From 53855a4bf8a2c31fae417c692d512cd10af00b80 Mon Sep 17 00:00:00 2001
From: Terje Io <terjeio@users.noreply.github.com>
Date: Mon, 1 Aug 2022 19:44:08 +0200
Subject: [PATCH] Added masking of password settings values for WebUI clients.

---
 README.md    |  4 ++--
 changelog.md | 19 ++++++++++++++++++-
 grbl.h       |  2 +-
 settings.c   | 21 ++++++++++++++++++---
 settings.h   |  2 ++
 5 files changed, 41 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 7b39ac5..b17d875 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ It has been written to complement grblHAL and has features such as proper keyboa
 
 ---
 
-Latest build date is 20220731, see the [changelog](changelog.md) for details.  
+Latest build date is 20220801, see the [changelog](changelog.md) for details.  
 __NOTE:__ A settings reset will be performed on an update for versions earlier than 20211122. Backup and restore of settings is recommended.  
 __IMPORTANT!__  A new setting has been introduced for ganged axes motors in version 20211121.  
 I have only bench tested this for a couple of drivers, correct function should be verified after updating by those who have more than three motors configured.  
@@ -84,4 +84,4 @@ List of Supported G-Codes:
 Some [plugins](https://github.com/grblHAL/plugins) implements additional M-codes.
 
 ---
-2022-07-29
+2022-08-01
diff --git a/changelog.md b/changelog.md
index 0de313e..2f64e5e 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,23 @@
 ## grblHAL changelog
 
+20220801 \(2\):
+
+Core:
+
+* Added masking of password settings values for WebUI clients.
+
+Plugins:
+
+* Networking: more include file fixes.  
+
+* WebUI: Fixed incorrect type mapping for password settings.
+
+Drivers:
+
+* ESP32, STM32F7xx, iMXRT1062: added actual MCU frequency to new HAL struct field \(used by WebUI for reporting system information\).  
+
+---
+
 20220801:
 
 Core:
@@ -10,7 +28,6 @@ Plugins:
 
 * Networking: fixed some include files dependencies that caused issues in some configurations.  
 
-
 * WebUI: added missing guards for SD card enabled and new compile time option. Added missing status message to file listings.
 
 Drivers:
diff --git a/grbl.h b/grbl.h
index 46f3993..0f30e0d 100644
--- a/grbl.h
+++ b/grbl.h
@@ -34,7 +34,7 @@
 #else
 #define GRBL_VERSION "1.1f"
 #endif
-#define GRBL_BUILD 20220901
+#define GRBL_BUILD 20220801
 
 // The following symbols are set here if not already set by the compiler or in config.h
 // Do NOT change here!
diff --git a/settings.c b/settings.c
index 33c95e2..a45f956 100644
--- a/settings.c
+++ b/settings.c
@@ -1459,8 +1459,11 @@ char *setting_get_value (const setting_detail_t *setting, uint_fast16_t offset)
                     value = uitoa(*((uint32_t *)(setting->value)));
                     break;
 
-                case Format_String:
                 case Format_Password:
+                    value = hal.stream.state.webui_connected ? PASSWORD_MASK : ((char *)(setting->value));
+                    break;
+
+                case Format_String:
                 case Format_IPv4:
                     value = ((char *)(setting->value));
                     break;
@@ -1480,8 +1483,11 @@ char *setting_get_value (const setting_detail_t *setting, uint_fast16_t offset)
                     value = ftoa(((setting_get_float_ptr)(setting->get_value))(id), get_decimal_places(setting->format));
                     break;
 
-                case Format_String:
                 case Format_Password:
+                    value = hal.stream.state.webui_connected ? "********" : ((setting_get_string_ptr)(setting->get_value))(id);
+                    break;
+
+                case Format_String:
                 case Format_IPv4:
                     value = ((setting_get_string_ptr)(setting->get_value))(id);
                     break;
@@ -2178,8 +2184,17 @@ status_code_t setting_validate_me (const setting_detail_t *setting, float value,
                 status = Status_BadNumberFormat;
             break;
 
-        case Format_String:
         case Format_Password:
+            {
+                uint_fast16_t len = strlen(svalue);
+                if(hal.stream.state.webui_connected && len == strlen(PASSWORD_MASK) && !strcmp(PASSWORD_MASK, svalue))
+                    status = Status_InvalidStatement;
+                else
+                    status = validate_value(setting, (float)len);
+            }
+            break;
+
+        case Format_String:
             {
                 uint_fast16_t len = strlen(svalue);
                 status = validate_value(setting, (float)len);
diff --git a/settings.h b/settings.h
index 552cc93..98135c0 100644
--- a/settings.h
+++ b/settings.h
@@ -42,6 +42,8 @@
 
 #define SETTINGS_HARD_RESET_REQUIRED "\\n\\nNOTE: A hard reset of the controller is required after changing this setting."
 
+#define PASSWORD_MASK "********"
+
 typedef enum {
     Setting_PulseMicroseconds = 0,
     Setting_StepperIdleLockTime = 1,