From 44af5e439cac71c31cd3cb4278893a7409c59f40 Mon Sep 17 00:00:00 2001
From: dr-oblivium <52540467+dr-oblivium@users.noreply.github.com>
Date: Wed, 29 Jul 2020 18:18:53 +0200
Subject: [PATCH] wpa2 enterprise fixes: also copy eap parameters, don't
 require psk password to be set (#1215)

---
 esphome/components/wifi/wifi_component.cpp | 45 ++++++++++++++++++++--
 1 file changed, 42 insertions(+), 3 deletions(-)

diff --git a/esphome/components/wifi/wifi_component.cpp b/esphome/components/wifi/wifi_component.cpp
index 5c1c533c5d..df80c5b109 100644
--- a/esphome/components/wifi/wifi_component.cpp
+++ b/esphome/components/wifi/wifi_component.cpp
@@ -201,7 +201,26 @@ void WiFiComponent::start_connecting(const WiFiAP &ap, bool two) {
   } else {
     ESP_LOGV(TAG, "  BSSID: Not Set");
   }
-  ESP_LOGV(TAG, "  Password: " LOG_SECRET("'%s'"), ap.get_password().c_str());
+
+#ifdef ESPHOME_WIFI_WPA2_EAP
+  if (ap.get_eap().has_value()) {
+    ESP_LOGV(TAG, "  WPA2 Enterprise authentication configured:");
+    EAPAuth eap_config = ap.get_eap().value();
+    ESP_LOGV(TAG, "    Identity: " LOG_SECRET("'%s'"), eap_config.identity.c_str());
+    ESP_LOGV(TAG, "    Username: " LOG_SECRET("'%s'"), eap_config.username.c_str());
+    ESP_LOGV(TAG, "    Password: " LOG_SECRET("'%s'"), eap_config.password.c_str());
+    bool ca_cert_present = eap_config.ca_cert != nullptr && strlen(eap_config.ca_cert);
+    bool client_cert_present = eap_config.client_cert != nullptr && strlen(eap_config.client_cert);
+    bool client_key_present = eap_config.client_key != nullptr && strlen(eap_config.client_key);
+    ESP_LOGV(TAG, "    CA Cert:     %s", ca_cert_present ? "present" : "not present");
+    ESP_LOGV(TAG, "    Client Cert: %s", client_cert_present ? "present" : "not present");
+    ESP_LOGV(TAG, "    Client Key:  %s", client_key_present ? "present" : "not present");
+  } else {
+#endif
+    ESP_LOGV(TAG, "  Password: " LOG_SECRET("'%s'"), ap.get_password().c_str());
+#ifdef ESPHOME_WIFI_WPA2_EAP
+  }
+#endif
   if (ap.get_channel().has_value()) {
     ESP_LOGV(TAG, "  Channel: %u", *ap.get_channel());
   } else {
@@ -400,9 +419,17 @@ void WiFiComponent::check_scanning_finished() {
       connect_params.set_channel(scan_res.get_channel());
       connect_params.set_bssid(scan_res.get_bssid());
     }
-    // set manual IP+password (if any)
+    // copy manual IP (if set)
     connect_params.set_manual_ip(config.get_manual_ip());
+
+#ifdef ESPHOME_WIFI_WPA2_EAP
+    // copy EAP parameters (if set)
+    connect_params.set_eap(config.get_eap());
+#endif
+
+    // copy password (if set)
     connect_params.set_password(config.get_password());
+
     break;
   }
 
@@ -576,9 +603,21 @@ bool WiFiScanResult::matches(const WiFiAP &config) {
   // If BSSID configured, only match for correct BSSIDs
   if (config.get_bssid().has_value() && *config.get_bssid() != this->bssid_)
     return false;
-  // If PW given, only match for networks with auth (and vice versa)
+
+#ifdef ESPHOME_WIFI_WPA2_EAP
+  // BSSID requires auth but no PSK or EAP credentials given
+  if (this->with_auth_ && (config.get_password().empty() && !config.get_eap().has_value()))
+    return false;
+
+  // BSSID does not require auth, but PSK or EAP credentials given
+  if (!this->with_auth_ && (!config.get_password().empty() || config.get_eap().has_value()))
+    return false;
+#else
+  // If PSK given, only match for networks with auth (and vice versa)
   if (config.get_password().empty() == this->with_auth_)
     return false;
+#endif
+
   // If channel configured, only match networks on that channel.
   if (config.get_channel().has_value() && *config.get_channel() != this->channel_) {
     return false;