• Skip to main content
  • Skip to primary sidebar

RNTLab.com

The Ultimate Shortcut to Learn Electronics and Programming with Open Source Hardware and Software

  • Courses
  • Forum
    • Forum
    • Ask Question
  • Shop
  • Account
  • Blog
  • Login

Code Flow in Authentication module of Building Web Servers

Q&A Forum › Code Flow in Authentication module of Building Web Servers
0 Vote Up Vote Down
Joe Margevicius asked 3 years ago
8 Answers
0 Vote Up Vote Down
Joe Margevicius answered 3 years ago

I am doing the Authentication module in Building Web Servers (module 4.2), and it’s confusing.  Do I understand it correctly that when the browser initiates a conversation with the server, and it is confirmed by the ESP that “!request ->authenticate” (i.e. no authenticate request was sent by the browser), then the ESP server will send the requestAuthentication(), along with the files?  Is this request interpreted by the browser as “bring up the login page”?

As a related question, the explanation in the eBook talks about the logout process, and even has a function labeled logoutButton — but there is no button in the webpage like that…. surprisingly, the concept of logon seems to be missing.  Mention is made of the logged_out.html, but what triggers this?  Can this be clarified?  Thanks !

0 Vote Up Vote Down
Sara Santos Staff answered 3 years ago

Hi.
Yes to your first question.
 
As for the logout. There isn’t a button, there is an icon to logout, see the following tag:

<h1>ESP WEB SERVER &nbsp;&nbsp; <i class="fas fa-user-slash
icon-pointer" onclick="logoutButton()"></i></span></h1>

 
When you click on that fontawesome icon (fas fa-user-slash-icon-pointer), it calls the logoutButton() function that is on the javascript file.
The logoutButton() function makes a request on the /logout URL. The ESP sends back the logout page.

xhr.open("GET", "/logout", true);

After a second, it makes a request on the /logged-out URL which is what actually logs out the user.

setTimeout(function(){ window.open("/logged-out","_self"); },

Maybe this is a bit confusing. Let me know if it is more clear now or if you need some more clarification.
 
Regards,
Sara

0 Vote Up Vote Down
Joe Margevicius answered 3 years ago

Hi Sara … still a little confusing. Focusing on the 2 AsyncWeb statements: server.on(“/”…) and server.serveStatic(“/”…) ….. if the authentication parts are left off, this is a normal conversation: the browser pokes the server with a “/” and the server responds with both of these 2 functions. When the authentication stuff to both these functions is added, which is it that triggers the input form: the server.serveStatic()’s .setAuthentication or the fact that request->authenticate in the server.on() function is now checking for additional info from the browser and doesn’t find it (prompting it to send out the requestAuthentication).  I wish there were a better definition of this sequence of event, but I haven’t found any website I can read. Even the github site is a bit thin.  Finally, an additional question: according to what I read, when the server sends a 401 signal, that should prompt for a login … but it’s being sent on /logout …. uggh.   Thanks for any further clarification.

0 Vote Up Vote Down
Sara Santos Staff answered 3 years ago

Hi again.
 

The HyperText Transfer Protocol (HTTP) 401 Unauthorized response status code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.

So, after sending that 401, the user can no longer access the web page files until it logs in again. So, it is the same as logging out the user. We want this to happen when the user clicks on the logout icon, that will trigger the /logout request.
 
I guess that are different ways to do this. I’m not sure what is the best method.
 
Regards,
Sara

0 Vote Up Vote Down
Joe Margevicius answered 3 years ago

Thanks for that 401 clarification -, I’m still puzzled about who initiates the authentication window popup:  1) the server.serveStatic()’s .setAuthentication or 2) the fact that the server.on(‘/”…) is specifying that there be a request->authenticate.  Thanks for you patience with me !  (useful to know in case there is no serveStatic() )

0 Vote Up Vote Down
Sara Santos Staff answered 3 years ago

Hi again.
It’s the following line (option 2) if you’re accessing the web server on the root URL:
return request->requestAuthentication();
Regards,
Sara

0 Vote Up Vote Down
Joe Margevicius answered 3 years ago

Thanks Sara … you’ve been a great help.  You can close this issue.

0 Vote Up Vote Down
Sara Santos Staff answered 3 years ago

Ok.
If you need further help, you just need to open a new question in our forum.
Regards,
Sara

Primary Sidebar

Login to Ask or Answer Questions

This Forum is private and it’s only available for members enrolled in our Courses.

Login »

Latest Course Updates

  • [New Edition] Build ESP32-CAM Projects eBook – 2nd Edition April 16, 2025
  • [eBook Updated] Learn ESP32 with Arduino IDE eBook – Version 3.2 April 16, 2025

You must be logged in to view this content.

Contact Support - Refunds - Privacy - Terms - MakerAdvisor.com - Member Login

Copyright © 2013-2025 · RandomNerdTutorials.com · All Rights Reserved

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.