Add support for WPA-Enterprise

[benjaminkraus]

This change adds support for enterprise WiFi requiring a username and anonymous identity.

This change is a revival of this old PR: #3195

The WiFi setup page was augmented with a drop-down menu to choose between "None/WPA/WPA2" and "WPA/WPA2-Enterprise". When you select "WPA/WPA2-Enterprise", two new fields are shown to enter your anonymous identity and identity (username).

I tested using an ESP32.

Fixes #2749

Summary by CodeRabbit

• New Features

  • Added WPA2-Enterprise (PEAP) WiFi support.
  • New WiFi settings: encryption type selector plus Anonymous Identity and Identity fields.
  • Enterprise credentials are saved and restored per WiFi profile.

• Improvements

  • Connection flow now supports both PSK and Enterprise paths with clearer status messages.
  • Reconnect behavior improved when encryption type or enterprise identities change.

• Compatibility

  • Enterprise support enabled/disabled per build targets to preserve existing behavior.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds WPA2-Enterprise support: new encryption-type constants, extended WiFiConfig with enterprise identity fields, UI and payload changes to collect/store enterprise anon/identity, JSON (de)serialization of new fields, and platform-conditional connection logic for enterprise authentication (ESP32/ESP8266 guarded).

Changes

Cohort / File(s)	Summary
Build config platformio.ini	Minor whitespace/formatting adjustments in env blocks (no functional changes).
Constants & Types wled00/const.h, wled00/fcn_declare.h	Added WIFI_ENCRYPTION_TYPE_PSK and WIFI_ENCRYPTION_TYPE_ENTERPRISE; extended WiFiConfig with encryptionType, enterpriseAnonIdentity, enterpriseIdentity and updated constructor signature/initialization to accept enc_type, ent_anon, ent_iden.
Configuration I/O wled00/cfg.cpp, wled00/xml.cpp	Deserialization now parses enc_type, e_anon_ident, e_ident into multiWiFi entries; serialization emits enc_type and, for ENTERPRISE entries, e_anon_ident and e_ident. getSettingsJS payload updated to include encryption type and enterprise identities.
Settings UI / Handler wled00/data/settings_wifi.htm, wled00/set.cpp	addWiFi() signature changed to addWiFi(type=0,ssid="",anon="",ident="",pass="",...); UI gains encryption-type selector and show/hide for anon/ident fields. set.cpp reads/writes encryptionType, enterpriseAnonIdentity, enterpriseIdentity per-entry, clears or copies enterprise fields based on type, and may set reconnect flags when values change.
Connection logic & includes wled00/wled.cpp, wled00/wled.h	initConnection() branches on encryptionType: PSK uses existing path; ENTERPRISE invokes platform-conditional enterprise APIs (ESP8266/ESP32) or falls back if feature disabled. wpa2_enterprise header included conditionally under ESP8266 when not disabled; added debug logging and platform guards.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Files span config, UI, serialization, runtime connection logic and platform-specific guards — heterogeneous, non-trivial interactions.
• Pay extra attention to:
  • WiFiConfig constructor signature change and backwards compatibility where instances are constructed.
  • Consistency and ordering of fields between xml.cpp serialization and cfg.cpp deserialization.
  • Platform guards and conditional includes around WPA2 Enterprise (ESP32 vs ESP8266, WLED_DISABLE_WPA_ENTERPRISE), and correct usage of platform-specific APIs.
  • All JS call sites and consumers of addWiFi() to ensure new parameter ordering is handled consistently.
  • Reconnect/forceReconnect logic in set.cpp when encryption type or enterprise identities change.

