<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">Mark,<br>
      <br>
      awesome, I'll have a look and try running the new version at the
      weekend.<br>
      <br>
      Regarding config restructuring see OvmsConfig::upgrade().<br>
      <br>
      Regards,<br>
      Michael<br>
      <br>
      <br>
      Am 11.03.20 um 08:00 schrieb Mark Webb-Johnson:<br>
    </div>
    <blockquote type="cite"
      cite="mid:1D56D7C3-54B9-4064-BE5E-30D2485ECE28@webb-johnson.net">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <div class=""><br class="">
      </div>
      This seems stable to me now. Running well, with no outstanding
      issues (at least in the configuration I am running).
      <div class=""><br class="">
      </div>
      <div class="">The code is all committed to github, and
        documentation in the usual place:</div>
      <div class=""><br class="">
      </div>
      <blockquote style="margin: 0 0 0 40px; border: none; padding:
        0px;" class=""><a
          href="https://docs.openvehicles.com/en/latest/server/index.html"
          class="" moz-do-not-send="true">https://docs.openvehicles.com/en/latest/server/index.html</a></blockquote>
      <div class="">
        <div><br class="">
        </div>
        <div>I’m now going to look at the OVMS module firmware to see if
          it is possible to support this scheme 0x31 in a neat way. The
          config ’server.v2’ directory is a little messy at the moment
          (password stored there, rather than in password/server.v2, so
          the whole config section needs to be read-only).</div>
        <div><br class="">
        </div>
        <div>Regards, Mark.</div>
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">On 6 Mar 2020, at 12:54 PM, Mark Webb-Johnson
              <<a href="mailto:mark@webb-johnson.net" class=""
                moz-do-not-send="true">mark@webb-johnson.net</a>>
              wrote:</div>
            <br class="Apple-interchange-newline">
            <div class="">
              <meta http-equiv="Content-Type" content="text/html;
                charset=UTF-8" class="">
              <div style="word-wrap: break-word; -webkit-nbsp-mode:
                space; line-break: after-white-space;" class="">
                <div class=""><br class="">
                </div>
                Wow, that was a lot more complex than I anticipated (in
                particular, making vehicleid’s unique per owner, not
                globally unique). 3,000 monolithic lines to 4,000
                structured lines. Code has been committed to GitHub, and
                is running live on <a
                  href="http://api.openvehicles.com/" class=""
                  moz-do-not-send="true">api.openvehicles.com</a> now.
                <div class=""><br class="">
                </div>
                <div class="">Warning: There may (will) be bugs. If
                  killed all the obvious ones, but running live is still
                  showing up some edge cases. I don’t recommend anybody
                  else runs this in production yet (particularly as
                  rolling back would be non-trivial, as a result of the
                  database changes).</div>
                <div class=""><br class="">
                </div>
                <div class="">Major changes include:</div>
                <div class=""><br class="">
                </div>
                <div class="">
                  <ol class="MailOutline">
                    <li class="">Complete restructuring, to be plugin
                      based. This allows optional functionality to be
                      installed (for example, if you don’t require
                      drupal integration don’t enable that plugin), as
                      well as new plugins to be developed. The list of
                      plugins I am using on my production server are: <span
                        style="caret-color: rgb(0, 0, 0);" class="">VECE,
                        DbDBI, AuthDrupal, ApiV2, Push, PushAPNS,
                        PushGCM, PushMAIL, ApiHttp, ApiHttpCore, and
                        ApiHttpMqapi.<br class="">
                        <br class="">
                      </span></li>
                    <li class=""><font class=""><span
                          style="caret-color: rgb(0, 0, 0);" class="">The
                          system is designed to be installed and run
                          from a github clone. Just clone the server
                          repository, change directory to v3/server,
                          configure and run appropriately. The
                          .gitignore file allows changes to be made to
                          the configuration without affecting the master
                          github.<br class="">
                        </span></font><br class="">
                    </li>
                    <li class="">Database format upgrades. See
                      server/ovms_server_v2_to_v2.sql for the schema
                      changes. If upgrading, you must deploy these
                      database changes (just ’source’ the script in the
                      mysql console). The upgrade may take a while (in
                      particular, the last stage for historical data).<br
                        class="">
                      <br class="">
                    </li>
                    <li class="">The database no longer requires vehicle
                      IDs to be globally unique. However, there are some
                      caveats:<br class="">
                      <br class="">
                    </li>
                    <ul class="">
                      <li class="">The v2 crypto 0x30 scheme only sends
                        the vehicle ID, not the owner’s username (so if
                        there are two vehicles in the database with the
                        same vehicle ID, we don’t know which one is the
                        correct one). If you use that scheme (as
                        everything does nowadays), vehicle ID still
                        needs to be globally unique for you. For this
                        reason, my Drupal vehicle plugin still checks
                        and enforces unique IDs. The 0x30 login system
                        won’t allow you to login to a vehicle who’s ID
                        has more than one owner. Going forward, as we
                        move away from 0x30 and ’server password’, this
                        will become less of an issue.<br class="">
                        <br class="">
                      </li>
                      <li class="">The new v3 crypto 0x31 scheme sends
                        username as well as vehicle ID, so supports
                        per-user vehicle IDs.<br class="">
                        <br class="">
                      </li>
                      <li class="">The HTTP API sends username, so
                        supports per-user vehicle IDs.<br class="">
                        <br class="">
                      </li>
                      <li class="">Perhaps we should move to ‘VIN’ as
                        vehicle ID?<br class="">
                        <br class="">
                      </li>
                    </ul>
                    <li class="">The new crypto scheme 0x31 is much
                      simpler to use, and script. Preferable, IMHO - but
                      requires SSL/TLS for protection.<br class="">
                      <br class="">
                    </li>
                    <li class="">I’ve added support for API tokens, and
                      love how they have turned out. I recommend this as
                      the best approach going forward. Each token
                      belongs to a particular owner, and has privilege
                      rights associated with it. Tokens can be created
                      and revoked by the owner. It is much easier to see
                      which application (or car) has access to what. For
                      example, the car module can ask for
                      username+password, use that to obtain a token,
                      store it locally and use that for authentication
                      going forward (with no need to store the server
                      password at all).<br class="">
                      <br class="">
                    </li>
                    <li class="">Plugin authentication works well.
