This is really hard to maintain when adding new or altering existing providers.
Reference #12415.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- html/cgi-bin/ddns.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 715c37290..024eaf7f6 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile {
my $use_token = 0;
- # Handle token based auth for various providers. - if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com", - "spdns.de", "zzzz.io"] && $username eq "token") { + # Check if token based auth is configured. + if ($username eq "token") { $use_token = 1; + }
# Handle token auth for freedns.afraid.org and regfish.com. - } elsif ($provider ~~ ["freedns.afraid.org", "regfish.com"] && $password eq "") { + if ($provider ~~ ["freedns.afraid.org", "regfish.com"] && $password eq "") { $use_token = 1; $password = $username;
Hello,
I do not understand exactly what this patch is trying to achieve.
Unfortunately we have no choice than doing it this way with the current UI.
I do not think it is worth altering the UI for this, and I do not know how we could do it without having a list again?
-Michael
On 2 Dec 2020, at 11:30, Stefan Schantl stefan.schantl@ipfire.org wrote:
This is really hard to maintain when adding new or altering existing providers.
Reference #12415.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/ddns.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 715c37290..024eaf7f6 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile {
my $use_token = 0;
# Handle token based auth for various providers.if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com","spdns.de", "zzzz.io"] && $username eq "token") {
# Check if token based auth is configured.if ($username eq "token") { $use_token = 1;}# Handle token auth for freedns.afraid.org and regfish.com.
} elsif ($provider ~~ ["freedns.afraid.org", "regfish.com"] && $password eq "") {
if ($provider ~~ ["freedns.afraid.org", "regfish.com"] && $password eq "") { $use_token = 1; $password = $username;-- 2.20.1
Hello Michael,
the intension of this patch was, that a supported provider of DDNS has changed it's API to support now token based authentication. The code already has been changed so here we are safe by now.
Also in case a new dynamic DNS provider will be added to DDNS, we do not have to do anything, because the GUI automatically will be filled with the new provider.
But there is one big exception in this:
If a new or existing provider has supports authentication tokens, this provider has to be added to this list, which is not very intuitive.
We also have to ship the GUI each time for new, if this happened.
(This was the former reason, why we created the "ddns list-providers" command to prevent from this.)
My change simplifies, the check if token based authentication should be used or not. It removes the check against the static list of providers which supports token based authentications. (This is the list, which needs to be keep up to date by hand.)
For the user nothing changes, because if he speciefies "token" as username, still the token base auth will be used for the choosen provider.
The only way an user may be affected is, if he configures a token based auth for a provider which does not supports it. This now would be possible and will result in an authentication error against the provider - But Hey, if he fills in incorrect data the same will be happen.
The only bigger problem would be if the valid username of a user is "token". In this case he will be affected in the same way and this could not be fixed in an easy way.
IMHO, the benefits are bigger for us, because the maintain work will become much easier and one stupid error source will get eliminated.
Best regards,
-Stefan
Hello,
I do not understand exactly what this patch is trying to achieve.
Unfortunately we have no choice than doing it this way with the current UI.
I do not think it is worth altering the UI for this, and I do not know how we could do it without having a list again?
-Michael
On 2 Dec 2020, at 11:30, Stefan Schantl stefan.schantl@ipfire.org wrote:
This is really hard to maintain when adding new or altering existing providers.
Reference #12415.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/ddns.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 715c37290..024eaf7f6 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile {
my $use_token = 0;
# Handle token based auth for various providers.if ($provider ~~ ["dns.lightningwirelabs.com","entrydns.net", "regfish.com",
"spdns.de", "zzzz.io"] && $usernameeq "token") {
# Check if token based auth is configured.if ($username eq "token") { $use_token = 1;}# Handle token auth for freedns.afraid.org and
regfish.com.
} elsif ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") {
if ($provider ~~ ["freedns.afraid.org", "regfish.com"]&& $password eq "") { $use_token = 1; $password = $username;
-- 2.20.1
Hi,
You are moving the problem from the developer to the user.
I think that might be more messy.
I am also not sure how this will affect existing setups?
-Michael
On 2 Dec 2020, at 15:35, Stefan Schantl stefan.schantl@ipfire.org wrote:
Hello Michael,
the intension of this patch was, that a supported provider of DDNS has changed it's API to support now token based authentication. The code already has been changed so here we are safe by now.
