From 8c5e5a49eab7fde8907897d35f83a78f46fbeb8e Mon Sep 17 00:00:00 2001
From: Hieromon Ikasamo <Hieromon@users.noreply.github.com>
Date: Mon, 18 May 2020 02:01:38 +0900
Subject: [PATCH] Added AC_AUTHSCOPE_EXCEPTCP with AC_AUTHSCOPE enum.

---
 src/AutoConnect.h       |  3 ++-
 src/AutoConnectAux.cpp  | 41 +++++---------------------------
 src/AutoConnectPage.cpp | 52 ++++++++++++++++++++++++++++++-----------
 src/AutoConnectTypes.h  |  8 ++++---
 4 files changed, 52 insertions(+), 52 deletions(-)

diff --git a/src/AutoConnect.h b/src/AutoConnect.h
index 28d2595..ccb4c25 100644
--- a/src/AutoConnect.h
+++ b/src/AutoConnect.h
@@ -201,7 +201,7 @@ class AutoConnectConfig {
   uint8_t   tickerOn;           /**< A signal for flicker turn on */
   AC_OTA_t  ota;                /**< Attach built-in OTA */
   AC_AUTH_t auth;               /**< Enable authentication */
-  AC_AUTHSCOPE_t  authScope;    /**< certification scope */
+  uint16_t  authScope;          /**< Authetication scope */
   String    username;           /**< User name for authentication */
   String    password;           /**< Authentication password */
   String    hostName;           /**< host name */
@@ -262,6 +262,7 @@ class AutoConnect {
     AC_RECONNECT_SET,
     AC_RECONNECT_RESET
   } AC_STARECONNECT_t;
+  void  _authentication(bool allow);
   bool  _config(void);
   bool  _configSTA(const IPAddress& ip, const IPAddress& gateway, const IPAddress& netmask, const IPAddress& dns1, const IPAddress& dns2);
   String _getBootUri(void);
diff --git a/src/AutoConnectAux.cpp b/src/AutoConnectAux.cpp
index 1e8b147..9ce1c5b 100644
--- a/src/AutoConnectAux.cpp
+++ b/src/AutoConnectAux.cpp
@@ -514,41 +514,12 @@ PageElement* AutoConnectAux::_setupPage(const String& uri) {
       // Restore transfer mode by each page
       mother->_responsePage->chunked(chunk);
 
-      // Register authentication method
-      // HTTP authentication works only when connected to WiFi
-      if (WiFi.status() == WL_CONNECTED) {
-        // Determine the necessity of authentication from the conditions of
-        // AutoConnectConfig::authScope and derive the method.
-        const char* authUser = nullptr;
-        const char* authPass = nullptr;
-        HTTPAuthMethod  method = DIGEST_AUTH;
-        bool  authCond = false;
-        if (mother->_apConfig.authScope == AC_AUTHSCOPE_PARTIAL) {
-          if (_httpAuth != AC_AUTH_NONE) {
-            authCond = true;
-            if (_httpAuth == AC_AUTH_BASIC)
-              method = BASIC_AUTH;
-          }
-        }
-        else {
-          if (mother->_apConfig.auth != AC_AUTH_NONE) {
-            authCond = true;
-            if (mother->_apConfig.auth == AC_AUTH_BASIC)
-              method = BASIC_AUTH;
-          }
-        }
-        if (authCond) {
-          authUser = mother->_apConfig.username.c_str();
-          authPass = mother->_apConfig.password.c_str();
-        }
-
-        // It entrusts authentication to PageBuilder.
-        // If WiFi is not connected, authUser will be null, and an authentication will not be issued.
-        String  failsContent = String(FPSTR(AutoConnect::_ELM_HTML_HEAD)) + String(F("</head><body>" AUTOCONNECT_TEXT_AUTHFAILED "</body></html>"));
-        mother->_responsePage->authentication(authUser, authPass, method, AUTOCONNECT_AUTH_REALM, failsContent);
-        if (authUser)
-          AC_DBG_DUMB(",%s+%s/%s", method == BASIC_AUTH ? "BASIC" : "DIGEST", authUser, authPass);
-      }
+      // Register authentication
+      // Determine the necessity of authentication from the conditions of
+      // AutoConnectConfig::authScope and derive the method.
+      bool  auth = (mother->_apConfig.authScope & AC_AUTHSCOPE_AUX) ||
+                   ((mother->_apConfig.authScope & AC_AUTHSCOPE_PARTIAL) && (_httpAuth != AC_AUTH_NONE));
+      mother->_authentication(auth);
     }
   }
   return elm;
diff --git a/src/AutoConnectPage.cpp b/src/AutoConnectPage.cpp
index 0e95a68..32ab578 100644
--- a/src/AutoConnectPage.cpp
+++ b/src/AutoConnectPage.cpp
@@ -1558,20 +1558,46 @@ PageElement* AutoConnect::_setupPage(String& uri) {
         break;
       }
 