                      Extend with new mechanisms as required. The
                      ‘Authenticate’ plugin callback is merely passed
                      username+password and returns the permissions
                      granted.<br class="">
                      <br class="">
                    </li>
                    <li class="">Push notifications are nicely modular
                      and extendable. Already supports APNS, GCM, and
                      MAIL.<br class="">
                      <br class="">
                    </li>
                    <li class="">I’ve called it v3, because this
                      architecture will be able to cooperate with MQTT
                      (for things like HTTP API, authentication,
                      historical data, push notifications, etc).</li>
                  </ol>
                </div>
                <div class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <div class="">Still todo:</div>
                    <div class=""><br class="">
                    </div>
                    <div class="">
                      <ul class="MailOutline">
                        <li class="">An option for automatic vehicle
                          registration (easy).<br class="">
                          <br class="">
                        </li>
                        <li class="">Improvements to the token
                          allocation API (in particular to retrieve
                          existing tokens for specific application usage
                          such as car modules).<br class="">
                          <br class="">
                        </li>
                        <li class="">A few miscellaneous functions not
                          often used.<br class="">
                          <br class="">
                        </li>
                        <li class="">Documentation. I’ve documented the
                          API changes (both v2 protocol for 0x31, and
                          HTTP API extensions for authentication options
                          and api tokens), but still to document
                          installation and configuration instructions
                          for the server itself.<br class="">
                          <br class="">
                        </li>
                        <li class="">Administrator access. Still
                          deciding the best way to handle this. Perhaps
                          ’administrative api tokens’.<br class="">
                          <br class="">
                        </li>
                        <li class="">Permissions and Rights. The core is
                          there, but need to extend to everything and
                          document what rights are used for what. This
                          is only relevant for api tokens anyway (as the
                          other two authentication methods grant ‘*’
                          rights anyway).</li>
                      </ul>
                    </div>
                    <div class=""><br class="">
                    </div>
                    <div class="">Final warning: Please don’t deploy
                      this in productions systems yet. Changes are
                      massive.</div>
                    <div class=""><br class="">
                    </div>
                    <div class="">Regards, Mark.</div>
                    <div class=""><br class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">On 28 Feb 2020, at 3:47 PM, Mark
                        Webb-Johnson <<a
                          href="mailto:mark@webb-johnson.net" class=""
                          moz-do-not-send="true">mark@webb-johnson.net</a>>
                        wrote:</div>
                      <br class="Apple-interchange-newline">
                      <div class="">
                        <meta http-equiv="Content-Type"
                          content="text/html; charset=UTF-8" class="">
                        <div style="word-wrap: break-word;
                          -webkit-nbsp-mode: space; line-break:
                          after-white-space;" class="">
                          <div class=""><br class="">
                          </div>
                          The new framework is running now on my
                          development bench, and seems good. It was a
                          major re-structuring, so I’ve upped the
                          version to 3.0 (particularly as this is going
                          to end up connecting to MQTT for HTTP API,
                          database logging, push notifications,
                          authentication, etc). I should finish my
                          testing this weekend, then bring it up on <a
                            href="http://api.openvehicles.com/" class=""
                            moz-do-not-send="true">api.openvehicles.com</a>.
                          Others should migrate to it with care.