Also in case a new dynamic DNS provider will be added to DDNS, we do not have to do anything, because the GUI automatically will be filled with the new provider.
But there is one big exception in this:
If a new or existing provider has supports authentication tokens, this provider has to be added to this list, which is not very intuitive.
We also have to ship the GUI each time for new, if this happened.
(This was the former reason, why we created the "ddns list-providers" command to prevent from this.)
My change simplifies, the check if token based authentication should be used or not. It removes the check against the static list of providers which supports token based authentications. (This is the list, which needs to be keep up to date by hand.)
For the user nothing changes, because if he speciefies "token" as username, still the token base auth will be used for the choosen provider.
The only way an user may be affected is, if he configures a token based auth for a provider which does not supports it. This now would be possible and will result in an authentication error against the provider - But Hey, if he fills in incorrect data the same will be happen.
The only bigger problem would be if the valid username of a user is "token". In this case he will be affected in the same way and this could not be fixed in an easy way.
IMHO, the benefits are bigger for us, because the maintain work will become much easier and one stupid error source will get eliminated.
Best regards,
-Stefan
Hello,
I do not understand exactly what this patch is trying to achieve.
Unfortunately we have no choice than doing it this way with the current UI.
I do not think it is worth altering the UI for this, and I do not know how we could do it without having a list again?
-Michael
On 2 Dec 2020, at 11:30, Stefan Schantl stefan.schantl@ipfire.org wrote:
This is really hard to maintain when adding new or altering existing providers.
Reference #12415.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/ddns.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 715c37290..024eaf7f6 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile {
my $use_token = 0;
# Handle token based auth for various providers.if ($provider ~~ ["dns.lightningwirelabs.com","entrydns.net", "regfish.com",
"spdns.de", "zzzz.io"] && $usernameeq "token") {
# Check if token based auth is configured.if ($username eq "token") { $use_token = 1;}# Handle token auth for freedns.afraid.org and
regfish.com.
} elsif ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") {
if ($provider ~~ ["freedns.afraid.org", "regfish.com"]&& $password eq "") { $use_token = 1; $password = $username;
-- 2.20.1
Mhm,
you are right this will only move the problem from the developers (us) to the users.
This is a really hard problem because there is no easy solution for this issue.
We simple can take care about the users input and verify if the providers supports what has been configured or we even do not.
If we decide to safe the users from themself, we need something to verify against and that would be something like such a crappy static list.
Do I miss something or think to narrow?
@List followers, what are your opinions?
Best regards,
-Stefan
You are moving the problem from the developer to the user.
I think that might be more messy.
I am also not sure how this will affect existing setups?
-Michael
On 2 Dec 2020, at 15:35, Stefan Schantl stefan.schantl@ipfire.org wrote:
Hello Michael,
the intension of this patch was, that a supported provider of DDNS has changed it's API to support now token based authentication. The code already has been changed so here we are safe by now.
Also in case a new dynamic DNS provider will be added to DDNS, we do not have to do anything, because the GUI automatically will be filled with the new provider.
But there is one big exception in this:
If a new or existing provider has supports authentication tokens, this provider has to be added to this list, which is not very intuitive.
We also have to ship the GUI each time for new, if this happened.
(This was the former reason, why we created the "ddns list- providers" command to prevent from this.)
My change simplifies, the check if token based authentication should be used or not. It removes the check against the static list of providers which supports token based authentications. (This is the list, which needs to be keep up to date by hand.)
For the user nothing changes, because if he speciefies "token" as username, still the token base auth will be used for the choosen provider.
The only way an user may be affected is, if he configures a token based auth for a provider which does not supports it. This now would be possible and will result in an authentication error against the provider - But Hey, if he fills in incorrect data the same will be happen.
The only bigger problem would be if the valid username of a user is "token". In this case he will be affected in the same way and this could not be fixed in an easy way.
IMHO, the benefits are bigger for us, because the maintain work will become much easier and one stupid error source will get eliminated.
Best regards,
-Stefan
Hello,
I do not understand exactly what this patch is trying to achieve.
Unfortunately we have no choice than doing it this way with the current UI.
