to hold up the session */
+  server.sendHeader("Set-Cookie", settings.encryptKey(timebase));
+  return true;
+}
+
+void redirectToLogin() {
+  server.sendHeader("Location", "/login");
+  server.send(301);
+  return void();
+}

examples/keyTesting/keyTesting.ino

@@ -46,7 +46,7 @@ void setup() {
   Serial.println(dec);
 
   Serial.print("Encrypting key:\t\t");
-  Serial.println(settings.validateEncryptedKey(enc, validityBase) == 0 ? "Pass" : "Fail");
+  Serial.println(settings.verifyEncryptedKey(enc, validityBase) == 0 ? "Pass" : "Fail");
 
   Serial.print("Decrypting key:\t\t");
   Serial.println(performTest(&settings, dec, validityBase, 0) ? "Pass" : "Fail");
@@ -122,7 +122,7 @@ void setup() {
 
 /* Try to use pointers whenever you can. It's really memory-consuming */
 bool performTest(settingsManager* set, String test, uint32_t t, uint8_t code) {
-  return (set->validateKey(test, t) == code);
+  return (set->verifyKey(test, t) == code);
 }
 
 void loop() {}

examples/updateServerConfiguration/updateServerConfiguration.ino

@@ -0,0 +1,44 @@
+#include <settingsManager.h>
+#include <ESP8266WebServer.h>
+#include <ESP8266HTTPUpdateServer.h>
+
+/* Settings */
+const char* _name = "Workbench";
+const char* _login = "admin";
+const char* _pass = "admin";
+
+/* WiFi */
+const char* _ssid = "";
+const char* _stapass = "";
+
+settingsManager settings;
+ESP8266WebServer server;
+ESP8266HTTPUpdateServer updServer;
+
+void setup() {
+  Serial.begin(115200);
+  pinMode(D0, OUTPUT);
+
+  settings.name(_name);
+  settings.configUser(_login, _pass);
+  settings.configSTA(_ssid, _stapass);
+  settings.configUpdateServer(&server, &updServer, "/update");
+
+  server.begin();
+
+  if (settings.beginSTA()) {
+    Serial.print("Connected to ");
+    Serial.println(settings.ssid());
+    Serial.print(WiFi.localIP());
+  } else {
+    Serial.println("Unable to connect to WiFi\r\nRebooting");
+    delay(1000);
+    ESP.reset();
+  }
+}
+
+void loop() {
+  while (millis() % 1000 != 0)
+    server.handleClient();
+  digitalWrite(D0, !digitalRead(D0));
+}

keywords.txt

@@ -35,8 +35,8 @@ serialDebug	KEYWORD2
 printConfigFile	KEYWORD2
 printConfig	KEYWORD2
 readInterval	KEYWORD2
-validateKey	KEYWORD2
-validateEncryptedKey	KEYWORD2
+verifyKey	KEYWORD2
+verifyEncryptedKey	KEYWORD2
 encryptKey	KEYWORD2
 decryptKey	KEYWORD2
 tokenLifespan	KEYWORD2

src/settingsManager.cpp

@@ -279,7 +279,7 @@ bool settingsManager::beginSTA() {
     return false;
   }
   //if (this->_dhcp == true)
-  //  this->configIP(this->_ip, this->_gw, this->_mask);
+  // this->configIP(this->_ip, this->_gw, this->_mask);
 #ifdef DEBUG_INSECURE
   this->_print(F("Connected to "), this->_ssid);
 #endif
@@ -466,25 +466,28 @@ void settingsManager::setField(char* _dest, const char* _src, uint8_t _size) {
 
 /*
   Return reasons:
-    0 - valid key
-    1 - unprintable characters detected
-    2 - conversion error
-    3 - invalid name
-    4 - wrong device
-    5 - token expired
+  0 - valid key
+  1 - unprintable characters detected
+  2 - conversion error
+  3 - invalid name
+  4 - wrong device
+  5 - token expired
+  6 - no input
 */
 
 /* todo: rewrite verification using indexOf */
 
-uint8_t settingsManager::validateEncryptedKey(String key, uint32_t time) {
-  return this->validateKey(this->decryptKey(key), time);
+uint8_t settingsManager::verifyEncryptedKey(String key, uint32_t time) {
+  return this->verifyKey(this->decryptKey(key), time);
 }
 
-uint8_t settingsManager::validateKey(String key, uint32_t time) {
+uint8_t settingsManager::verifyKey(String key, uint32_t time) {
 #ifdef DEBUG_INSECURE
   this->_print(F(" CHECKING: "), key.c_str());
 #endif
 
+  if (key == "") return 6;
+
   /* Checking for invalid characters */
   for (uint8_t a = 0; a < key.length(); a++)
     if (key[a] < 33 || key[a] > 126) return 1;
@@ -497,7 +500,7 @@ uint8_t settingsManager::validateKey(String key, uint32_t time) {
 #ifdef DEBUG_INSECURE
   this->_print(F("\t*NAME: "), key.substring(start, end).c_str());
 #endif
-  if (end - start != strlen(this->_name)) return 3;
+  if ((uint8_t)(end - start) != strlen(this->_name)) return 3;
   if (key.substring(start, end) != String(this->_name)) return 3;
 
   /* Extracting timestamp */

src/settingsManager.h

@@ -57,8 +57,8 @@ class settingsManager {
     uint32_t lastUpdate;
     int8_t timezone;
     uint16_t readInterval;
-    uint8_t validateKey(String, uint32_t);
-    uint8_t validateEncryptedKey(String, uint32_t);
+    uint8_t verifyKey(String, uint32_t);
+    uint8_t verifyEncryptedKey(String, uint32_t);
     String encryptKey(uint32_t);
     String decryptKey(String);
     uint32_t tokenLifespan;