Suggested reviewers

• blazoncek
• netmindz
• softhack007

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add support for WPA-Enterprise' directly and clearly describes the main change: adding WPA2-Enterprise WiFi support to WLED.
Linked Issues check	✅ Passed	The PR addresses the core coding requirements from issue #2749: adds WPA2-Enterprise configuration (PEAP/MSCHAPv2), provides UI inputs for identity/anonymous identity, implements ESP32 enterprise APIs, and exposes the feature via the HTTP UI.
Out of Scope Changes check	✅ Passed	All code changes are directly related to implementing WPA2-Enterprise support. Minor formatting adjustments (whitespace, blank lines) in platformio.ini and wled.cpp are incidental and acceptable.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

wled00/set.cpp (1)

24-75: Identity change detection uses strncmp incorrectly

The new enterprise identity handling is functionally inverted:

• strncmp(...) returns 0 when strings are equal.
• The current code sets forceReconnect when the new anon/identity matches the old values, not when they differ:

if (!strncmp(multiWiFi[n].enterpriseAnonIdentity, oldAnon, 64)) {
  forceReconnect = true;
}
if (!strncmp(multiWiFi[n].enterpriseIdentity, oldIden, 64)) {
  forceReconnect = true;
}

This causes unnecessary reconnects when nothing changed and (more importantly) relies on other conditions to trigger reconnects when identities actually do change.

A minimal fix is to flip the condition and use the full buffer size:

-        if (!strncmp(multiWiFi[n].enterpriseAnonIdentity, oldAnon, 64)) {
-          forceReconnect = true;
-        }
-        if (!strncmp(multiWiFi[n].enterpriseIdentity, oldIden, 64)) {
-          forceReconnect = true;
-        }
+        if (strncmp(multiWiFi[n].enterpriseAnonIdentity, oldAnon, sizeof(oldAnon)) != 0) {
+          forceReconnect = true;
+        }
+        if (strncmp(multiWiFi[n].enterpriseIdentity, oldIden, sizeof(oldIden)) != 0) {
+          forceReconnect = true;
+        }

This will only set forceReconnect when either enterprise identity actually changed.

🧹 Nitpick comments (2)

wled00/wled.cpp (1)

684-723: Clarify behavior when WPA‑Enterprise is compiled out

Branching on multiWiFi[selectedWiFi].encryptionType and separating PSK vs WPA2‑Enterprise handling looks correct, including clearing ESP8266 enterprise state before PSK connects and using the PEAP WiFi.begin overload on ESP32.

One edge case: if WLED_DISABLE_WPA_ENTERPRISE is defined but a config/UI entry still has encryptionType == WIFI_ENCRYPTION_TYPE_ENTERPRISE, the else branch becomes empty and no WiFi.begin is issued, so the device will never actively try to connect for that SSID.

Consider normalizing such entries back to PSK (or logging a warning and ignoring the enterprise type) when enterprise support is disabled, so behavior is explicit rather than a silent no‑op.

wled00/fcn_declare.h (1)

71-74: Initializer list order does not match member declaration order.

encryptionType is declared on line 61, before staticIP/staticGW/staticSN (lines 64-66), but appears last in the initializer list. C++ initializes members in declaration order regardless of initializer list order, which triggers -Wreorder compiler warnings.

-  : staticIP(ip)
-  , staticGW(gw)
-  , staticSN(subnet)
-  , encryptionType(enc_type)
+  : encryptionType(enc_type)
+  , staticIP(ip)
+  , staticGW(gw)
+  , staticSN(subnet)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bb6114e and 7da7a60.

📒 Files selected for processing (9)

• platformio.ini (2 hunks)
• wled00/cfg.cpp (2 hunks)
• wled00/const.h (1 hunks)
• wled00/data/settings_wifi.htm (3 hunks)
• wled00/fcn_declare.h (1 hunks)
• wled00/set.cpp (2 hunks)
• wled00/wled.cpp (1 hunks)
• wled00/wled.h (1 hunks)
• wled00/xml.cpp (2 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

wled00/**/!(html_*)*.h

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use 2-space indentation for non-generated C++ header files (.h)

Files:

• wled00/const.h
• wled00/wled.h
• wled00/fcn_declare.h

wled00/**/*.cpp

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use 2-space indentation for C++ source files (.cpp)

Files:

• wled00/set.cpp
• wled00/cfg.cpp
• wled00/wled.cpp
• wled00/xml.cpp

platformio.ini

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use platformio.ini as the single source of truth for hardware build targets and settings

Files:

• platformio.ini

wled00/data/**/*.{htm,html,css,js}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use tabs for indentation in web files (.htm/.html/.css/.js) under wled00/data

Files:

• wled00/data/settings_wifi.htm

wled00/data/**

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

wled00/data/**: When modifying web UI files, run npm run build to regenerate embedded headers before any firmware build
For web UI changes, edit files only under wled00/data (not firmware or generated files)

Files:

• wled00/data/settings_wifi.htm

wled00/data/settings*.htm

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Name settings pages as settings*.htm within the web UI

Files:

• wled00/data/settings_wifi.htm

🧠 Learnings (15)

📚 Learning: 2025-10-05T15:24:05.545Z

Learnt from: CR
Repo: wled/WLED PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-10-05T15:24:05.545Z
Learning: Applies to wled00/html_*.h : DO NOT edit generated embedded web header files (wled00/html_*.h)

Applied to files:

• wled00/const.h
• wled00/data/settings_wifi.htm
• wled00/wled.h
• wled00/fcn_declare.h
• wled00/xml.cpp

📚 Learning: 2025-03-29T01:22:54.617Z

Learnt from: willmmiles
Repo: wled/WLED PR: 4623
File: usermods/word-clock-matrix/word-clock-matrix.cpp:332-332
Timestamp: 2025-03-29T01:22:54.617Z
Learning: In the WLED project, hardcoded usermod IDs (like 500 in the WordClockMatrix's getId() method) are intentionally used as part of a strategy to avoid modifying core code. There are plans to remove numeric usermod IDs entirely in the future.

Applied to files:

• wled00/const.h

📚 Learning: 2025-06-15T09:59:52.720Z

Learnt from: netmindz
Repo: wled/WLED PR: 4728
File: wled00/FX.h:378-378
Timestamp: 2025-06-15T09:59:52.720Z
Learning: In WLED's FX.h, MODE_COUNT represents the highest FX_MODE_ ID + 1, not the total count of FX_MODE_ definitions. This is because some effects may have been removed but their IDs are not reused, creating gaps in the numbering sequence. MODE_COUNT is used for array bounds and range checking.

Applied to files:

• wled00/const.h

📚 Learning: 2025-10-05T15:24:05.545Z

Learnt from: CR
Repo: wled/WLED PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-10-05T15:24:05.545Z
Learning: Applies to platformio.ini : Use platformio.ini as the single source of truth for hardware build targets and settings

Applied to files:

• platformio.ini

📚 Learning: 2025-11-22T20:33:14.840Z

Learnt from: softhack007
Repo: wled/WLED PR: 5107
File: boards/adafruit_matrixportal_esp32s3.json:1-66
Timestamp: 2025-11-22T20:33:14.840Z
Learning: In WLED, board JSON files in the boards/ directory may reference partition files that don't exist or have slightly different names than actual files in tools/. This is intentional because platformio.ini or platformio_override.sample.ini explicitly override the partition file using the board_build.partitions setting, which takes precedence over the board JSON partition reference. This pattern exists in multiple local board definitions and should not be flagged as an issue.

Applied to files:

• platformio.ini

📚 Learning: 2025-09-02T02:27:39.220Z

Learnt from: willmmiles
Repo: wled/WLED PR: 4890
File: lib/NeoESP32RmtHI/src/NeoEsp32RmtHI.S:8-16
Timestamp: 2025-09-02T02:27:39.220Z
Learning: The ESP32 macro is defined when compiling code on all ESP32 variants (ESP32, ESP32-S2, ESP32-S3, ESP32-C3, etc.) in the Arduino framework, providing consistent library compatibility across the entire ESP32 family. For target-specific detection, CONFIG_IDF_TARGET_* macros should be used instead.