I do not think it is worth altering the UI for this, and I do not know how we could do it without having a list again?
-Michael
On 2 Dec 2020, at 11:30, Stefan Schantl < stefan.schantl@ipfire.org> wrote:
This is really hard to maintain when adding new or altering existing providers.
Reference #12415.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/ddns.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 715c37290..024eaf7f6 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile {
my $use_token = 0;
# Handle token based auth for variousproviders.
if ($provider ~~ ["dns.lightningwirelabs.com","entrydns.net", "regfish.com",
"spdns.de", "zzzz.io"] &&$username eq "token") {
# Check if token based auth is configured.if ($username eq "token") { $use_token = 1;}# Handle token auth for freedns.afraid.org and
regfish.com.
} elsif ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") {
if ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") { $use_token = 1; $password = $username;
-- 2.20.1
Hi,
Alternatives I could come up with are:
* Create a command to have ddns list all those providers. That way that list is in ddns where it probably belongs best.
* Update the UI and add a third field for the token. That is however very bad UI because either the token field or the username/password field are a waste of space.
Actually, we need to work towards having token only. Anything else is just dangerous because the whole account can be managed if this data leaks.
-Michael
On 2 Dec 2020, at 16:02, Stefan Schantl stefan.schantl@ipfire.org wrote:
Mhm,
you are right this will only move the problem from the developers (us) to the users.
This is a really hard problem because there is no easy solution for this issue.
We simple can take care about the users input and verify if the providers supports what has been configured or we even do not.
If we decide to safe the users from themself, we need something to verify against and that would be something like such a crappy static list.
Do I miss something or think to narrow?
@List followers, what are your opinions?
Best regards,
-Stefan
You are moving the problem from the developer to the user.
I think that might be more messy.
I am also not sure how this will affect existing setups?
-Michael
On 2 Dec 2020, at 15:35, Stefan Schantl stefan.schantl@ipfire.org wrote:
Hello Michael,
the intension of this patch was, that a supported provider of DDNS has changed it's API to support now token based authentication. The code already has been changed so here we are safe by now.
Also in case a new dynamic DNS provider will be added to DDNS, we do not have to do anything, because the GUI automatically will be filled with the new provider.
But there is one big exception in this:
If a new or existing provider has supports authentication tokens, this provider has to be added to this list, which is not very intuitive.
We also have to ship the GUI each time for new, if this happened.
(This was the former reason, why we created the "ddns list- providers" command to prevent from this.)
My change simplifies, the check if token based authentication should be used or not. It removes the check against the static list of providers which supports token based authentications. (This is the list, which needs to be keep up to date by hand.)
For the user nothing changes, because if he speciefies "token" as username, still the token base auth will be used for the choosen provider.
The only way an user may be affected is, if he configures a token based auth for a provider which does not supports it. This now would be possible and will result in an authentication error against the provider - But Hey, if he fills in incorrect data the same will be happen.
The only bigger problem would be if the valid username of a user is "token". In this case he will be affected in the same way and this could not be fixed in an easy way.
IMHO, the benefits are bigger for us, because the maintain work will become much easier and one stupid error source will get eliminated.
Best regards,
-Stefan
Hello,
I do not understand exactly what this patch is trying to achieve.
Unfortunately we have no choice than doing it this way with the current UI.
I do not think it is worth altering the UI for this, and I do not know how we could do it without having a list again?
-Michael
On 2 Dec 2020, at 11:30, Stefan Schantl < stefan.schantl@ipfire.org> wrote:
This is really hard to maintain when adding new or altering existing providers.
Reference #12415.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/ddns.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 715c37290..024eaf7f6 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile {
my $use_token = 0;
# Handle token based auth for variousproviders.
if ($provider ~~ ["dns.lightningwirelabs.com","entrydns.net", "regfish.com",
"spdns.de", "zzzz.io"] &&$username eq "token") {
# Check if token based auth is configured.if ($username eq "token") { $use_token = 1;}# Handle token auth for freedns.afraid.org and
regfish.com.
} elsif ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") {
if ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") { $use_token = 1; $password = $username;
-- 2.20.1
Hi,
Hi,
Alternatives I could come up with are:
- Create a command to have ddns list all those providers. That way
that list is in ddns where it probably belongs best.
This probably would be the best solution.