                          <div class=""><br class="">
                          </div>
                          <div class="">Regarding the authentication, I
                            have almost finished implementing:</div>
                          <div class=""><br class="">
                          </div>
                          <div class="">
                            <ul class="MailOutline">
                              <li class="">An Auth Token facility (with
                                authtokens stored against an associated
                                owner ID).</li>
                              <ul class="">
                                <li class="">The HTTP API (using
                                  username+password authentication) can
                                  be used to issue new tokens, as well
                                  as enquire on the tokens already
                                  issued.</li>
                                <li class="">The HTTP API can be used to
                                  enumerate registered vehicles, and
                                  otherwise maintain them.</li>
                                <li class="">The drupal website
                                  extension will be extended to also
                                  allow viewing and maintenance of
                                  tokens.</li>
                                <li class="">An authentication token is:</li>
                                <ul class="">
                                  <li class="">Owner ID (so zero or more
                                    tokens belong to this owner)</li>
                                  <li class="">Token issued by the
                                    server on request (the token itself,
                                    unique, and the primary key)</li>
                                  <li class="">Usage identifier
                                    (identifying the car module, app id,
                                    etc)</li>
                                  <li class="">Usage description (a
                                    textual description of the usage)</li>
                                  <li class="">Permissions (a permission
                                    string identifying what the token
                                    can be used for)</li>
                                  <li class="">Created date+time</li>
                                  <li class="">Updated date+time</li>
                                </ul>
                                <li class="">Requests for a new token
                                  are passed the usage identifier and
                                  description as parameters, and
                                  authenticated by username+password.</li>
                                <ul class="">
                                  <li class="">If a token already exists
                                    for that usage identifier, then the
                                    description is simply updated (along
                                    with updated date+time) and the
                                    token returned.</li>
                                  <li class="">If no token exists, a
                                    random one is created and returned
                                    (along with usage identifier,
                                    description, created and updated
                                    date+times).<br class="">
                                    <br class="">
                                  </li>
                                </ul>
                              </ul>
                              <li class="">An extension to MQTT
                                authentication API to allow
                                authentication either by
                                username+password, or
                                username+authtoken.<br class="">
                                <br class="">
                              </li>
                              <li class="">An extension to the HTTP API
                                to allow authentication by
                                username+token, in addition to the
                                existing username+password.<br class="">
                                <br class="">
                              </li>
                              <li class="">An extension to the V2 API to
                                allow authentication by
                                username+password or username+authtoken,
                                in addition to the existing
                                vehicled+serverpassword (crypto scheme
                                0x31).<br class="">
                                <br class="">
                              </li>
                              <li class="">An extension to the V2 API to
                                allow for optional automatic
                                registration of new vehicles (a
                                successful login with a non-existent
                                vehicle ID will simply create it with a
                                random server password).<br class="">
                                <br class="">
                              </li>
                              <li class="">Removed the restriction that
                                vehicle ID should be unique on the
                                server (now just unique for each user).<br
                                  class="">
                                <br class="">
                              </li>
                              <li class="">The preferred approach for a
                                new app/car connection will then be:</li>
                              <ul class="">
                                <li class="">The user is interactively
                                  asked to select a server and provide
                                  his username+password</li>
                                <li class="">A usage identifier and
                                  description is generated
                                  programatically</li>
                                <li class="">The HTTP API is used to
                                  obtain a token (or recall the token if
                                  previously registered)</li>
                                <li class="">The username, usage
                                  identifier, and token are stored
                                  persistently</li>
                                <li class="">The username, token, and
                                  vehicle ID is used to login using v2
                                  or v3 protocols<br class="">
                                  <br class="">
                                </li>
                              </ul>
                              <li class="">So, three complementary
                                authentication mechanisms are provided:</li>
                              <ul class="">
                                <li class="">The v2
                                  vehicleid+serverpassword mechanism
                                  (with full permissions to access that
                                  particular vehicle)</li>
                                <li class="">Username+Password mechanism
                                  (with full permission to maintain
                                  tokens, access all vehicles, and do
                                  everything)</li>
                                <li class="">Username+Token mechanism
                                  (with permissions specified on the
                                  token)</li>
                              </ul>
                            </ul>
                            <div class=""><br class="">
                            </div>
                            <div class="">Comments welcome, and we can
                              refine the above if necessary, but it is
                              at least a starting point. I am trying to
                              maintain as much flexibility as possible,
                              but at the same time make things easier
                              for the user. I’ve had four support
                              requests so far this week for people
                              messing up either the server they are
                              using (app api.openvehicles, car
                              dexters-web), the vehicle ID, or confusion
                              between all the passwords.</div>
                            <div class=""><br class="">
                            </div>
                            <div class="">Regards, Mark.<br class="">
                              <div class=""><br class="">
                                <blockquote type="cite" class="">
                                  <div class="">On 23 Feb 2020, at 8:54
                                    PM, Mark Webb-Johnson <<a
                                      href="mailto:mark@webb-johnson.net"
                                      class="" moz-do-not-send="true">mark@webb-johnson.net</a>>
                                    wrote:</div>
                                  <br class="Apple-interchange-newline">
                                  <div class="">
                                    <meta http-equiv="Content-Type"
                                      content="text/html; charset=UTF-8"
                                      class="">
                                    <div style="word-wrap: break-word;
                                      -webkit-nbsp-mode: space;
                                      line-break: after-white-space;"
                                      class="">
                                      <div dir="auto" style="word-wrap:
                                        break-word; -webkit-nbsp-mode:
                                        space; line-break:
                                        after-white-space;" class="">This
                                        is turning into a bigger job
                                        than I imagined. "Give a mouse a
                                        cookie", and all that.
                                        <div class=""><br class="">
                                        </div>
                                        <div class="">The ovms_server.pl
                                          has gotten horrendous over the
                                          years. Almost 3,000 monolithic
                                          lines of code, 4 server
                                          listeners, three different
                                          types of server, push
                                          notifications, database
                                          synchronisation, etc. I tried
                                          turning on ‘use strict’ and it
                                          showed up a bunch of bugs and
                                          errors.</div>
                                        <div class=""><br class="">
                                        </div>
                                        <div class="">So, I am
                                          refactoring it to a plugin
                                          architecture. That should make
                                          it more maintainable, and also
                                          provide a foundation for it to
                                          work better with the v3 MQTT.
