From 78c7a3cbfad37e0512abbc4815044b64362569b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thibaut=20VAR=C3=88NE?= <hacks@slashdirt.org>
Date: Tue, 23 May 2023 10:12:47 +0200
Subject: [PATCH] uspot: handler-uam: improve auth-client()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Simplify the query string parsing logic, allow empty password.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
---
 .../files/usr/share/uspot/handler-uam.uc      | 23 ++++++++-----------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/feeds/ucentral/uspot/files/usr/share/uspot/handler-uam.uc b/feeds/ucentral/uspot/files/usr/share/uspot/handler-uam.uc
index 25979ed19..4a0d1df55 100644
--- a/feeds/ucentral/uspot/files/usr/share/uspot/handler-uam.uc
+++ b/feeds/ucentral/uspot/files/usr/share/uspot/handler-uam.uc
@@ -13,21 +13,16 @@ function auth_client(ctx) {
 	let payload = portal.radius_init(ctx);
 
 	payload.logoff_url = sprintf('http://%s:%s/logoff', ctx.env.SERVER_ADDR, ctx.config.uam_port);
-	if (ctx.query_string.username && ctx.query_string.password && !ctx.config.uam_secret) {
+	if (ctx.query_string.username) {	// username must be set
 		payload.username = ctx.query_string.username;
-		payload.password = ctx.query_string.password;
-	} else if (ctx.query_string.username && ctx.query_string.response) {
-		let challenge = uam.md5(ctx.config.challenge, ctx.format_mac);
-
-		payload.username = ctx.query_string.username;
-		payload.chap_password = ctx.query_string.response;
-		if (ctx.config.secret)
-			payload.chap_challenge = uam.chap_challenge(challenge, ctx.config.uam_secret);
-		else
-			payload.chap_challenge = challenge;
-	} else if (ctx.query_string.username && ctx.query_string.password) {
-		payload.username = ctx.query_string.username;
-		payload.password = uam.password(uam.md5(ctx.config.challenge, ctx.format_mac), ctx.query_string.password, ctx.config.uam_secret);
+		if (ctx.query_string.response) {	// try challenge first
+			let challenge = uam.md5(ctx.config.challenge, ctx.format_mac);
+			payload.chap_password = ctx.query_string.response;
+			payload.chap_challenge = ctx.config.secret ? uam.chap_challenge(challenge, ctx.config.uam_secret) : challenge;
+		} else if ("password" in ctx.query_string) {	// allow empty password
+			payload.password = !ctx.config_uam_secret ? ctx.query_string.password :
+				uam.password(uam.md5(ctx.config.challenge, ctx.format_mac), ctx.query_string.password, ctx.config.uam_secret);
+		}
 	} else {
 		include('error.uc', ctx);
 		return;