So I'm thinking about to introduce something like "supports_token_auth = True" similar to "can_remove_records = True" in the source file which handles the providers.
After that, adding a new command option, which outputs the providers with this flag similar to the "ddns list-providers" option.
In this case we will get a dynamically generated list of what we want and need.
- Update the UI and add a third field for the token. That is however
very bad UI because either the token field or the username/password field are a waste of space.
I think a checkbox for "Use token based auth" or a dropdown for choosing the Auth type and some nice JS code could avoid from this.
Actually, we need to work towards having token only. Anything else is just dangerous because the whole account can be managed if this data leaks.
You are true, but sadly this cannot be done by us - it'ss the job of the providers out there.
- Stefan
-Michael
On 2 Dec 2020, at 16:02, Stefan Schantl stefan.schantl@ipfire.org wrote:
Mhm,
you are right this will only move the problem from the developers (us) to the users.
This is a really hard problem because there is no easy solution for this issue.
We simple can take care about the users input and verify if the providers supports what has been configured or we even do not.
If we decide to safe the users from themself, we need something to verify against and that would be something like such a crappy static list.
Do I miss something or think to narrow?
@List followers, what are your opinions?
Best regards,
-Stefan
You are moving the problem from the developer to the user.
I think that might be more messy.
I am also not sure how this will affect existing setups?
-Michael
On 2 Dec 2020, at 15:35, Stefan Schantl < stefan.schantl@ipfire.org> wrote:
Hello Michael,
the intension of this patch was, that a supported provider of DDNS has changed it's API to support now token based authentication. The code already has been changed so here we are safe by now.
Also in case a new dynamic DNS provider will be added to DDNS, we do not have to do anything, because the GUI automatically will be filled with the new provider.
But there is one big exception in this:
If a new or existing provider has supports authentication tokens, this provider has to be added to this list, which is not very intuitive.
We also have to ship the GUI each time for new, if this happened.
(This was the former reason, why we created the "ddns list- providers" command to prevent from this.)
My change simplifies, the check if token based authentication should be used or not. It removes the check against the static list of providers which supports token based authentications. (This is the list, which needs to be keep up to date by hand.)
For the user nothing changes, because if he speciefies "token" as username, still the token base auth will be used for the choosen provider.
The only way an user may be affected is, if he configures a token based auth for a provider which does not supports it. This now would be possible and will result in an authentication error against the provider - But Hey, if he fills in incorrect data the same will be happen.
The only bigger problem would be if the valid username of a user is "token". In this case he will be affected in the same way and this could not be fixed in an easy way.
IMHO, the benefits are bigger for us, because the maintain work will become much easier and one stupid error source will get eliminated.
Best regards,
-Stefan
Hello,
I do not understand exactly what this patch is trying to achieve.
Unfortunately we have no choice than doing it this way with the current UI.
I do not think it is worth altering the UI for this, and I do not know how we could do it without having a list again?
-Michael
On 2 Dec 2020, at 11:30, Stefan Schantl < stefan.schantl@ipfire.org> wrote:
This is really hard to maintain when adding new or altering existing providers.
Reference #12415.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/ddns.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 715c37290..024eaf7f6 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile {
my $use_token = 0;
# Handle token based auth for variousproviders.
if ($provider ~~ ["dns.lightningwirelabs.com","entrydns.net", "regfish.com",
"spdns.de", "zzzz.io"] &&$username eq "token") {
# Check if token based auth is configured.if ($username eq "token") { $use_token = 1;}# Handle token auth for freedns.afraid.org and
regfish.com.
} elsif ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") {
if ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") { $use_token = 1; $password = $username;
-- 2.20.1
This option can be used to get a list of all known provider which support a token based authentication method.
