MQTT authentification

[chrille]

Hi,

My MQTT broker requires authentification with username/password. Is there any plans to add MQTT authentification support to the software soon? If not, I might give it a try. I see the webserver code already is there to prompt for both username and password

- Jan

[chrille]

Is there any plans to add MQTT authentification support to the software soon? If not, I might give it a try. I see the webserver code already is there to prompt for both username and password

It was pretty simple to add

https://github.com/janchrillesen/espeas ... f6da2a01db

- Jan

[Martinus]

Hello Jan,

Thanks for checking in on this. Have you checked what happens if we try to connect with an empty user/password on a system that does not need it?

So what will happen if we fire this call to a non password protected broker and both fields empty:

Code: Select all

if (MQTTclient.connect(MQTT::Connect(clientid).set_auth(Settings.ControllerUser, Settings.ControllerPassword))) 

In other words, should we switch between connect methods based on empy/nonempty useraccount, or will this one work either way?

Martinus

[chrille]

In other words, should we switch between connect methods based on empy/nonempty useraccount, or will this one work either way?

Good point! I should have tested that. I installed mosquitto on another server and the password-less connection failed. I then added code to test if username/password was set, and it still failed. It turned out to be an issue with MQTT protocol version and the somewhat old version of mosquitto I installed on the test server. After switching to test.mosquitto.org it worked fine. So it may, or may not, have worked with the original code - however doing a specific check is definately cleaner and I committed that

- Jan

[Martinus]

We have been working on some code changes to the project, moving all device specific code into "device plugin" files. This would make co-development of new devices a lot easier because you don't have to touch the core code files in order to add new devices. We're currently testing these changes and I think in a few days we will commit these last changes to sourceforge and then move the source to github. After that step, contributing to the project will be more convenient.

For time being, we're planning to keep stable editions through sourceForge as zip downloads, until we make up our minds on the release mechanisme on github where we should be able to distribute also the 3rd party libraries and other stuff.

[chrille]

We have been working on some code changes to the project, moving all device specific code into "device plugin" files. This would make co-development of new devices a lot easier because you don't have to touch the core code files in order to add new devices. We're currently testing these changes and I think in a few days we will commit these last changes to sourceforge and then move the source to github. After that step, contributing to the project will be more convenient.

Sounds like a good plan. I am trying to add support for the HC-SR04 ultrasonic sensor (since I need it for a specific project). I will put this on hold until the re-ordering is done and the code is available on github. The git model with pull requests works great for co-development and github also supports easy inclusion of 3rd party libraries

- Jan

[Martinus]

Hi,

My MQTT broker requires authentification with username/password. Is there any plans to add MQTT authentification support to the software soon? If not, I might give it a try. I see the webserver code already is there to prompt for both username and password

- Jan

Hello Jan,

I've seen your pull request on this subject a while a go, but it was withdrawn. Any news on this subject? Did you test MQTT with authentication?
Maybe you can launch a new pull request on the latest release on github? Others might also benefit from this.

[chrille]

I've seen your pull request on this subject a while a go, but it was withdrawn. Any news on this subject? Did you test MQTT with authentication?
Maybe you can launch a new pull request on the latest release on github? Others might also benefit from this.

I created the pull request based on a commit that didn't compile, and removed the pull request. However, I think the patch still applies - I mostly tested with authentication and only did some basic testing towards a public broker, with no auth. I will try to apply towards the latest release and create a new pull request

- Jan

[chrille]

I've seen your pull request on this subject a while a go, but it was withdrawn. Any news on this subject? Did you test MQTT with authentication?
Maybe you can launch a new pull request on the latest release on github? Others might also benefit from this.

I created the pull request based on a commit that didn't compile, and removed the pull request. However, I think the patch still applies - I mostly tested with authentication and only did some basic testing towards a public broker, with no auth. I will try to apply towards the latest release and create a new pull request

I have tested with R43 and it works - I have tested all 3 MQTT implementation towards my Mosquitto broker with username/password and towards test.mosquitto.org with no authentification

Code: Select all

diff --git a/Controller.ino b/Controller.ino
index 4e897cd..074027d 100644
--- a/Controller.ino
+++ b/Controller.ino
@@ -60,7 +60,12 @@ void MQTTConnect()
   for (byte x = 1; x < 3; x++)
   {
     String log = "";
-    if (MQTTclient.connect(clientid))
+    boolean MQTTresult = false;
+    if ((SecuritySettings.ControllerUser) && (SecuritySettings.ControllerPassword))
+      MQTTresult = (MQTTclient.connect(MQTT::Connect(clientid).set_auth(SecuritySettings.ControllerUser, SecuritySettings.ControllerPassword)));
+    else
+      MQTTresult = (MQTTclient.connect(clientid));
+    if (MQTTresult)
     {
       log = F("MQTT : Connected to broker");
       addLog(LOG_LEVEL_INFO, log);
@@ -74,7 +79,7 @@ void MQTTConnect()
     }
     else
     {
-      log = F("MQTT : Failed to connected to broker");
+      log = F("MQTT : Failed to connect to broker");
       addLog(LOG_LEVEL_ERROR, log);
     }