Applied to files:

• platformio.ini

📚 Learning: 2025-09-02T01:45:58.047Z

Learnt from: willmmiles
Repo: wled/WLED PR: 4890
File: lib/NeoESP32RmtHI/include/NeoEsp32RmtHIMethod.h:31-36
Timestamp: 2025-09-02T01:45:58.047Z
Learning: For the NeoEsp32RmtHI driver, RISC-V ESP32-C3 support is currently disabled via bus_wrapper.h rather than compile-time guards, as the maintainer willmmiles is working on resolving underlying nested interrupt issues and prefers to centralize the workaround in one location.

Applied to files:

• platformio.ini

📚 Learning: 2025-02-19T12:43:34.199Z

Learnt from: blazoncek
Repo: wled/WLED PR: 4482
File: wled00/udp.cpp:147-149
Timestamp: 2025-02-19T12:43:34.199Z
Learning: ESP8266 and ESP32 platforms have different maximum segment name lengths in WLED, which can cause truncation when syncing segment names between devices. This platform difference affects the user experience when using the segment name sync feature.

Applied to files:

• platformio.ini
• wled00/wled.h

📚 Learning: 2025-10-05T15:24:05.545Z

Learnt from: CR
Repo: wled/WLED PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-10-05T15:24:05.545Z
Learning: Applies to wled00/data/** : For web UI changes, edit files only under wled00/data (not firmware or generated files)

Applied to files:

• wled00/data/settings_wifi.htm

📚 Learning: 2025-08-29T00:22:34.115Z

Learnt from: ksedgwic
Repo: wled/WLED PR: 4883
File: usermods/usermod_v2_skystrip/rest_json_client.cpp:40-46
Timestamp: 2025-08-29T00:22:34.115Z
Learning: For ESP32/ESP8266 HTTP requests in WLED, set timeouts on the underlying WiFiClient (using client.setTimeout()) before calling http_.begin(), rather than using HTTPClient::setTimeout(). This pattern is used successfully in the Klipper usermod to prevent connection hangs.

Applied to files:

• wled00/wled.cpp
• wled00/wled.h

📚 Learning: 2025-08-29T00:26:15.808Z

Learnt from: ksedgwic
Repo: wled/WLED PR: 4883
File: usermods/usermod_v2_skystrip/rest_json_client.h:6-14
Timestamp: 2025-08-29T00:26:15.808Z
Learning: WLED uses a vendored ArduinoJson library (version 6) located at "src/dependencies/json/ArduinoJson-v6.h" which is included through wled.h. Usermods should not directly include ArduinoJson headers but instead rely on wled.h for ArduinoJson symbols. The standard pattern is to include wled.h and use JsonObject, JsonArray, DynamicJsonDocument, etc. without additional includes.

Applied to files:

• wled00/wled.h

📚 Learning: 2025-08-29T00:26:15.808Z

Learnt from: ksedgwic
Repo: wled/WLED PR: 4883
File: usermods/usermod_v2_skystrip/rest_json_client.h:6-14
Timestamp: 2025-08-29T00:26:15.808Z
Learning: In WLED projects, ArduinoJson.h is not directly included via #include <ArduinoJson.h> - the ArduinoJson symbols are made available through the WLED build system and wled.h transitive includes, so explicitly adding #include <ArduinoJson.h> is not necessary and may not work.