In order to provide this feature the provider details has been extended to contain the information if a provider supports this authentication method or not.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- ddns.in | 8 ++++++++ src/ddns/__init__.py | 14 ++++++++++++++ src/ddns/providers.py | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+) mode change 100644 => 100755 ddns.in
diff --git a/ddns.in b/ddns.in old mode 100644 new mode 100755 index 0e377e7..538e4b0 --- a/ddns.in +++ b/ddns.in @@ -49,6 +49,10 @@ def main(): p_list_providers = subparsers.add_parser("list-providers", help=_("List all available providers"))
+ # list-token-provider + p_list_token_provider = subparsers.add_parser("list-token-provider", + help=_("List all providers which supports authentication via token")) + # update p_update = subparsers.add_parser("update", help=_("Update DNS record")) p_update.add_argument("hostname") @@ -85,6 +89,10 @@ def main(): provider_names = d.get_provider_names() print("\n".join(provider_names))
+ elif args.subparsers_name == "list-token-providers": + token_provider = d.get_provider_with_token_support() + print("\n".join(token_provider)) + elif args.subparsers_name == "update": d.updateone(hostname=args.hostname, force=args.force)
diff --git a/src/ddns/__init__.py b/src/ddns/__init__.py index 3e43fa7..ca232bf 100644 --- a/src/ddns/__init__.py +++ b/src/ddns/__init__.py @@ -86,6 +86,20 @@ class DDNSCore(object): """ return sorted(self.providers.keys())
+ def get_provider_with_token_support(self): + """ + Returns a list with names of all registered providers + which support token based authtentication. + """ + + token_provider = [] + + for handle, provider in sorted(self.providers.items()): + if provider.supports_token_auth is True: + token_provider.append(handle) + + return sorted(token_provider) + def load_configuration(self, filename): logger.debug(_("Loading configuration file %s") % filename)
diff --git a/src/ddns/providers.py b/src/ddns/providers.py index a1ca3f3..b0066d5 100644 --- a/src/ddns/providers.py +++ b/src/ddns/providers.py @@ -73,6 +73,10 @@ class DDNSProvider(object): # Required to remove AAAA records if IPv6 is absent again. can_remove_records = True
+ # True if the provider supports authentication via a random + # generated token instead of username and password. + supports_token_auth = True + @staticmethod def supported(): """ @@ -352,6 +356,10 @@ class DDNSProtocolDynDNS2(object): # The DynDNS protocol version 2 does not allow to remove records can_remove_records = False
+ # The DynDNS protocol version 2 only supports authentication via + # username and password. + supports_token_auth = False + def prepare_request_data(self, proto): data = { "hostname" : self.hostname, @@ -440,6 +448,7 @@ class DDNSProviderAllInkl(DDNSProvider):
url = "http://dyndns.kasserver.com" can_remove_records = False + supports_token_auth = False
def update(self): # There is no additional data required so we directly can @@ -464,6 +473,8 @@ class DDNSProviderBindNsupdate(DDNSProvider):
DEFAULT_TTL = 60
+ supports_token_auth = False + @staticmethod def supported(): # Search if the nsupdate utility is available @@ -550,6 +561,7 @@ class DDNSProviderChangeIP(DDNSProvider):
url = "https://nic.changeip.com/nic/update" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): data = { @@ -616,6 +628,7 @@ class DDNSProviderDDNSS(DDNSProvider):
url = "http://www.ddnss.de/upd.php" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): data = { @@ -678,6 +691,7 @@ class DDNSProviderDHS(DDNSProvider):
url = "http://members.dhs.org/nic/hosts" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): data = { @@ -710,6 +724,7 @@ class DDNSProviderDNSpark(DDNSProvider):
url = "https://control.dnspark.com/api/dynamic/update.php" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): data = { @@ -758,6 +773,7 @@ class DDNSProviderDtDNS(DDNSProvider):
url = "https://www.dtdns.com/api/autodns.cfm" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): data = { @@ -813,6 +829,7 @@ class DDNSProviderDuckDNS(DDNSProvider):
url = "https://www.duckdns.org/update" can_remove_records = False + supports_token_auth = True
def update(self): # Raise an error if no auth details are given. @@ -914,6 +931,7 @@ class DDNSProviderDynUp(DDNSProvider):
url = "https://dynup.de/dyn.php" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): data = { @@ -979,6 +997,8 @@ class DDNSProviderEasyDNS(DDNSProvider):
url = "http://api.cp.easydns.com/dyn/tomato.php"