                                          I suggest people hold off from
                                          making any changes to the
                                          server code in the next few
                                          days.</div>
                                        <div class=""><br class="">
                                        </div>
                                        <div class="">Regards, Mark<br
                                            class="">
                                          <div class="">
                                            <div class=""><br class="">
                                              <blockquote type="cite"
                                                class="">
                                                <div class="">On 21 Feb
                                                  2020, at 9:48 PM, Mark
                                                  Webb-Johnson <<a
                                                    href="mailto:mark@webb-johnson.net"
                                                    class=""
                                                    moz-do-not-send="true">mark@webb-johnson.net</a>>
                                                  wrote:</div>
                                                <br
                                                  class="Apple-interchange-newline">
                                                <div class="">
                                                  <meta
                                                    http-equiv="content-type"
                                                    content="text/html;
                                                    charset=UTF-8"
                                                    class="">
                                                  <div dir="auto"
                                                    class="">
                                                    <div dir="ltr"
                                                      class="">Ok. I
                                                      will rework a
                                                      modular approach.
                                                      Should be able to
                                                      get this done over
                                                      the weekend.</div>
                                                    <div dir="ltr"
                                                      class=""><br
                                                        class="">
                                                    </div>
                                                    <div dir="ltr"
                                                      class="">Yes,
                                                      strict and warn
                                                      would help.</div>
                                                    <div dir="ltr"
                                                      class=""><br
                                                        class="">
                                                    </div>
                                                    <div dir="ltr"
                                                      class="">Mark</div>
                                                    <div dir="ltr"
                                                      class=""><br
                                                        class="">
                                                    </div>
                                                    <div dir="ltr"
                                                      class="">P.S.
                                                      Explains why
                                                      nobody used the
                                                      http api on my
                                                      server :-)</div>
                                                    <div dir="ltr"
                                                      class=""><br
                                                        class="">
                                                      <blockquote
                                                        type="cite"
                                                        class="">On 21
                                                        Feb 2020, at
                                                        9:35 PM, Michael
                                                        Balzer <<a
                                                          href="mailto:dexter@expeedo.de"
                                                          class=""
                                                          moz-do-not-send="true">dexter@expeedo.de</a>>
                                                        wrote:<br
                                                          class="">
                                                        <br class="">
                                                      </blockquote>
                                                    </div>
                                                    <blockquote
                                                      type="cite"
                                                      class="">
                                                      <div dir="ltr"
                                                        class="">
                                                        <meta
                                                          http-equiv="Content-Type"
content="text/html; charset=UTF-8" class="">
                                                        Thanks Mark,<br
                                                          class="">
                                                        <br class="">
                                                        I must have been
                                                        blind… but perl
                                                        also never fails
                                                        to amaze me in
                                                        terms of
                                                        "compiles fine,
                                                        but won't run"
                                                        -- $ph isn't
                                                        defined anywhere
                                                        else. Maybe
                                                        "strict" mode
                                                        would have told
                                                        me about that.<br
                                                          class="">
                                                        <br class="">
                                                        And I didn't
                                                        think about meta
                                                        data in the
                                                        hash. You're
                                                        right, we need
                                                        to pass both
                                                        values to the
                                                        function. And I
                                                        need to rework
                                                        my password
                                                        hashing…<br
                                                          class="">
                                                        <br class="">
                                                        A modular
                                                        solution seems
                                                        to be best, easy
                                                        to add custom
                                                        implementations
                                                        and to provide
                                                        some standard
                                                        modules.<br
                                                          class="">
                                                        <br class="">
                                                        Regards,<br
                                                          class="">
                                                        Michael<br
                                                          class="">
                                                        <br class="">
                                                        <br class="">
                                                        <div
                                                          class="moz-cite-prefix">Am
                                                          21.02.20 um
                                                          12:15 schrieb
                                                          Mark
                                                          Webb-Johnson:<br
                                                          class="">
                                                        </div>
                                                        <blockquote
                                                          type="cite"
                                                          cite="mid:F4FAF182-04FF-4255-AAB6-6D7C1F9F565B@webb-johnson.net"
                                                          class="">
                                                          <meta
                                                          http-equiv="Content-Type"
content="text/html; charset=UTF-8" class="">
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          An alternative
                                                          would be to
                                                          implement a
                                                          server
                                                          authentication
                                                          module, and to
                                                          ‘require’ that
                                                          into the
                                                          system at
                                                          startup:
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class=""><br
                                                          class="">
                                                          require
                                                          $config->val('db',’pw_module’,’auth_none.pl’);</blockquote>
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class=""><br
                                                          class="">
                                                          </blockquote>
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class="">…</blockquote>
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class=""><br
                                                          class="">
                                                          </blockquote>
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class="">If
                                                          (&auth_password_check($passwordhash,
                                                          $password))</blockquote>
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class="">  ...</blockquote>
                                                          <div class="">
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">Provide
                                                          a
                                                          ‘auto_none.pl’:</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class="">
                                                          <div class="">
                                                          <div class="">#!/usr/bin/perl</div>
                                                          </div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">sub
auth_password_check</div>
                                                          <div class=""> 
                                                          {</div>
                                                          <div class=""> 
                                                          my
                                                          ($hash,$password)
                                                          = @_;</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class=""> 
                                                          return 0;</div>
                                                          <div class=""> 
                                                          }</div>
                                                          </blockquote>
                                                          <div class="">
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">Then
                                                          a
                                                          ‘auth_drupal7.pl’,
‘auth_sha1.pl’, etc.</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">This
                                                          could also be
                                                          done in a perl
                                                          modular
                                                          fashion by
                                                          having the
                                                          module
                                                          provided as an
                                                          object (using
                                                          ‘use …’).