-    // Regiter authentication method
-    bool authCond = _apConfig.auth != AC_AUTH_NONE &&
-                    _apConfig.authScope == AC_AUTHSCOPE_PORTAL &&
-                    WiFi.status() == WL_CONNECTED &&
-                    reqAuth;
-    if (authCond) {
-      HTTPAuthMethod  auth = _apConfig.auth == AC_AUTH_BASIC ? BASIC_AUTH : DIGEST_AUTH;
-      String  failsContent = String(FPSTR(AutoConnect::_ELM_HTML_HEAD)) + String(F("</head><body>" AUTOCONNECT_TEXT_AUTHFAILED "</body></html>"));
-      _responsePage->authentication(_apConfig.username.c_str(), _apConfig.password.c_str(), auth, AUTOCONNECT_AUTH_REALM, failsContent);
-      AC_DBG_DUMB(",%s+%s/%s", auth == BASIC_AUTH ? "BASIC" : "DIGEST", _apConfig.username.c_str(), _apConfig.password.c_str());
-    }
-    else
-      _responsePage->authentication(nullptr, nullptr);
+    // Regiter authentication
+    // Determine the necessity of authentication from the AutoConnectConfig settings
+    bool auth = (_apConfig.auth != AC_AUTH_NONE) &&
+                (_apConfig.authScope & AC_AUTHSCOPE_AC) &&
+                reqAuth;
+    _authentication(auth);
   }
 
   return elm;
 }
+
+/**
+ *  Allow the page set upped to authenticate.
+ *  The argument parameter indicates that authentication is allowed with
+ *  the condition of the AutoConnect.authScope setting.
+ *  It determines to except authentication in the captive portal state
+ *  when the EXCEPTCP is enabled.
+ *  @param allow  Indication of whether to authenticate with the page.
+ */ 
+void AutoConnect::_authentication(bool allow) {
+  const char* user = nullptr;
+  const char* password = nullptr;
+  HTTPAuthMethod  method = _apConfig.auth == AC_AUTH_BASIC ? HTTPAuthMethod::BASIC_AUTH : HTTPAuthMethod::DIGEST_AUTH;
+  String  fails;
+
+  // Enable authentication by setting of AC_AUTHSCOPE_DISCONNECTED even if WiFi is not connected.
+  if (WiFi.status() != WL_CONNECTED && (WiFi.getMode() & WIFI_AP)) {
+    String  accUrl = _webServer->hostHeader();
+    if ((accUrl != WiFi.softAPIP().toString()) && !accUrl.endsWith(F(".local"))) {
+      if (_apConfig.authScope & AC_AUTHSCOPE_EXCEPTCP)
+        allow = false;
+    }
+  }
+
+  if (allow) {
+    // Regiter authentication method
+    user = _apConfig.username.c_str();
+    password = _apConfig.password.c_str();
+    fails = String(FPSTR(AutoConnect::_ELM_HTML_HEAD)) + String(F("</head><body>" AUTOCONNECT_TEXT_AUTHFAILED "</body></html>"));
+    AC_DBG_DUMB(",%s+%s/%s", method == HTTPAuthMethod::BASIC_AUTH ? "BASIC" : "DIGEST", user, password);
+  }
+  _responsePage->authentication(user, password, method, AUTOCONNECT_AUTH_REALM, fails);
+}
diff --git a/src/AutoConnectTypes.h b/src/AutoConnectTypes.h
index b761403..168755c 100644
--- a/src/AutoConnectTypes.h
+++ b/src/AutoConnectTypes.h
@@ -48,9 +48,11 @@ typedef enum AC_OTA {
 
 /**< Scope of certification influence */
 typedef enum AC_AUTHSCOPE {
-  AC_AUTHSCOPE_PARTIAL,      // Available for particular AUX-pages.
-  AC_AUTHSCOPE_AUX,          // All AUX-pages are affected by an authentication.
-  AC_AUTHSCOPE_PORTAL        // All AutoConnect pages are affected by an authentication.
+  AC_AUTHSCOPE_PARTIAL  = 0x0001, // Available for particular AUX-pages.
+  AC_AUTHSCOPE_AUX      = 0x0002, // All AUX-pages are affected by an authentication.
+  AC_AUTHSCOPE_AC       = 0x0004, // Allow authentication to AutoConnect pages.
+  AC_AUTHSCOPE_PORTAL   = AC_AUTHSCOPE_AC | AC_AUTHSCOPE_AUX, // All AutoConnect pages are affected by an authentication.
+  AC_AUTHSCOPE_EXCEPTCP = 0x8000  // Ignore authentication even if AP only.
 } AC_AUTHSCOPE_t;
 
 /**< A type to enable authentication. */