Applied to files:

• wled00/wled.h

📚 Learning: 2025-10-05T15:24:05.545Z

Learnt from: CR
Repo: wled/WLED PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-10-05T15:24:05.545Z
Learning: Applies to wled00/html_*.h : Always commit generated html_*.h files along with related source changes

Applied to files:

• wled00/wled.h

📚 Learning: 2025-10-05T15:24:05.545Z

Learnt from: CR
Repo: wled/WLED PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-10-05T15:24:05.545Z
Learning: Applies to wled00/**/!(html_*)*.h : Use 2-space indentation for non-generated C++ header files (.h)

Applied to files:

• wled00/wled.h

📚 Learning: 2025-08-29T01:34:34.358Z

Learnt from: willmmiles
Repo: wled/WLED PR: 4853
File: wled00/util.cpp:779-781
Timestamp: 2025-08-29T01:34:34.358Z
Learning: On ESP8266 systems, avoid adding no-op stub functions across translation units due to limited code memory constraints, as the compiler cannot inline away the function calls, resulting in wasteful memory usage.

Applied to files:

• wled00/wled.h

🧬 Code graph analysis (1)

wled00/wled.cpp (1)

wled00/util.cpp (2)

• prepareHostname (131-152)
• prepareHostname (131-131)

🔇 Additional comments (7)

platformio.ini (1)

519-532: Formatting-only changes – build matrix unaffected

The edits here are purely whitespace/comment tweaks in existing envs; no PlatformIO options or default envs changed, so hardware targets and settings remain consistent with platformio.ini being the single source of truth.

Also applies to: 640-657

wled00/cfg.cpp (1)

90-128: WiFi enterprise fields are serialized/deserialized consistently and remain backward‑compatible

enc_type defaults to PSK when missing, and enterprise identities are only emitted when encryptionType == WIFI_ENCRYPTION_TYPE_ENTERPRISE, so old configs still load as PSK while new WPA‑Enterprise data round‑trips correctly.

Also applies to: 866-887

wled00/wled.h (1)

76-96: Scoped ESP8266 WPA‑Enterprise include looks correct

Conditionally including wpa2_enterprise.h only on ESP8266 and only when WLED_DISABLE_WPA_ENTERPRISE is not defined cleanly encapsulates the feature without impacting ESP32 builds.

wled00/const.h (1)

211-214: WiFi encryption type constants integrate cleanly

Defining WIFI_ENCRYPTION_TYPE_PSK and WIFI_ENCRYPTION_TYPE_ENTERPRISE as simple macros is consistent with the rest of this header and matches how the new UI, config, and connection code branch on encryption type.

wled00/xml.cpp (1)

190-212: JS WiFi payload now aligned with enterprise config model

The updated addWiFi(...) call correctly passes encryptionType, anonymous identity, and identity alongside the existing fields, in the same parameter order that settings_wifi.htm expects, while keeping the password masked and IP fields encoded as before.

wled00/data/settings_wifi.htm (1)

90-99: WiFi settings UI is correctly extended for Enterprise mode

The updated addWiFi() signature, ET/EA/EI field names, and the new E(i) helper cleanly add WPA/WPA2‑Enterprise support on the page: PSK vs Enterprise is selectable per network, enterprise identities are only shown when needed, and the naming aligns with what xml.cpp emits and set.cpp consumes.

Also applies to: 121-145, 197-205

wled00/fcn_declare.h (1)

59-82: LGTM on the WiFiConfig struct extension for WPA-Enterprise support.

The buffer handling is correct: strncpy with explicit null-termination prevents overflow, and the 65-byte buffers adequately accommodate enterprise identity fields. WIFI_ENCRYPTION_TYPE_PSK is properly defined in const.h and included before fcn_declare.h in the compilation chain, ensuring the default parameter value is accessible. The struct cleanly extends existing WiFi configuration to support enterprise authentication.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7da7a60 and baee3c6.