@@ -340,4 +345,4 @@ void sendSysInfoUDP(byte repeats)
   Nodes[Settings.Unit].age = 0;

 }

diff --git a/WebServer.ino b/WebServer.ino
index 8b46022..64ed021 100644
--- a/WebServer.ino
+++ b/WebServer.ino
@@ -357,13 +357,13 @@ void handle_config() {
   reply += F("'><TR><TD>Controller Port:<TD><input type='text' name='controllerport' value='");
   reply += Settings.ControllerPort;

-  if (Settings.Protocol == 9999)
+  byte ProtocolIndex = getProtocolIndex(Settings.Protocol);
+  if (Protocol[ProtocolIndex].usesAccount)
   {
     reply += F("'><TR><TD>Controller User:<TD><input type='text' name='controlleruser' value='");
-    reply += SecuritySettings.ControllerUser;
+    reply +=SecuritySettings.ControllerUser;
   }

-  byte ProtocolIndex = getProtocolIndex(Settings.Protocol);
   if (Protocol[ProtocolIndex].usesPassword)
   {
     reply += F("'><TR><TD>Controller Password:<TD><input type='text' name='controllerpassword' value='");
diff --git a/_C002.ino b/_C002.ino
index 920e47e..088bac1 100644
--- a/_C002.ino
+++ b/_C002.ino
@@ -17,8 +17,8 @@ boolean CPlugin_002(byte function, struct EventStruct *event)
         Protocol[++protocolCount].Number = CPLUGIN_ID_002;
         strcpy_P(Protocol[protocolCount].Name, PSTR(CPLUGIN_NAME_002));
         Protocol[protocolCount].usesMQTT = true;
-        Protocol[protocolCount].usesAccount = false;
-        Protocol[protocolCount].usesPassword = false;
+        Protocol[protocolCount].usesAccount = true;
+        Protocol[protocolCount].usesPassword = true;
         break;
       }

diff --git a/_C005.ino b/_C005.ino
index 245df2a..f8a615e 100644
--- a/_C005.ino
+++ b/_C005.ino
@@ -17,8 +17,8 @@ boolean CPlugin_005(byte function, struct EventStruct *event)
         Protocol[++protocolCount].Number = CPLUGIN_ID_005;
         strcpy_P(Protocol[protocolCount].Name, PSTR(CPLUGIN_NAME_005));
         Protocol[protocolCount].usesMQTT = true;
-        Protocol[protocolCount].usesAccount = false;
-        Protocol[protocolCount].usesPassword = false;
+        Protocol[protocolCount].usesAccount = true;
+        Protocol[protocolCount].usesPassword = true;
         break;
       }

diff --git a/_C006.ino b/_C006.ino
index 3db0d45..49186a7 100644
--- a/_C006.ino
+++ b/_C006.ino
@@ -17,8 +17,8 @@ boolean CPlugin_006(byte function, struct EventStruct *event)
         Protocol[++protocolCount].Number = CPLUGIN_ID_006;
         strcpy_P(Protocol[protocolCount].Name, PSTR(CPLUGIN_NAME_006));
         Protocol[protocolCount].usesMQTT = true;
-        Protocol[protocolCount].usesAccount = false;
-        Protocol[protocolCount].usesPassword = false;
+        Protocol[protocolCount].usesAccount = true;
+        Protocol[protocolCount].usesPassword = true;
         break;
       }

Would you consider moving DEFAULT_PORT into the different protocol plugins, so all MQTT plugins will default to port 1883?

- Jan

[Martinus]

I have tested with R43 and it works - I have tested all 3 MQTT implementation towards my Mosquitto broker with username/password and towards test.mosquitto.org with no authentification

Can you make a pull request on github so I can merge it?

Would you consider moving DEFAULT_PORT into the different protocol plugins, so all MQTT plugins will default to port 1883?

I'll look into this but I think it's not as simple as just moving the defines. Guess we need a new variable to the Protocol struct like Protocol.DefaultPort.

[Martinus]

MQTT authentication has been added and also default port settings when protocol is changed in the webgui.
Will be available in R49.