diff --git a/CHANGELOG.md b/CHANGELOG.md
index 63fa9c69cbddebef8ef1ffb7373ae57e0e232590..c3b109d88febf2efa6f2c9318e6b0f1f7a907b1f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
## WLED changelog
+#### Build 2306140
+
+- Add settings PIN (un)locking to JSON post API
+
#### Build 2306130
- Bumped version to 0.14-b3 (beta 3)
- added pin dropdowns in LED preferences (not for LED pins) and usermods
diff --git a/wled00/const.h b/wled00/const.h
index db14e97216694b21f3bdc6aa4911c77873b6672e..793d3c5e2b3aa8c147c0e30e0aa5b0a7afcfbe42 100644
--- a/wled00/const.h
+++ b/wled00/const.h
@@ -444,7 +444,10 @@ #define DEFAULT_LED_COUNT 30
#endif
+#define USERMOD_ID_MULTI_RELAY 13 //Usermod "usermod_multi_relay.h"
+#define PIN_RETRY_COOLDOWN 3000 // time in ms after an incorrect attempt PIN and OTA pass will be rejected even if correct
+ #define WLED_MAX_BUSSES 6 // will allow 4 digital & 2 analog
#define DEFAULT_CLIENT_SSID "Your_Network"
// HW_PIN_SCL & HW_PIN_SDA are used for information in usermods settings page and usermods themselves
diff --git a/wled00/fcn_declare.h b/wled00/fcn_declare.h
index 9d4e9e0e494c521fe83ab8cb5d7ca3e5f0f29b63..153f26bd68f3444a7d98e297100a64030a590364 100644
--- a/wled00/fcn_declare.h
+++ b/wled00/fcn_declare.h
@@ -335,6 +335,7 @@ void releaseJSONBufferLock();
uint8_t extractModeName(uint8_t mode, const char *src, char *dest, uint8_t maxLen);
uint8_t extractModeSlider(uint8_t mode, uint8_t slider, char *dest, uint8_t maxLen, uint8_t *var = nullptr);
int16_t extractModeDefaults(uint8_t mode, const char *segVar);
+void checkSettingsPIN(const char *pin);
uint16_t crc16(const unsigned char* data_p, size_t length);
um_data_t* simulateSound(uint8_t simulationId);
void enumerateLedmaps();
diff --git a/wled00/set.cpp b/wled00/set.cpp
index cc3c0bca9203c011cea03457066c4036c09ef3b2..d9297fe26e75780646fb312242f0e642dae26282 100644
--- a/wled00/set.cpp
+++ b/wled00/set.cpp
@@ -10,8 +10,7 @@ {
// PIN code request
if (subPage == 252)
{
- correctPIN = (strlen(settingsPIN)==0 || strncmp(settingsPIN, request->arg(F("PIN")).c_str(), 4)==0);
- lastEditTime = millis();
+ checkSettingsPIN(request->arg(F("PIN")).c_str());
return;
}
@@ -484,9 +483,8 @@ {
if (otaLock && strcmp(otaPass,request->arg(F("OP")).c_str()) == 0)
{
// brute force protection: do not unlock even if correct if last save was less than 3 seconds ago
-/*
{
-
+ // PIN code request
}
if (!otaLock && request->arg(F("OP")).length() > 0)
{
diff --git a/wled00/util.cpp b/wled00/util.cpp
index ebe1131550989c280df5d82f0e50aaf5dcc0edb7..cf04aa5d52aac1bb934855a64f2b21796248c2bc 100644
--- a/wled00/util.cpp
+++ b/wled00/util.cpp
@@ -373,6 +373,16 @@ return -1;
}
+void checkSettingsPIN(const char* pin) {
+ if (!pin) return;
+ if (!correctPIN && millis() - lastEditTime < PIN_RETRY_COOLDOWN) return; // guard against PIN brute force
+ bool correctBefore = correctPIN;
+ correctPIN = (strlen(settingsPIN) == 0 || strncmp(settingsPIN, pin, 4) == 0);
+ if (correctBefore != correctPIN) createEditHandler(correctPIN);
+ lastEditTime = millis();
+}
+
+
uint16_t crc16(const unsigned char* data_p, size_t length) {
uint8_t x;
uint16_t crc = 0xFFFF;
diff --git a/wled00/wled.cpp b/wled00/wled.cpp
index 6954bbee04fbd3db95ccb0d0d57c9013404dbca6..5f807c4fd08c4157ccf5667de5792926b65e543c 100644
--- a/wled00/wled.cpp
+++ b/wled00/wled.cpp
@@ -138,8 +138,7 @@ yield();
}
// 15min PIN time-out
-#endif
#if defined(ARDUINO_ARCH_ESP32) && defined(WLED_DISABLE_BROWNOUT_DET)
correctPIN = false;
createEditHandler(false);
}
diff --git a/wled00/wled.h b/wled00/wled.h
index 03380f8ff3a4812619aa295828534fa6c2280d5e..cb33feb93699a087ed03d48a41512c293b1abd9e 100644
--- a/wled00/wled.h
+++ b/wled00/wled.h
@@ -8,7 +8,7 @@ @author Christian Schwinne
*/
// version code in format yymmddb (b = daily build)
-#define VERSION 2306130
+#define VERSION 2306140
//uncomment this if you have a "my_config.h" file you'd like to use
//#define WLED_USE_MY_CONFIG
diff --git a/wled00/wled_server.cpp b/wled00/wled_server.cpp
index d3d3eb22904789d8dddf75101d8726c4cc604748..385fd3f1673f192ac4a92a6d502a6d261b636c66 100644
--- a/wled00/wled_server.cpp
+++ b/wled00/wled_server.cpp
@@ -198,6 +198,8 @@ releaseJSONBufferLock();
request->send(400, "application/json", F("{\"error\":9}")); // ERR_JSON
return;
}
+ if (root.containsKey("pin")) checkSettingsPIN(root["pin"].as<const char*>());
+
const String& url = request->url();
isConfig = url.indexOf("cfg") > -1;
if (!isConfig) {
@@ -583,7 +585,7 @@ }
// if OTA locked or too frequent PIN entry requests fail hard
#include "html_ui.h"
- cacheInvalidate++;
+ #ifndef WLED_DISABLE_2D
{
serveMessage(request, 500, "Access Denied", FPSTR(s_unlock_ota), 254); return;
}
@@ -607,10 +609,7 @@ case 10: strcpy_P(s, PSTR("2D")); break;
case 252: strcpy_P(s, correctPIN ? PSTR("PIN accepted") : PSTR("PIN rejected")); break;
}
- if (subPage == 252) {
- createEditHandler(correctPIN);
- } else
- strcat_P(s, PSTR(" settings saved."));
+ if (subPage != 252) strcat_P(s, PSTR(" settings saved."));
if (subPage == 252 && correctPIN) {
subPage = originalSubPage; // on correct PIN load settings page the user intended