📒 Files selected for processing (3)

• wled00/fcn_declare.h (2 hunks)
• wled00/set.cpp (3 hunks)
• wled00/wled.cpp (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• wled00/wled.cpp

🧰 Additional context used

📓 Path-based instructions (2)

wled00/**/*.cpp

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use 2-space indentation for C++ source files (.cpp)

Files:

• wled00/set.cpp

wled00/**/!(html_*)*.h

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use 2-space indentation for non-generated C++ header files (.h)

Files:

• wled00/fcn_declare.h

🧠 Learnings (2)

📚 Learning: 2025-11-30T15:29:00.726Z

Learnt from: DedeHai
Repo: wled/WLED PR: 4456
File: usermods/deep_sleep/deep_sleep.cpp:224-230
Timestamp: 2025-11-30T15:29:00.726Z
Learning: In WLED, `touchThreshold` is a global variable defined in wled00/wled.h and is accessible to all usermods. It stores the touch sensitivity threshold for touch-capable GPIO pins on ESP32 variants and should not be flagged as undefined when used in usermods.

Applied to files:

• wled00/set.cpp

📚 Learning: 2025-10-05T15:24:05.545Z

Learnt from: CR
Repo: wled/WLED PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-10-05T15:24:05.545Z
Learning: Applies to wled00/html_*.h : DO NOT edit generated embedded web header files (wled00/html_*.h)

Applied to files:

• wled00/fcn_declare.h

🧬 Code graph analysis (1)

wled00/fcn_declare.h (3)

usermods/audioreactive/audio_reactive.cpp (2)

• appendConfigData (1904-1959)
• appendConfigData (1904-1904)

wled00/um_manager.cpp (4)

• appendConfigData (26-26)
• appendConfigData (26-26)
• appendConfigData (95-100)
• appendConfigData (95-95)

usermods/usermod_v2_rotary_encoder_ui_ALT/usermod_v2_rotary_encoder_ui_ALT.cpp (2)

• appendConfigData (1094-1097)
• appendConfigData (1094-1094)

🔇 Additional comments (4)

wled00/set.cpp (2)

24-28: LGTM!

The new field key definitions for encryption type and enterprise identity fields follow the existing pattern correctly.

---

35-55: LGTM!

The old value storage and conditional handling based on encryption type is well-structured. The buffer sizes match the struct definitions and the encryption type change detection is correct.

wled00/fcn_declare.h (2)

61-68: LGTM!

New struct members are appropriately sized and logically grouped. The 65-byte buffers correctly accommodate 64-character identities plus null terminator.

---

69-81: LGTM — constant verified and indentation compliant.

Constructor extension is well-implemented with appropriate defaults and correct null-termination for string fields. The WIFI_ENCRYPTION_TYPE_PSK constant is properly defined in wled00/const.h and widely used throughout the codebase. Indentation complies with the 2-space requirement for non-generated header files. Default parameter values maintain backward compatibility.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

wled00/set.cpp (1)

35-35: Minor style: combine declaration and initialization.

The split declaration-then-assignment can be simplified to a single statement.

-        byte oldType; oldType = multiWiFi[n].encryptionType;
+        byte oldType = multiWiFi[n].encryptionType;

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between baee3c6 and 8fb2d02.

📒 Files selected for processing (1)

• wled00/set.cpp (3 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

wled00/**/*.cpp

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use 2-space indentation for C++ source files (.cpp)

Files:

• wled00/set.cpp

🧠 Learnings (1)

📚 Learning: 2025-11-30T15:29:00.726Z

Learnt from: DedeHai
Repo: wled/WLED PR: 4456
File: usermods/deep_sleep/deep_sleep.cpp:224-230
Timestamp: 2025-11-30T15:29:00.726Z
Learning: In WLED, `touchThreshold` is a global variable defined in wled00/wled.h and is accessible to all usermods. It stores the touch sensitivity threshold for touch-capable GPIO pins on ESP32 variants and should not be flagged as undefined when used in usermods.

Applied to files:

• wled00/set.cpp

🔇 Additional comments (2)

wled00/set.cpp (2)

24-27: LGTM!

The new parameter key variables (et, ea, ei) follow the established pattern used for other WiFi configuration parameters in this loop.

---

37-60: LGTM!

