From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: [PATCH] ddns.cgi: Drop static provider list for token based auth. Date: Wed, 02 Dec 2020 18:58:18 +0100 Message-ID: <52018e931401d7eec38cbe3b90c09f8318b2d691.camel@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6402821629774640106==" List-Id: --===============6402821629774640106== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hello Adolf, thanks for joining the conversation and your thoughts. > Hi Stefan, > > Would it be possible to create some form of simple database file > where all known suppliers are listed in together with what inputs > they expect. Yes of course this would be possible, but would not really solve the problem of a static list or file which also needs to be adjusted if new providers will be added or existing ones are changed. > Then you would know which items to check for in the WUI. Maybe you > could even only show the required input boxes once the supplier has > been chosen from the drop-down box. In my reply to Michael I put some thoughts about how this issue hopefully can be solved in a very smart way by getting the affected providers directly from the ddns tool itself. Best regards, -Stefan > > Regards, > > Adolf. > > > On 02/12/2020 17:02, Stefan Schantl wrote: > > Mhm, > > > > you are right this will only move the problem from the developers > > (us) > > to the users. > > > > This is a really hard problem because there is no easy solution for > > this issue. > > > > We simple can take care about the users input and verify if the > > providers supports what has been configured or we even do not. > > > > If we decide to safe the users from themself, we need something to > > verify against and that would be something like such a crappy > > static > > list. > > > > Do I miss something or think to narrow? > > > > @List followers, what are your opinions? > > > > Best regards, > > > > -Stefan > > > You are moving the problem from the developer to the user. > > > > > > I think that might be more messy. > > > > > > I am also not sure how this will affect existing setups? > > > > > > -Michael > > > > > > > On 2 Dec 2020, at 15:35, Stefan Schantl < > > > > stefan.schantl(a)ipfire.org> > > > > wrote: > > > > > > > > Hello Michael, > > > > > > > > the intension of this patch was, that a supported provider of > > > > DDNS > > > > has > > > > changed it's API to support now token based authentication. The > > > > code > > > > already has been changed so here we are safe by now. > > > > > > > > Also in case a new dynamic DNS provider will be added to DDNS, > > > > we > > > > do > > > > not have to do anything, because the GUI automatically will be > > > > filled > > > > with the new provider. > > > > > > > > But there is one big exception in this: > > > > > > > > If a new or existing provider has supports authentication > > > > tokens, > > > > this > > > > provider has to be added to this list, which is not very > > > > intuitive. > > > > > > > > We also have to ship the GUI each time for new, if this > > > > happened. > > > > > > > > (This was the former reason, why we created the "ddns list- > > > > providers" > > > > command to prevent from this.) > > > > > > > > My change simplifies, the check if token based authentication > > > > should be > > > > used or not. It removes the check against the static list of > > > > providers > > > > which supports token based authentications. (This is the list, > > > > which > > > > needs to be keep up to date by hand.) > > > > > > > > For the user nothing changes, because if he speciefies "token" > > > > as > > > > username, still the token base auth will be used for the > > > > choosen > > > > provider. > > > > > > > > The only way an user may be affected is, if he configures a > > > > token > > > > based > > > > auth for a provider which does not supports it. This now would > > > > be > > > > possible and will result in an authentication error against the > > > > provider - But Hey, if he fills in incorrect data the same will > > > > be > > > > happen. > > > > > > > > The only bigger problem would be if the valid username of a > > > > user is > > > > "token". In this case he will be affected in the same way and > > > > this > > > > could not be fixed in an easy way. > > > > > > > > IMHO, the benefits are bigger for us, because the maintain work > > > > will > > > > become much easier and one stupid error source will get > > > > eliminated. > > > > > > > > Best regards, > > > > > > > > -Stefan > > > > > Hello, > > > > > > > > > > I do not understand exactly what this patch is trying to > > > > > achieve. > > > > > > > > > > Unfortunately we have no choice than doing it this way with > > > > > the > > > > > current UI. > > > > > > > > > > I do not think it is worth altering the UI for this, and I do > > > > > not > > > > > know how we could do it without having a list again? > > > > > > > > > > -Michael > > > > > > > > > > > On 2 Dec 2020, at 11:30, Stefan Schantl < > > > > > > stefan.schantl(a)ipfire.org> > > > > > > wrote: > > > > > > > > > > > > This is really hard to maintain when adding new or altering > > > > > > existing > > > > > > providers. > > > > > > > > > > > > Reference #12415. > > > > > > > > > > > > Signed-off-by: Stefan Schantl > > > > > > --- > > > > > > html/cgi-bin/ddns.cgi | 8 ++++---- > > > > > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > > > > > > > > > diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi > > > > > > index 715c37290..024eaf7f6 100644 > > > > > > --- a/html/cgi-bin/ddns.cgi > > > > > > +++ b/html/cgi-bin/ddns.cgi > > > > > > @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile { > > > > > > > > > > > > my $use_token = 0; > > > > > > > > > > > > - # Handle token based auth for various > > > > > > providers. > > > > > > - if ($provider ~~ ["dns.lightningwirelabs.com", > > > > > > "entrydns.net", "regfish.com", > > > > > > - "spdns.de", "zzzz.io"] && > > > > > > $username > > > > > > eq "token") { > > > > > > + # Check if token based auth is configured. > > > > > > + if ($username eq "token") { > > > > > > $use_token = 1; > > > > > > + } > > > > > > > > > > > > # Handle token auth for freedns.afraid.org and > > > > > > regfish.com. > > > > > > - } elsif ($provider ~~ ["freedns.afraid.org", > > > > > > "regfish.com"] && $password eq "") { > > > > > > + if ($provider ~~ ["freedns.afraid.org", > > > > > > "regfish.com"] > > > > > > && $password eq "") { > > > > > > $use_token = 1; > > > > > > $password = $username; > > > > > > > > > > > > -- > > > > > > 2.20.1 > > > > > > --===============6402821629774640106==--