search

arendst / Tasmota

Alternative firmware for ESP8266 and ESP32 based devices with easy configuration using webUI, OTA updates, automation using timers or rules, expandability and entirely local control over MQTT, HTTP, Serial or KNX. Full documentation at
https://tasmota.github.io/docs
GNU General Public License v3.0
22.26k stars 4.82k forks source link

Web UI saves wrong MQTT authentication data #15996

Closed jpicht closed 2 years ago

jpicht commented 2 years ago

PROBLEM DESCRIPTION

Saving empty mqtt username and password in the web UI results in the defaults being saved and used.

REQUESTED INFORMATION

Make sure your have performed every step and checked the applicable boxes before submitting your issue. Thank you!

- [x] Provide the output of this command: `Status 0`:
```lua
  STATUS 0 output here:
09:35:26.230 CMD: Status 0
09:35:26.241 MQT: stat/tasmota_XXXXXX/STATUS = {"Status":{"Module":1,"DeviceName":"test","FriendlyName":["test"],"Topic":"tasmota_XXXXXX","ButtonTopic":"0","Power":0,"PowerOnState":3,"LedState":1,"LedMask":"FFFF","SaveData":1,"SaveState":1,"SwitchTopic":"0","SwitchMode":[0,0,0,0,0,0,0,0],"ButtonRetain":0,"SwitchRetain":0,"SensorRetain":0,"PowerRetain":0,"InfoRetain":0,"StateRetain":0}}
09:35:26.251 MQT: stat/tasmota_XXXXXX/STATUS1 = {"StatusPRM":{"Baudrate":115200,"SerialConfig":"8N1","GroupTopic":"tasmotas","OtaUrl":"http://ota.tasmota.com/tasmota/release/tasmota.bin.gz","RestartReason":"Software/System restart","Uptime":"0T00:12:38","StartupUTC":"2022-07-16T08:22:48","Sleep":50,"CfgHolder":4617,"BootCount":10,"BCResetTime":"2022-07-16T09:07:51","SaveCount":26,"SaveAddress":"FA000"}}
09:35:26.262 MQT: stat/tasmota_XXXXXX/STATUS2 = {"StatusFWR":{"Version":"12.0.2(tasmota)","BuildDateTime":"2022-06-20T12:41:03","Boot":31,"Core":"2_7_4_9","SDK":"2.2.2-dev(38a443e)","CpuFrequency":80,"Hardware":"ESP8285","CR":"337/699"}}
09:35:26.269 MQT: stat/tasmota_XXXXXX/STATUS3 = {"StatusLOG":{"SerialLog":2,"WebLog":2,"MqttLog":0,"SysLog":3,"LogHost":"nas","LogPort":1514,"SSId":["XXX",""],"TelePeriod":300,"Resolution":"558180C0","SetOption":["00008009","2805C80001000600003C5A0A190000000000","00000080","00006000","00004000","00000000"]}}
09:35:26.282 MQT: stat/tasmota_XXXXXX/STATUS4 = {"StatusMEM":{"ProgramSize":619,"Free":384,"Heap":23,"ProgramFlashSize":1024,"FlashSize":1024,"FlashChipId":"144051","FlashFrequency":40,"FlashMode":3,"Features":["00000809","8F9AC787","04368001","000000CF","010013C0","C000F981","00004004","00001000","14000020","00000000"],"Drivers":"1,2,3,4,5,6,7,8,9,10,12,16,18,19,20,21,22,24,26,27,29,30,35,37,45,62","Sensors":"1,2,3,4,5,6"}}
09:35:26.291 MQT: stat/tasmota_XXXXXX/STATUS5 = {"StatusNET":{"Hostname":"tasmota-XXXXXX-XXXX","IPAddress":"xxx.xxx.xxx.114","Gateway":"xxx.xxx.xxx.1","Subnetmask":"255.255.255.0","DNSServer1":"xxx.xxx.xxx.1","DNSServer2":"0.0.0.0","Mac":"7C:87:CE:XX:XX:XX","Webserver":2,"HTTP_API":1,"WifiConfig":4,"WifiPower":17.0}}
09:35:26.298 MQT: stat/tasmota_XXXXXX/STATUS6 = {"StatusMQT":{"MqttHost":"xxx.xxx.xxx.129","MqttPort":1883,"MqttClientMask":"DVES_%06X","MqttClient":"DVES_XXXXXX","MqttUser":"","MqttCount":1,"MAX_PACKET_SIZE":1200,"KEEPALIVE":30,"SOCKET_TIMEOUT":4}}
09:35:26.306 MQT: stat/tasmota_XXXXXX/STATUS7 = {"StatusTIM":{"UTC":"2022-07-16T08:35:26","Local":"2022-07-16T09:35:26","StartDST":"2022-03-27T02:00:00","EndDST":"2022-10-30T03:00:00","Timezone":"+01:00","Sunrise":"05:04","Sunset":"20:48"}}
09:35:26.314 MQT: stat/tasmota_XXXXXX/STATUS10 = {"StatusSNS":{"Time":"2022-07-16T09:35:26"}}
09:35:26.321 MQT: stat/tasmota_XXXXXX/STATUS11 = {"StatusSTS":{"Time":"2022-07-16T09:35:26","Uptime":"0T00:12:38","UptimeSec":758,"Heap":23,"SleepMode":"Dynamic","Sleep":50,"LoadAvg":19,"MqttCount":1,"POWER":"OFF","Wifi":{"AP":1,"SSId":"XXX","BSSId":"08:55:31:XX:XX:XX","Channel":8,"Mode":"11n","RSSI":94,"Signal":-53,"LinkCount":1,"Downtime":"0T00:00:03"}}}


Obtained via syslog, because the restart made it very hard to get the weblog.

### TO REPRODUCE
Clear "User" and "Password" fields in web UI and press save

### EXPECTED BEHAVIOUR
Anonymous authentication to mqtt broker.

### SCREENSHOTS
_If applicable, add screenshots to help explain your problem._

### ADDITIONAL CONTEXT
_Add any other context about the problem here._

**(Please, remember to close the issue when the problem has been addressed)**
ascillato commented 2 years ago

Hi,

Sorry, clear user and/or blank password are not supported in the WebUI.

You should configure an user and a password in your MQTT broker, or clear them by console commands.

sfromis commented 2 years ago

You do not need to have any user/password in your broker, my Tasmota + Mosquitto setup runs just fine allowing anonymous connections.

ascillato commented 2 years ago

You do not need to have any user/password in your broker, my Tasmota + Mosquitto setup runs just fine allowing anonymous connections.

Yes, exactly. That is because by default Tasmota has user/pass as blank. Fixing my previous comment. Thanks.

@jpicht In order to put the default blank user/pass, please, go to the console and type:

backlog MqttPassword 0;MqttUser 0

Clearing the user/pass by the webUI is not supported.

sfromis commented 2 years ago

While my standard Tasmota config sequence clears MQTT user/password, the default is not blank, but DVES_USER/DVES_PASS. This still works with my Mosquitto broker allowing anonymous connections, and not having any DVES_USER configured. New client connected from 192.168.xxx.xxx:58282 as xxxxxxxx (p2, c1, k30, u'DVES_USER') (I don't know how other brokers may handle undefined users when allowing anonymous connections)

joba-1 commented 2 years ago

Ha! For me this is the longest standing tasmota mystery. What is DVES?

Have configured my mqtt broker to allow anonymous access, which just works. So I never looked it up

arendst commented 2 years ago

DVES is short for device esp