The enterprise credential handling logic is correct:

• Old values are properly saved before modification
• Encryption type change triggers reconnect
• PSK mode correctly clears enterprise fields
• Enterprise mode properly copies identity values from the request
• The strncmp(...) != 0 comparisons correctly detect changes and trigger reconnection

The previous inverted strncmp logic has been properly fixed.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

wled00/set.cpp (1)

24-61: Enterprise WiFi handling is sound; consider minor robustness tweaks

The new handling for ETn / EAn / EIn looks correct and safe: you copy into fixed-size buffers with strlcpy(..., 65) and compare with strncmp(..., 64) != 0, and you correctly trigger forceReconnect when encryption type, SSID, or enterprise identities change.

Two small, non-blocking suggestions:

• To make the comparisons resilient to future buffer-size changes, you could avoid hard‑coded 64 and instead use the local buffer sizes, e.g.:

•    if (strncmp(multiWiFi[n].enterpriseAnonIdentity, oldAnon, 64) != 0) {
  

•    if (strncmp(multiWiFi[n].enterpriseAnonIdentity, oldAnon, sizeof(oldAnon) - 1) != 0) {
       forceReconnect = true;
     }
  

•    if (strncmp(multiWiFi[n].enterpriseIdentity, oldIden, 64) != 0) {
  

•    if (strncmp(multiWiFi[n].enterpriseIdentity, oldIden, sizeof(oldIden) - 1) != 0) {
       forceReconnect = true;
     }
  

• Right now, all non‑WIFI_ENCRYPTION_TYPE_PSK values fall into the “WPA2-Enterprise” else branch. That matches today’s two‑option UI, but if more encryption types are ever added, they will also end up treated as Enterprise and get EA/EI copied. Consider tightening this to an explicit check for your Enterprise enum value (with a default branch that just clears the enterprise fields) to stay future‑proof.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8fb2d02 and 7ece840.

📒 Files selected for processing (1)

• wled00/set.cpp (3 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

wled00/**/*.cpp

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use 2-space indentation for C++ source files (.cpp)

Files:

• wled00/set.cpp

🧠 Learnings (1)

📚 Learning: 2025-11-30T15:29:00.726Z

Learnt from: DedeHai
Repo: wled/WLED PR: 4456
File: usermods/deep_sleep/deep_sleep.cpp:224-230
Timestamp: 2025-11-30T15:29:00.726Z
Learning: In WLED, `touchThreshold` is a global variable defined in wled00/wled.h and is accessible to all usermods. It stores the touch sensitivity threshold for touch-capable GPIO pins on ESP32 variants and should not be flagged as undefined when used in usermods.

Applied to files:

• wled00/set.cpp

🔇 Additional comments (2)

wled00/set.cpp (2)

329-331: Touch button branch structure remains correct

This block still correctly handles invalid touch pins by deallocating and clearing the button type, and (when SOC_TOUCH_VERSION_2 is defined) attaches the interrupt only on valid touch‑capable pins via the else touchAttachInterrupt(...). No behavioral concerns here.

---

981-982: Non-functional spacing change before brightness handling

The added blank separation before the “set brightness” section is purely cosmetic and does not affect control flow or behavior. Layout stays consistent with surrounding code.

[DedeHai]

thanks for updating. I am not sure on how to proceed on this one but it can not be in the default builds as this eats up way too much flash, 80k on ESP8266 and over 100k on ESP32 variants.
@willmmiles what are your thoughts on encapsulating it in #ifdefs and what would be the alternative to have this as a custom build option?

[willmmiles]

thanks for updating. I am not sure on how to proceed on this one but it can not be in the default builds as this eats up way too much flash, 80k on ESP8266 and over 100k on ESP32 variants. @willmmiles what are your thoughts on encapsulating it in #ifdefs and what would be the alternative to have this as a custom build option?

You know I'm not a fan of #ifdefs ;) but that's probably the least evil approach given that networking is a core feature.

