From 041565a7d7d1ece5e8615f247f613e33591256c7 Mon Sep 17 00:00:00 2001
From: Mathieu Carbou <mathieu.carbou@gmail.com>
Date: Tue, 1 Oct 2024 11:11:27 +0200
Subject: [PATCH] Fix memory leak on successive call to setAuthentication (as
 reported in https://github.com/tbnobody/OpenDTU/pull/2320)

---
 src/ESPAsyncWebServer.h |  3 ++-
 src/WebHandlers.cpp     | 14 +++++++-------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/ESPAsyncWebServer.h b/src/ESPAsyncWebServer.h
index b37cf98..eb28473 100644
--- a/src/ESPAsyncWebServer.h
+++ b/src/ESPAsyncWebServer.h
@@ -717,7 +717,8 @@ class AsyncWebRewrite {
 
 class AsyncWebHandler : public AsyncMiddlewareChain {
   protected:
-    ArRequestFilterFunction _filter{nullptr};
+    ArRequestFilterFunction _filter = nullptr;
+    AuthenticationMiddleware* _authMiddleware = nullptr;
 
   public:
     AsyncWebHandler() {}
diff --git a/src/WebHandlers.cpp b/src/WebHandlers.cpp
index ef976e5..7c3a7dc 100644
--- a/src/WebHandlers.cpp
+++ b/src/WebHandlers.cpp
@@ -28,13 +28,13 @@ AsyncWebHandler& AsyncWebHandler::setFilter(ArRequestFilterFunction fn) {
   return *this;
 }
 AsyncWebHandler& AsyncWebHandler::setAuthentication(const char* username, const char* password) {
-  if (username == nullptr || password == nullptr || strlen(username) == 0 || strlen(password) == 0)
-    return *this;
-  AuthenticationMiddleware* m = new AuthenticationMiddleware();
-  m->setUsername(username);
-  m->setPassword(password);
-  m->_freeOnRemoval = true;
-  addMiddleware(m);
+  if (!_authMiddleware) {
+    _authMiddleware = new AuthenticationMiddleware();
+    _authMiddleware->_freeOnRemoval = true;
+    addMiddleware(_authMiddleware);
+  }
+  _authMiddleware->setUsername(username);
+  _authMiddleware->setPassword(password);
   return *this;
 };