                                                          Probably
                                                          cleaner than
                                                          the old-style
                                                          require.</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">That
                                                          is much more
                                                          extendable and
                                                          standardised.
                                                          In particular,
                                                          there is also
                                                          code that
                                                          syncs Drupal
                                                          users to
                                                          ovms_owners
                                                          (svr_tim) and
                                                          if we have a
                                                          separate
                                                          module that
                                                          drupal-dependant
                                                          code could be
                                                          removed from
                                                          ovms_server.pl.</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">Is
                                                          that a better
                                                          solution?</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">Regards,
                                                          Mark.</div>
                                                          <div class=""><br
                                                          class="">
                                                          <blockquote
                                                          type="cite"
                                                          class="">
                                                          <div class="">On
                                                          21 Feb 2020,
                                                          at 11:37 AM,
                                                          Mark
                                                          Webb-Johnson
                                                          <<a
                                                          href="mailto:mark@webb-johnson.net"
                                                          class=""
                                                          moz-do-not-send="true">mark@webb-johnson.net</a>>
                                                          wrote:</div>
                                                          <br
                                                          class="Apple-interchange-newline">
                                                          <div class="">
                                                          <meta
                                                          http-equiv="Content-Type"
content="text/html; charset=UTF-8" class="">
                                                          <div
                                                          style="word-wrap:
                                                          break-word;
                                                          -webkit-nbsp-mode:
                                                          space;
                                                          line-break:
                                                          after-white-space;"
                                                          class="">Michael,
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">Just
                                                          before your
                                                          commit, the
                                                          server code
                                                          was:</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class="">
                                                          <div class="">
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">my
                                                          $passwordhash
                                                          =
                                                          $row->{'pass'};</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">if
                                                          (&drupal_password_check($passwordhash,
                                                          $password))</span></font></div>
                                                          </div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">…</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class="">
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">sub
                                                          drupal_password_check</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  {</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
($ph,$password) = @_;</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $iter_log2 =
                                                          index($itoa64,substr($ph,3,1));</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $iter_count =
                                                          1 <<
                                                          $iter_log2;</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $phash =
                                                          substr($ph,0,12);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $salt =
                                                          substr($ph,4,8);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $hash =
                                                          sha512($salt.$password);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  do</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">    {</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">   
                                                          $hash =
                                                          sha512($hash.$password);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">   
                                                          $iter_count--;</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">    }
                                                          while
                                                          ($iter_count
                                                          > 0);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $encoded =
                                                          substr($phash
                                                          .
                                                          &drupal_password_base64_encode($hash,length($hash)),0,55);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""> 
                                                          return
                                                          ($encoded eq
                                                          $ph);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  }</span></font></div>
                                                          </div>
                                                          </blockquote>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">Your
                                                          change was:</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class="">
                                                          <div class="">
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">#
                                                          User password
                                                          encoding
                                                          function:</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">my
                                                          $pw_encode    
                                                             =
                                                          $config->val('db','pw_encode','drupal_password($password)’);</span></font></div>
                                                          </div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">…</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class="">
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">my
                                                          $passwordhash
                                                          =
                                                          $row->{'pass'};</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">my
                                                          $encoded =
                                                          eval
                                                          $pw_encode;</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">if
                                                          ($encoded eq
                                                          $passwordhash)</span></font></div>
                                                          </div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">…</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class="">
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">sub
                                                          drupal_password</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  {</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          ($password) =
                                                          @_;</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $iter_log2 =
                                                          index($itoa64,substr($ph,3,1));</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $iter_count =
                                                          1 <<
                                                          $iter_log2;</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $phash =
                                                          substr($ph,0,12);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $salt =
                                                          substr($ph,4,8);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $hash =
                                                          sha512($salt.$password);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  do</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">    {</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">   
                                                          $hash =
                                                          sha512($hash.$password);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">   
                                                          $iter_count--;</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">    }
                                                          while
                                                          ($iter_count
                                                          > 0);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  my
                                                          $encoded =
                                                          substr($phash
                                                          .
                                                          &drupal_password_base64_encode($hash,length($hash)),0,55);</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""><br
                                                          class="">
                                                          </span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class=""> 
                                                          return
                                                          $encoded;</span></font></div>
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">  }</span></font></div>
                                                          </div>
                                                          </blockquote>
                                                          <div class="">
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">You
                                                          changed the
                                                          parameters
                                                          from
                                                          ($ph,$password)
                                                          to just
                                                          ($password),
                                                          but the
                                                          drupal_password
                                                          function still
                                                          needs to use
                                                          $ph (the hash)
                                                          to extract
                                                          meta data to
                                                          set the
                                                          encoding
                                                          parameters.</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">The
                                                          problem is
                                                          that Drupal
                                                          (and others)
                                                          has a strong
                                                          hashing
                                                          function with
                                                          multiple
                                                          iterations.
                                                          The meta data
                                                          for that is
                                                          stored in the
                                                          password hash
                                                          itself. The
                                                          unix crypt
                                                          library does
                                                          something
                                                          similar (with
                                                          the encoding
                                                          method and
                                                          salt stored as
                                                          meta data in
                                                          the hash).
