From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: [PATCH] ddns.cgi: Drop static provider list for token based auth. Date: Wed, 02 Dec 2020 16:35:19 +0100 Message-ID: In-Reply-To: <59E63519-84C3-40AF-8A77-DEC92FBAFBB8@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0434170093872712890==" List-Id: --===============0434170093872712890== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hello Michael, the intension of this patch was, that a supported provider of DDNS has changed it's API to support now token based authentication. The code already has been changed so here we are safe by now. Also in case a new dynamic DNS provider will be added to DDNS, we do not have to do anything, because the GUI automatically will be filled with the new provider. But there is one big exception in this: If a new or existing provider has supports authentication tokens, this provider has to be added to this list, which is not very intuitive. We also have to ship the GUI each time for new, if this happened. (This was the former reason, why we created the "ddns list-providers" command to prevent from this.) My change simplifies, the check if token based authentication should be used or not. It removes the check against the static list of providers which supports token based authentications. (This is the list, which needs to be keep up to date by hand.) For the user nothing changes, because if he speciefies "token" as username, still the token base auth will be used for the choosen provider. The only way an user may be affected is, if he configures a token based auth for a provider which does not supports it. This now would be possible and will result in an authentication error against the provider - But Hey, if he fills in incorrect data the same will be happen. The only bigger problem would be if the valid username of a user is "token". In this case he will be affected in the same way and this could not be fixed in an easy way. IMHO, the benefits are bigger for us, because the maintain work will become much easier and one stupid error source will get eliminated. Best regards, -Stefan > Hello, > > I do not understand exactly what this patch is trying to achieve. > > Unfortunately we have no choice than doing it this way with the > current UI. > > I do not think it is worth altering the UI for this, and I do not > know how we could do it without having a list again? > > -Michael > > > On 2 Dec 2020, at 11:30, Stefan Schantl > > wrote: > > > > This is really hard to maintain when adding new or altering > > existing > > providers. > > > > Reference #12415. > > > > Signed-off-by: Stefan Schantl > > --- > > html/cgi-bin/ddns.cgi | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi > > index 715c37290..024eaf7f6 100644 > > --- a/html/cgi-bin/ddns.cgi > > +++ b/html/cgi-bin/ddns.cgi > > @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile { > > > > my $use_token = 0; > > > > - # Handle token based auth for various providers. > > - if ($provider ~~ ["dns.lightningwirelabs.com", > > "entrydns.net", "regfish.com", > > - "spdns.de", "zzzz.io"] && $username > > eq "token") { > > + # Check if token based auth is configured. > > + if ($username eq "token") { > > $use_token = 1; > > + } > > > > # Handle token auth for freedns.afraid.org and > > regfish.com. > > - } elsif ($provider ~~ ["freedns.afraid.org", > > "regfish.com"] && $password eq "") { > > + if ($provider ~~ ["freedns.afraid.org", "regfish.com"] > > && $password eq "") { > > $use_token = 1; > > $password = $username; > > > > -- > > 2.20.1 > > --===============0434170093872712890== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVXTzBOWHRTcnZo YXN5dERuVHRkT0ZZK1RzdDRGQWwvSHREY0FDZ2tRVHRkT0ZZK1QKc3Q0VytBLytMSkZuT01QbWdQ VHpRZFh6SE40aEwrNTkyLzN0Rmx3ZDVCeUI1WHRaMThGZ2JaK0g5U1hFcEZKMQpVajM3SWhBUzJs SGx3VHNrNndLZXJBdXdXOTBEMy8rZzVOQ2grYTFySVFMUXA4Ti9WQ014WkREV1lPc3VKT2MzCndS UTZPcVM2ek15S2dnQnR0WjEyT05OR3gyU2pzUzh5eFhRVDQvMGpybG9VZVN2aW9yNkNNRzB4YmNZ SnZqNzcKdXhxbTk2V2dSeDlSWUxOU211cnBGU0ZMSzNtNkRjellUc21VZk9QT1J2a0htQXlNWFQ3 YkVlV1p3NEU3TFRNSgpHeHY2REpGczJsaGE2VWJmT2V3VGNTeGZEMFZVNmYxbTJhcFZzWHQ1cENr OFhiSHdPN0RlZUlxUWVmWTdXOW1OCkpNT2VoUG1Hamltdkg1ZlZpRTVYbWd0dHdNRXI2MkJ1Zzlw a1dtZEZPOHVFaFdzMVJ4OTFVVktQYSszdUU1S0kKcGJuWXU4b1VtaVRrWkFTVXpGRDkyaW9JMnBN SFZIYU94d1RJdS9oTERHOTVkdG1jeXBPaEExZVkwWjY1M3VRNwpaeDVTWEwvcysycHZQU28xY3NG a3RTODFKemNnOVkyd2NqUWRvZXRQWm04am1HWkI1d3FqZGkvaURhZFdqV1VBClI4dVF2d25wYm5J eUs0VGFUOHFvaU9pQTluWDJyMGllQXBjU3lUYTZtL29INkRvRXVJYll6TkpTRU9SOVEyNEgKZGJj UU9sM2RBY0RRNlM1ME5KaXVPQmQxSTdkMWZiOTc0UWxsanZwVGUzTjNpM1NxUXltcjllNVEraWFi VVJ6TQpYWDZsVTlhUUpVa0RQdUlWYVRTdnQwWDlyQnB1b0laY0dTMXAvM3hHMUV0VU1UOEpIaWs9 Cj1XS2txCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============0434170093872712890==--