+ supports_token_auth = False + def update_protocol(self, proto): data = { "myip" : self.get_address(proto, "-"), @@ -1032,6 +1052,7 @@ class DDNSProviderDynsNet(DDNSProvider): website = "http://www.dyns.net/" protocols = ("ipv4",) can_remove_records = False + supports_token_auth = False
# There is very detailed informatio about how to send the update request and # the possible response codes. (Currently we are using the v1.1 proto) @@ -1083,6 +1104,7 @@ class DDNSProviderEnomCom(DDNSResponseParserXML, DDNSProvider):
url = "https://dynamic.name-services.com/interface.asp" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): data = { @@ -1125,6 +1147,7 @@ class DDNSProviderEntryDNS(DDNSProvider): # here: https://entrydns.net/help url = "https://entrydns.net/records/modify" can_remove_records = False + supports_token_auth = True
def update_protocol(self, proto): data = { @@ -1165,6 +1188,7 @@ class DDNSProviderFreeDNSAfraidOrg(DDNSProvider): # page. All used values have been collected by testing. url = "https://freedns.afraid.org/dynamic/update.php" can_remove_records = False + supports_token_auth = True
def update_protocol(self, proto): data = { @@ -1246,6 +1270,7 @@ class DDNSProviderKEYSYSTEMS(DDNSProvider):
url = "https://dynamicdns.key-systems.net/update.php" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): address = self.get_address(proto) @@ -1297,6 +1322,8 @@ class DDNSProviderLightningWireLabs(DDNSProvider): # Information about the format of the HTTPS request is to be found # https://dns.lightningwirelabs.com/knowledge-base/api/ddns
+ supports_token_auth = True + url = "https://dns.lightningwirelabs.com/update"
def update(self): @@ -1365,6 +1392,7 @@ class DDNSProviderNamecheap(DDNSResponseParserXML, DDNSProvider):
url = "https://dynamicdns.park-your-domain.com/update" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): # Namecheap requires the hostname splitted into a host and domain part. @@ -1458,6 +1486,8 @@ class DDNSProviderNsupdateINFO(DDNSProtocolDynDNS2, DDNSProvider): # has not been implemented here, yet. can_remove_records = False
+ supports_token_auth = True + # After a failed update, there will be no retries # https://bugzilla.ipfire.org/show_bug.cgi?id=10603 holdoff_failure_days = None @@ -1534,6 +1564,7 @@ class DDNSProviderRegfish(DDNSProvider):
url = "https://dyndns.regfish.de/" can_remove_records = False + supports_token_auth = True
def update(self): data = { @@ -1630,6 +1661,7 @@ class DDNSProviderServercow(DDNSProvider):
url = "https://www.servercow.de/dnsupdate/update.php" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): data = { @@ -1671,6 +1703,8 @@ class DDNSProviderSPDNS(DDNSProtocolDynDNS2, DDNSProvider):
url = "https://update.spdyn.de/nic/update"
+ supports_token_auth = True + @property def username(self): return self.get("username") or self.hostname @@ -1774,6 +1808,8 @@ class DDNSProviderZoneedit(DDNSProvider): website = "http://www.zoneedit.com" protocols = ("ipv4",)
+ supports_token_auth = False + # Detailed information about the request and the response codes can be # obtained here: # http://www.zoneedit.com/doc/api/other.html @@ -1821,6 +1857,7 @@ class DDNSProviderDNSmadeEasy(DDNSProvider):
url = "https://cp.dnsmadeeasy.com/servlet/updateip?" can_remove_records = False + supports_token_auth = False
def update_protocol(self, proto): data = { @@ -1871,6 +1908,7 @@ class DDNSProviderZZZZ(DDNSProvider):
url = "https://zzzz.io/api/v1/update" can_remove_records = False + supports_token_auth = True
def update_protocol(self, proto): data = {
Hi Stefan,
Would it be possible to create some form of simple database file where all known suppliers are listed in together with what inputs they expect. Then you would know which items to check for in the WUI. Maybe you could even only show the required input boxes once the supplier has been chosen from the drop-down box.
Regards,
Adolf.
On 02/12/2020 17:02, Stefan Schantl wrote:
Mhm,
you are right this will only move the problem from the developers (us) to the users.
This is a really hard problem because there is no easy solution for this issue.
We simple can take care about the users input and verify if the providers supports what has been configured or we even do not.
If we decide to safe the users from themself, we need something to verify against and that would be something like such a crappy static list.
Do I miss something or think to narrow?
@List followers, what are your opinions?
