From 3efac7b7fac4f518c019e0e7856cff0c5277c662 Mon Sep 17 00:00:00 2001
From: Axel Lin <axel.lin@ingics.com>
Date: Wed, 23 Dec 2020 21:14:25 +0800
Subject: [PATCH] mqtt_msg: Set zero length username if password is set without
 username

Some cloud server (e.g. exosite) takes empty username with password.

When password is set without username, the current esp-mqtt implementation will
ignore the username and only set password. This violates MQTT-3.1.2-22 [1].
To address this issue, send zero length username if password is set without username.

[1] MQTT-3.1.2-22: If the User Name Flag is set to 0 then the Password Flag MUST be set to 0.

Signed-off-by: Axel Lin <axel.lin@ingics.com>
---
 lib/mqtt_msg.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/mqtt_msg.c b/lib/mqtt_msg.c
index c884577..5f1c6fe 100644
--- a/lib/mqtt_msg.c
+++ b/lib/mqtt_msg.c
@@ -410,6 +410,17 @@ mqtt_message_t *mqtt_msg_connect(mqtt_connection_t *connection, mqtt_connect_inf
     }
 
     if (info->password != NULL && info->password[0] != '\0') {
+        if (info->username == NULL || info->username[0] == '\0') {
+            /* In case if password is set without username, we need to set a zero length username.
+             * (otherwise we violate: MQTT-3.1.2-22: If the User Name Flag is set to 0 then the Password Flag MUST be set to 0.)
+             */
+            if (append_string(connection, "", 0) < 0) {
+                return fail_message(connection);
+            }
+
+            variable_header[flags_offset] |= MQTT_CONNECT_FLAG_USERNAME;
+        }
+
         if (append_string(connection, info->password, strlen(info->password)) < 0) {
             return fail_message(connection);
         }