                                                          Just storing
                                                          passwords as
                                                          straight
                                                          hashes (md5,
                                                          sha1, etc) is
                                                          fundamentally
                                                          not secure, as
                                                          it is trivial
                                                          to use rainbow
                                                          tables to
                                                          break the
                                                          hashes - so
                                                          most modern
                                                          systems use
                                                          iterations,
                                                          salts, or
                                                          other
                                                          techniques to
                                                          limit the
                                                          effectiveness
                                                          of rainbow
                                                          tables and
                                                          make brute
                                                          force
                                                          approaches
                                                          computationally
                                                          unfeasible.</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">For
                                                          many systems,
                                                          we can only
                                                          encode a
                                                          password in
                                                          the same way
                                                          as a previous
                                                          encoding if we
                                                          know the meta
                                                          data of the
                                                          previous
                                                          encoding (and
                                                          that is stored
                                                          in the hash).
                                                          Hence we need
                                                          the hash as a
                                                          parameter, to
                                                          extract the
                                                          meta data to
                                                          be able to
                                                          encode the new
                                                          password in
                                                          the same way.</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">This
                                                          won’t just
                                                          affect drupal,
                                                          but any system
                                                          with a
                                                          non-trivial
                                                          password
                                                          hashing
                                                          function.</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">So,
                                                          pw_encode()
                                                          needs both the
                                                          old hash as
                                                          well as the
                                                          plaintext
                                                          password to
                                                          encode. At
                                                          which point, I
                                                          think it
                                                          becomes easier
                                                          to make it
                                                          simply
                                                          pw_check()
                                                          returning a
                                                          boolean. It
                                                          also seems
                                                          easier to me
                                                          to do that as
                                                          a plugin
                                                          function
                                                          (pw_check vs
                                                          pw_encode) as
                                                          it will allow
                                                          other
                                                          non-trivial
                                                          hashing
                                                          comparisons if
                                                          required. For
                                                          example, say
                                                          you needed to
                                                          check the
                                                          password
                                                          against an
                                                          external
                                                          lookup (ldap,
                                                          etc).</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">Regards,
                                                          Mark.</div>
                                                          <div class=""><br
                                                          class="">
                                                          <blockquote
                                                          type="cite"
                                                          class="">
                                                          <div class="">On
                                                          21 Feb 2020,
                                                          at 1:12 AM,
                                                          Michael Balzer
                                                          <<a
                                                          href="mailto:dexter@expeedo.de"
                                                          class=""
                                                          moz-do-not-send="true">dexter@expeedo.de</a>>
                                                          wrote:</div>
                                                          <br
                                                          class="Apple-interchange-newline">
                                                          <div class="">
                                                          <meta
                                                          http-equiv="Content-Type"
content="text/html; charset=UTF-8" class="">
                                                          <div class="">
                                                          Mark,<br
                                                          class="">
                                                          <br class="">
                                                          I did 1b73a7f8
                                                          to split the
                                                          "create &
                                                          compare
                                                          password"
                                                          function into
                                                          separate
                                                          "create" &
                                                          "compare"
                                                          steps, and
                                                          introduced the
                                                          "pw_encode"
                                                          config hook to
                                                          be able to
                                                          supply just a
                                                          custom
                                                          "create"
                                                          operation.
                                                          That
                                                          simplifies the
                                                          config (see
                                                          example).<br
                                                          class="">
                                                          <br class="">
                                                          That change
                                                          has been
                                                          working since
                                                          2016 on my
                                                          server. I see
                                                          you
                                                          reintroduced
                                                          the "create
                                                          & compare"
                                                          function as a
                                                          separate
                                                          function for
                                                          the MQTT auth,
                                                          but don't see
                                                          why that was
                                                          needed. I also
                                                          don't see why
                                                          the separated
                                                          function was
                                                          broken on your
                                                          server. Can
                                                          you please
                                                          elaborate? I'd
                                                          like to
                                                          understand
                                                          what was going
                                                          wrong.<br
                                                          class="">
                                                          <br class="">
                                                          With reverting
                                                          to the "create
                                                          &
                                                          compare", this
                                                          breaks the
                                                          configuration
                                                          of servers not
                                                          using Drupal.
                                                          Essentially,
                                                          the new
                                                          "pw_check"
                                                          hook does just
                                                          the previous
                                                          "pw_encode"
                                                          and adds the
                                                          comparison to
                                                          that, so I'd
                                                          rather opt for
                                                          adding a
                                                          default
                                                          function here
                                                          that simply
                                                          reuses the
                                                          existing
                                                          "pw_encode"
                                                          hook.<br
                                                          class="">
                                                          <br class="">
                                                          Regards,<br
                                                          class="">
                                                          Michael<br
                                                          class="">
                                                          <br class="">
                                                          <br class="">
                                                          <div
                                                          class="moz-cite-prefix">Am
                                                          20.02.20 um
                                                          04:09 schrieb
                                                          Mark
                                                          Webb-Johnson:<br
                                                          class="">
                                                          </div>
                                                          <blockquote
                                                          type="cite"
                                                          cite="mid:F48FF6EE-9CB9-4DB5-8106-BE4CD73C5AE3@webb-johnson.net"
                                                          class="">
                                                          <meta
                                                          http-equiv="Content-Type"
content="text/html; charset=UTF-8" class="">
                                                          Even stranger.
