From d5d1a9982fa076e5ec69bd7e1dcc4a768bd5f192 Mon Sep 17 00:00:00 2001
From: Bernhard Kirchen <schlimmchen@posteo.net>
Date: Mon, 30 Sep 2024 15:53:30 +0200
Subject: [PATCH] Fix: force websocket clients to authenticate

when changing the security settings (disabling read-only access or
changing the password), existing websocket connections are now closed,
forcing the respective clients to authenticate (with the new password).
otherwise, existing websocket clients keep connected even though the
security settings now expect authentication with a (changed) password.
---
 src/WebApi_ws_console.cpp | 3 +++
 src/WebApi_ws_live.cpp    | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/src/WebApi_ws_console.cpp b/src/WebApi_ws_console.cpp
index 4dd2d693..51035f6f 100644
--- a/src/WebApi_ws_console.cpp
+++ b/src/WebApi_ws_console.cpp
@@ -36,8 +36,11 @@ void WebApiWsConsoleClass::reload()
 
     if (config.Security.AllowReadonly) { return; }
 
+    _ws.enable(false);
     _simpleDigestAuth.setPassword(config.Security.Password);
     _ws.addMiddleware(&_simpleDigestAuth);
+    _ws.closeAll();
+    _ws.enable(true);
 }
 
 void WebApiWsConsoleClass::wsCleanupTaskCb()
diff --git a/src/WebApi_ws_live.cpp b/src/WebApi_ws_live.cpp
index c4b4a1f1..29c204a3 100644
--- a/src/WebApi_ws_live.cpp
+++ b/src/WebApi_ws_live.cpp
@@ -50,8 +50,11 @@ void WebApiWsLiveClass::reload()
 
     if (config.Security.AllowReadonly) { return; }
 
+    _ws.enable(false);
     _simpleDigestAuth.setPassword(config.Security.Password);
     _ws.addMiddleware(&_simpleDigestAuth);
+    _ws.closeAll();
+    _ws.enable(true);
 }
 
 void WebApiWsLiveClass::wsCleanupTaskCb()