From 1ae8e7ec79978b53e24b8fe8d48cae573063c1a3 Mon Sep 17 00:00:00 2001
From: tim-moody <tim@timmoody.com>
Date: Fri, 16 Aug 2024 12:52:29 +0100
Subject: [PATCH] validate wifi password when save conf options

---
 roles/console/files/js/admin_console.js | 41 ++++++++++++++++++-------
 1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/roles/console/files/js/admin_console.js b/roles/console/files/js/admin_console.js
index 7964fc8f..c297efbd 100644
--- a/roles/console/files/js/admin_console.js
+++ b/roles/console/files/js/admin_console.js
@@ -994,17 +994,9 @@ function controlWifiHotspot(){
   var cmd_args = {};
   if (serverInfo.hostapd_status == 'ON') {
     var hotspotPassword = gEBI('hotspot_wifi_password_UD').value;
-    if (hotspotPassword.length < 8 || hotspotPassword.length > 63) {
-      alert("WiFi password must be between 8 and 63 printable characters.");
-      return
-    }
-    for (let i = 0; i < hotspotPassword.length; i++) {
-      let charCode = hotspotPassword.charCodeAt(i);
-      if (charCode < 32 || charCode > 126){
-        alert("Password cannot contain the character '" + hotspotPassword[i] + "'")
-        return
-      }
-    }
+    if (validateHostapdPassword(hotspotPassword) == false)
+      return false;
+
     cmd_args['hotspot_passord'] = hotspotPassword;
     var command = "CTL-HOTSPOT " + JSON.stringify(cmd_args);
     return sendCmdSrvCmd(command, genericCmdHandler, "HOSTSPOT-CTL");
@@ -1013,6 +1005,21 @@ function controlWifiHotspot(){
     alert("Can't change password as Internal Hotspot is not ON.");
 }
 
+function validateHostapdPassword(password){
+  if (password.length < 8 || password.length > 63) {
+    alert("WiFi password must be between 8 and 63 printable characters.");
+    return false;
+  }
+  for (let i = 0; i < password.length; i++) {
+    let charCode = password.charCodeAt(i);
+    if (charCode < 32 || charCode > 126){
+      alert("Password cannot contain the character '" + password[i] + "'")
+      return false;
+    }
+  }
+  return true;
+}
+
 function setWifiConnectionParams(){
   var cmd_args = {};
 
@@ -1260,6 +1267,9 @@ function setConfigVarsCmd () {
       // we will do this on the backend
     }
   });
+  if (validateChangedVars(changed_vars) == false)
+    return false;
+
   cmd_args['config_vars'] = changed_vars;
   var cmd = "SET-CONF " + JSON.stringify(cmd_args);
   sendCmdSrvCmd(cmd, genericCmdHandler);
@@ -1267,6 +1277,15 @@ function setConfigVarsCmd () {
   return true;
 }
 
+function validateChangedVars(changedVars){
+  // field validation functions raise alerts
+  if (changedVars.hasOwnProperty('hostapd_password'))
+    if (validateHostapdPassword(changedVars['hostapd_password']) == false)
+      return false;
+
+  return true;
+}
+
 function getServerPublicKey(){
   $.get( iiabAuthService + '/get_pubkey', function( data ) {
     authData['serverPKey'] = nacl.util.decodeBase64(data);