                                                          This
                                                          conversation
                                                          obviously
                                                          triggered
                                                          someone to try
                                                          it and then
                                                          raise a
                                                          support ticket
                                                          that HTTP API
                                                          authentication
                                                          didn’t work.
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">It
                                                          seems  a
                                                          change was
                                                          made back
                                                          in 2016-02-01
                                                          23:59:22
                                                          (1b73a7f8)
                                                          that broke the
                                                          pw_encode
                                                          function
                                                          (drupal_password).
                                                          It was also
                                                          weird because
                                                          we had
                                                          drupal_password
                                                          and
                                                          drupal_password_check
                                                          functions,
                                                          doing pretty
                                                          much the same
                                                          thing (one
                                                          used by HTTP
                                                          API and the
                                                          other by MQ
                                                          authentication).</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">I
                                                          standardised
                                                          to use a new
                                                          pw_check
                                                          (overridable
                                                          in the config)
                                                          parameter,
                                                          which defaults
                                                          to:</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <blockquote
                                                          style="margin:
                                                          0 0 0 40px;
                                                          border: none;
                                                          padding: 0px;"
                                                          class="">
                                                          <div class=""><font
                                                          class=""
                                                          face="Andale
                                                          Mono"><span
                                                          style="font-style:
                                                          normal;
                                                          font-size:
                                                          14px;"
                                                          class="">drupal_password_check($passwordhash,$password)</span></font></div>
                                                          </blockquote>
                                                          <div class="">
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">and
                                                          stopped using
                                                          the pw_encode
                                                          config value.
                                                          I also changed
                                                          the MQ
                                                          authentication
                                                          stuff to use
                                                          the same
                                                          pw_check
                                                          parameter (so
                                                          both
                                                          authentication
                                                          uses are now
                                                          able to be
                                                          changed in the
                                                          same config).
                                                          If using
                                                          something
                                                          other than
                                                          drupal, just
                                                          need to change
                                                          the pw_check
                                                          parameter in
                                                          the config.</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">I
                                                          realise that
                                                          this may break
                                                          other users of
                                                          the server,
                                                          but it doesn’t
                                                          seem a
                                                          difficult fix
                                                          to make, and
                                                          is a much
                                                          better
                                                          approach.</div>
                                                          <div class=""><br
                                                          class="">
                                                          </div>
                                                          <div class="">Regards,
                                                          Mark</div>
                                                          <div class=""><br
                                                          class="">
                                                          <blockquote
                                                          type="cite"
                                                          class="">
                                                          <div class="">On
                                                          19 Feb 2020,
                                                          at 1:53 PM,
                                                          Mark
                                                          Webb-Johnson
                                                          <<a
                                                          href="mailto:mark@webb-johnson.net"
                                                          class=""
                                                          moz-do-not-send="true">mark@webb-johnson.net</a>>
                                                          wrote:</div>
                                                          <br
                                                          class="Apple-interchange-newline">
                                                          <div class="">
                                                          <div class="">Strange.
                                                          I have zero
                                                          using mine.
                                                          Must be a EU
                                                          thing?<br
                                                          class="">
                                                          <br class="">
                                                          I’ll keep it
                                                          in mind and
                                                          try not to
                                                          break
                                                          anything.<br
                                                          class="">
                                                          <br class="">
                                                          Regards, Mark.<br
                                                          class="">
                                                          <br class="">
                                                          <blockquote
                                                          type="cite"
                                                          class="">On 18
                                                          Feb 2020, at
                                                          8:41 PM,
                                                          Michael Balzer
                                                          <<a
                                                          href="mailto:dexter@expeedo.de"
                                                          class=""
                                                          moz-do-not-send="true">dexter@expeedo.de</a>>
                                                          wrote:<br
                                                          class="">
                                                          <br class="">
                                                          Mark,<br
                                                          class="">
                                                          <br class="">
                                                          grep "main:
                                                          http" in the
                                                          log: yes, I've
                                                          got some users
                                                          accessing the
                                                          API
                                                          frequently.<br
                                                          class="">
                                                          <br class="">
                                                          Usage is
                                                          mostly
                                                          /api/charge
                                                          followed by
                                                          /api/status
                                                          &
                                                          /api/historical,
                                                          but almost all
                                                          calls have
                                                          been used
                                                          during the
                                                          last days.<br
                                                          class="">
                                                          <br class="">
                                                          Regards,<br
                                                          class="">
                                                          Michael<br
                                                          class="">
                                                          <br class="">
                                                          <br class="">
                                                          Am 18.02.20 um
                                                          04:28 schrieb
                                                          Mark
                                                          Webb-Johnson:<br
                                                          class="">
                                                          <blockquote
                                                          type="cite"
                                                          class="">Is
                                                          anyone here
