Authentication Failure Content Incorrect

[rdnn]

PsychicHttp/src/PsychicRequest.cpp

Line 507 in b719b48

response.setContent(authStr.c_str());

I believe this should be:

response.setContent(authFailMsg);

[mathieucarbou]

The code is right, the bug is elsewhere.

Response object has:

const char * _body;

Instead of:

String _body

So when the caller method exits, authStr is deallocated and the pointer to its underlying char array does not exist anymore. Sadly this is what the response object still points to

I saw similar dereferencing issues in the v2 branch we are working on.

Blindly fixing that using String might cause some heap memory issues.

Ideally we should stream directly the body to the wire (or the IDF API) but I don't know if this is possible.

@hoeken : FYI

[rdnn]

The code is right, the bug is elsewhere.

authFailMsg is never used in PsychicRequest::requestAuthentication(). The code, as is, uses authStr for the header and content, which I don't believe is the desired behavior.

[mathieucarbou]

The code is right, the bug is elsewhere.

authFailMsg is never used in PsychicRequest::requestAuthentication(). The code, as is, uses authStr for the header and content, which I don't believe is the desired behavior.

Oh sorry! Yes you are right for the usage. The description of the failure should be returned.
Though it requires the pointer to still be valid, plus, content type is fixed to htm.
This part of the code will be changed to a middleware in v2 which is more flexible and which can be applied to several endpoints.