Fix: force websocket clients to authenticate

when changing the security settings (disabling read-only access or changing the password), existing websocket connections are now closed, forcing the respective clients to authenticate (with the new password). otherwise, existing websocket clients keep connected even though the security settings now expect authentication with a (changed) password.
hoylabs · Sep 30, 2024 · d5d1a99 · d5d1a99
1 parent ebb225f
commit d5d1a99
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/src/WebApi_ws_console.cpp b/src/WebApi_ws_console.cpp
@@ -36,8 +36,11 @@ void WebApiWsConsoleClass::reload()
 
     if (config.Security.AllowReadonly) { return; }
 
+    _ws.enable(false);
     _simpleDigestAuth.setPassword(config.Security.Password);
     _ws.addMiddleware(&_simpleDigestAuth);
+    _ws.closeAll();
+    _ws.enable(true);
 }
 
 void WebApiWsConsoleClass::wsCleanupTaskCb()

diff --git a/src/WebApi_ws_live.cpp b/src/WebApi_ws_live.cpp
@@ -50,8 +50,11 @@ void WebApiWsLiveClass::reload()
 
     if (config.Security.AllowReadonly) { return; }
 
+    _ws.enable(false);
     _simpleDigestAuth.setPassword(config.Security.Password);
     _ws.addMiddleware(&_simpleDigestAuth);
+    _ws.closeAll();
+    _ws.enable(true);
 }
 
 void WebApiWsLiveClass::wsCleanupTaskCb()