From an implementation standpoint:

• Relevant define should be WLED_ENABLE_WPA_ENTERPRISE, ie. the inverse of the current approach
• UI fields, including the type selector, must be hidden if the firmware does not support enterprise auth. Bonus points if they're omitted entirely at build time to avoid wasting flash.
• New config values (including auth type) should be omitted in serializeConfig unless the feature is enabled. Similarly, deserializeConfig should ignore them unless the feature is enabled.

Other notes:

• Should either of the identity fields be stored in the "secure" config? Is the password the only secret?
• There are a number of unrelated whitespace changes in this PR. Someone's got a bad editor config (possibly me!) but either way they are cluttering the diffs. Please avoid staging unrelated changes.

[benjaminkraus]

thanks for updating. I am not sure on how to proceed on this one but it can not be in the default builds as this eats up way too much flash, 80k on ESP8266 and over 100k on ESP32 variants. @willmmiles what are your thoughts on encapsulating it in #ifdefs and what would be the alternative to have this as a custom build option?

You know I'm not a fan of #ifdefs ;) but that's probably the least evil approach given that networking is a core feature.

From an implementation standpoint:

• Relevant define should be WLED_ENABLE_WPA_ENTERPRISE, ie. the inverse of the current approach

• UI fields, including the type selector, must be hidden if the firmware does not support enterprise auth. Bonus points if they're omitted entirely at build time to avoid wasting flash.

• New config values (including auth type) should be omitted in serializeConfig unless the feature is enabled. Similarly, deserializeConfig should ignore them unless the feature is enabled.

Thanks @willmmiles and @DedeHai for the feedback.

I'll make these changes and do my best to omit the UI fields entirely at built time if the feature is disabled (without overly complicating the code).

Other notes:

• Should either of the identity fields be stored in the "secure" config? Is the password the only secret?

I considered this, but I wasn't sure if there was a cost to putting more things into the secure config. It is an easy enough change if we think the anonymous identity and/or identity should be kept more secure. Based on my (admittedly limited) understanding of WPA enterprise, I believe the "anonymous identity" is presented unencrypted when establishing the connection but the "identity" is only sent over an encrypted channel, so I could see an argument for treating the anonymous identity similarly to the SSID and treating the identity/username similar to the password. As two random data points: Neither my Linux laptop or my Android phone do anything to obscure the identity and anonymous identity on their WiFi configuration pages (they are both visible by default).

• There are a number of unrelated whitespace changes in this PR. Someone's got a bad editor config (possibly me!) but either way they are cluttering the diffs. Please avoid staging unrelated changes.

The whitespace changes were done automatically by Visual Studio Code and it was actually a little hard to undo the changes (Visual Studio Code kept generously fixing them again for me) so I left them in my initial commit. I debated whether it would be more distracting to leave them in or to add a later change reverting them. I'll revert all the unrelated whitespace-only changes.

[DedeHai]

I'll make these changes and do my best to omit the UI fields entirely at built time if the feature is disabled (without overly complicating the code).

IIRC there was a PR that used a script to inject JS code at build time but don't ask me which one ;)

(Visual Studio Code kept generously fixing them again for me)

I have auto-remove disabled but have white-spaces show in red, I think that is a VSc plugin (I would recommend to get @willmmiles if you are using VScode ;) )

[KrX3D]

IIRC there was a PR that used a script to inject JS code at build time but don't ask me which one ;)

just if you mean inject_syslog_ui.py : #4664

[DedeHai]

thanks @KrX3D, that exactly :)

[willmmiles]

Oof, using a python script to manipulate the HTML files is a world of complexity I'd rather not take on. I was expecting that it should be done via the npm build step. Converting from the "source html" to "this is the binary blob embedded in the firmware" is the whole point of that stage. Possibly build_ui.py needs to do something to explicitly pass key environment variables in, though.

[netmindz]

Yeah this definitely needs to be excluded by default given it's increased flash usege and very niche usage