-
-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feat] checkBasicAuthentication calculates the base64 encoded hash for username:password everytime #111
Comments
Hello @stefan123t : I've read the upstream discussion in OpenDTU project. I love this project:-) I have one setup myself ;-) So for your question, it works as before, no change for that. The issue with your proposal is that the authentication method (basic or digest) is decided by the request and not known in advance. If you test with curl for example, you can access a protected endpoint either with a basic or digest authentication headers The authentication method that is passed as parameter of the middleware is, like before, the authentication method that the server will use in its reply in case the authentication fails, in order to hint the browser (or curl). I agree with your that considering now that the introduction of a middleware allows for more dynamic setup and also memory saving, maybe an option could be to either precomputed both hash, or just the one in relation to authentication method. In any case I will have a look this evening if this can be quickly done. |
Salut @mathieucarbou thanks for your interest and reply and thanks for maintaining EHCache 😉 For Basic Auth the resulting Whereas for Digest Auth it may depend a bit on how much of the Digest Auth details have been implemented in the ESPAsyncWebServer. I am not that familiar with Digest Auth, expecially when it comes to the advertising of the You can see that it makes use of |
Yes, when simulating with one of the curl command in the project:
curl issues a request first to get the tokens, then create its second request
With basic auth, this is quite straightforward:
So I will try to improve and also refactor the code a little (breaking change in authc middleware, to align it with the Arduino WebServer enums and capabilities. |
- to align methods and enum with PsychicHttp and Arduino WebServer - to support hash - to pre-compute base64 / digest hash to speed up requests Closes #111
- to align methods and enum with PsychicHttp and Arduino WebServer - to support hash - to pre-compute base64 / digest hash to speed up requests Closes #111
- to align methods and enum with PsychicHttp and Arduino WebServer - to support hash - to pre-compute base64 / digest hash to speed up requests Closes #111
- to align methods and enum with PsychicHttp and Arduino WebServer - to support hash - to pre-compute base64 / digest hash to speed up requests Closes #111
Wouldn't it be better to calculate the base64 encoded hash for
username:password
only once, when you modify it using setUsername and setPassword ?I have seen in https://github.com/mathieucarbou/ESPAsyncWebServer/blob/main/src/WebAuthentication.cpp#L34-67 it is calculated for every WebRequest to the same AuthenticationMiddleware again.
Before it is actually memcmp compared in Line 59:
The text was updated successfully, but these errors were encountered: