Commits on Sep 30, 2024

1. Fix: avoid deprecated setAuthentication() to fix memory exhaustion …

   with ESPAsyncWebServer 3.3.0, the setAuthentication() method became
   deprecated and a replacement method was provided which acts as a shim
   and uses the new middleware-based approach to setup authentication. in
   order to eventually apply a changed "read-only access allowed" setting,
   the setAuthentication() method was called periodically. the shim
   implementation each time allocates a new AuthenticationMiddleware and
   adds it to the chain of middlewares, eventually exhausting the memory.
   
   we now use the new middleware-based approach ourselves and only add the
   respective AuthenticatonMiddleware instance once to the respective
   websocket server instance.
   
   a regression where enabling unauthenticated read-only access is not
   applied until reboot is also fixed. all the AuthenticationMiddleware
   instances were never removed from the chain of middlewares when calling
   setAuthentication("", "").

   

   schlimmchen committed Sep 30, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for ebb225f
   • Browse repository at this point

   Copy the full SHA

   ebb225f View commit details

   Browse the repository at this point in the history

2. Fix: force websocket clients to authenticate …

   when changing the security settings (disabling read-only access or
   changing the password), existing websocket connections are now closed,
   forcing the respective clients to authenticate (with the new password).
   otherwise, existing websocket clients keep connected even though the
   security settings now expect authentication with a (changed) password.

   

   schlimmchen committed Sep 30, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for d5d1a99
   • Browse repository at this point

   Copy the full SHA

   d5d1a99 View commit details

   Browse the repository at this point in the history