                                                          using the HTTP
                                                          API at all?<br
                                                          class="">
                                                          <br class="">
                                                          It seems so
                                                          tied to the v2
                                                          protocol, as
                                                          to not be much
                                                          use.<br
                                                          class="">
                                                          <br class="">
                                                          Regards, Mark.<br
                                                          class="">
_______________________________________________<br class="">
                                                          OvmsDev
                                                          mailing list<br
                                                          class="">
                                                          <a
                                                          href="mailto:OvmsDev@lists.openvehicles.com"
                                                          class=""
                                                          moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a><br
                                                          class="">
                                                          <a
                                                          class="moz-txt-link-freetext"
href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev"
                                                          moz-do-not-send="true">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a><br
                                                          class="">
                                                          </blockquote>
                                                          <br class="">
                                                          <br class="">
                                                          -- <br
                                                          class="">
                                                          Michael Balzer
                                                          * Helkenberger
                                                          Weg 9 *
                                                          D-58256
                                                          Ennepetal<br
                                                          class="">
                                                          Fon 02333 /
                                                          833 5735 *
                                                          Handy 0176 /
                                                          206 989 26<br
                                                          class="">
                                                          <br class="">
                                                          <br class="">
_______________________________________________<br class="">
                                                          OvmsDev
                                                          mailing list<br
                                                          class="">
                                                          <a
                                                          href="mailto:OvmsDev@lists.openvehicles.com"
                                                          class=""
                                                          moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a><br
                                                          class="">
                                                          <a
                                                          class="moz-txt-link-freetext"
href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev"
                                                          moz-do-not-send="true">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a><br
                                                          class="">
                                                          </blockquote>
                                                          <br class="">
_______________________________________________<br class="">
                                                          OvmsDev
                                                          mailing list<br
                                                          class="">
                                                          <a
                                                          href="mailto:OvmsDev@lists.openvehicles.com"
                                                          class=""
                                                          moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a><br
                                                          class="">
                                                          <a
                                                          class="moz-txt-link-freetext"
href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev"
                                                          moz-do-not-send="true">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a><br
                                                          class="">
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          <br class="">
                                                          </div>
                                                          <br class="">
                                                          <fieldset
                                                          class="mimeAttachmentHeader"></fieldset>
                                                          <pre class="moz-quote-pre" wrap="">_______________________________________________
OvmsDev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OvmsDev@lists.openvehicles.com" moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a>
<a class="moz-txt-link-freetext" href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev" moz-do-not-send="true">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a>
</pre>
                                                          </blockquote>
                                                          <br class="">
                                                          <pre class="moz-signature" cols="160">-- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
</pre>
                                                          </div>
_______________________________________________<br class="">
                                                          OvmsDev
                                                          mailing list<br
                                                          class="">
                                                          <a
                                                          href="mailto:OvmsDev@lists.openvehicles.com"
                                                          class=""
                                                          moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a><br
                                                          class="">
                                                          <a
                                                          href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev"
                                                          class=""
                                                          moz-do-not-send="true">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a><br
                                                          class="">
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          <br class="">
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          <br class="">
                                                          </div>
                                                          <br class="">
                                                          <fieldset
                                                          class="mimeAttachmentHeader"></fieldset>
                                                          <pre class="moz-quote-pre" wrap="">_______________________________________________
OvmsDev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OvmsDev@lists.openvehicles.com" moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a>
<a class="moz-txt-link-freetext" href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev" moz-do-not-send="true">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a>
</pre>
                                                        </blockquote>
                                                        <br class="">
                                                        <pre class="moz-signature" cols="160">-- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
</pre>
                                                        <span class="">_______________________________________________</span><br
                                                          class="">
                                                        <span class="">OvmsDev
                                                          mailing list</span><br
                                                          class="">
                                                        <span class=""><a
href="mailto:OvmsDev@lists.openvehicles.com" class=""
                                                          moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a></span><br
                                                          class="">
                                                        <span class=""><a
href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev" class=""
                                                          moz-do-not-send="true">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a></span><br
                                                          class="">
                                                      </div>
                                                    </blockquote>
                                                  </div>
                                                </div>
                                              </blockquote>
                                            </div>
                                            <br class="">
                                          </div>
                                        </div>
                                      </div>
                                    </div>
_______________________________________________<br class="">
                                    OvmsDev mailing list<br class="">
                                    <a
                                      href="mailto:OvmsDev@lists.openvehicles.com"
                                      class="" moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a><br
                                      class="">
                                    <a
                                      href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev"
                                      class="" moz-do-not-send="true">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a><br
                                      class="">
                                  </div>
                                </blockquote>
                              </div>
                              <br class="">
                            </div>
                          </div>
                        </div>
                        _______________________________________________<br
                          class="">
                        OvmsDev mailing list<br class="">
                        <a href="mailto:OvmsDev@lists.openvehicles.com"
                          class="" moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a><br
                          class="">
                        <a
                          href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev"
                          class="" moz-do-not-send="true">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a><br
                          class="">
                      </div>
                    </blockquote>
                  </div>
                  <br class="">
                </div>
              </div>
              _______________________________________________<br
                class="">
              OvmsDev mailing list<br class="">
              <a href="mailto:OvmsDev@lists.openvehicles.com" class=""
                moz-do-not-send="true">OvmsDev@lists.openvehicles.com</a><br
                class="">
              <a class="moz-txt-link-freetext" href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a><br
                class="">
            </div>
          </blockquote>
        </div>
        <br class="">
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
OvmsDev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OvmsDev@lists.openvehicles.com">OvmsDev@lists.openvehicles.com</a>
<a class="moz-txt-link-freetext" href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a>
</pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="144">-- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
</pre>
  </body>
</html>