Best regards,
-Stefan
You are moving the problem from the developer to the user.
I think that might be more messy.
I am also not sure how this will affect existing setups?
-Michael
On 2 Dec 2020, at 15:35, Stefan Schantl stefan.schantl@ipfire.org wrote:
Hello Michael,
the intension of this patch was, that a supported provider of DDNS has changed it's API to support now token based authentication. The code already has been changed so here we are safe by now.
Also in case a new dynamic DNS provider will be added to DDNS, we do not have to do anything, because the GUI automatically will be filled with the new provider.
But there is one big exception in this:
If a new or existing provider has supports authentication tokens, this provider has to be added to this list, which is not very intuitive.
We also have to ship the GUI each time for new, if this happened.
(This was the former reason, why we created the "ddns list- providers" command to prevent from this.)
My change simplifies, the check if token based authentication should be used or not. It removes the check against the static list of providers which supports token based authentications. (This is the list, which needs to be keep up to date by hand.)
For the user nothing changes, because if he speciefies "token" as username, still the token base auth will be used for the choosen provider.
The only way an user may be affected is, if he configures a token based auth for a provider which does not supports it. This now would be possible and will result in an authentication error against the provider - But Hey, if he fills in incorrect data the same will be happen.
The only bigger problem would be if the valid username of a user is "token". In this case he will be affected in the same way and this could not be fixed in an easy way.
IMHO, the benefits are bigger for us, because the maintain work will become much easier and one stupid error source will get eliminated.
Best regards,
-Stefan
Hello,
I do not understand exactly what this patch is trying to achieve.
Unfortunately we have no choice than doing it this way with the current UI.
I do not think it is worth altering the UI for this, and I do not know how we could do it without having a list again?
-Michael
On 2 Dec 2020, at 11:30, Stefan Schantl < stefan.schantl@ipfire.org> wrote:
This is really hard to maintain when adding new or altering existing providers.
Reference #12415.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/ddns.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 715c37290..024eaf7f6 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile {
my $use_token = 0;
# Handle token based auth for variousproviders.
if ($provider ~~ ["dns.lightningwirelabs.com","entrydns.net", "regfish.com",
"spdns.de", "zzzz.io"] &&$username eq "token") {
# Check if token based auth is configured.if ($username eq "token") { $use_token = 1;}# Handle token auth for freedns.afraid.org and
regfish.com.
} elsif ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") {
if ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") { $use_token = 1; $password = $username;
-- 2.20.1
Hello Adolf,
thanks for joining the conversation and your thoughts.
Hi Stefan,
Would it be possible to create some form of simple database file where all known suppliers are listed in together with what inputs they expect.
Yes of course this would be possible, but would not really solve the problem of a static list or file which also needs to be adjusted if new providers will be added or existing ones are changed.
Then you would know which items to check for in the WUI. Maybe you could even only show the required input boxes once the supplier has been chosen from the drop-down box.
In my reply to Michael I put some thoughts about how this issue hopefully can be solved in a very smart way by getting the affected providers directly from the ddns tool itself.
Best regards,
-Stefan
Regards,
Adolf.
On 02/12/2020 17:02, Stefan Schantl wrote:
Mhm,
you are right this will only move the problem from the developers (us) to the users.
This is a really hard problem because there is no easy solution for this issue.
We simple can take care about the users input and verify if the providers supports what has been configured or we even do not.
If we decide to safe the users from themself, we need something to verify against and that would be something like such a crappy static list.
Do I miss something or think to narrow?
@List followers, what are your opinions?
Best regards,
-Stefan
You are moving the problem from the developer to the user.
I think that might be more messy.
I am also not sure how this will affect existing setups?
-Michael
On 2 Dec 2020, at 15:35, Stefan Schantl < stefan.schantl@ipfire.org> wrote:
Hello Michael,
the intension of this patch was, that a supported provider of DDNS has changed it's API to support now token based authentication. The code already has been changed so here we are safe by now.
Also in case a new dynamic DNS provider will be added to DDNS, we do not have to do anything, because the GUI automatically will be filled with the new provider.
But there is one big exception in this:
If a new or existing provider has supports authentication tokens, this provider has to be added to this list, which is not very intuitive.
We also have to ship the GUI each time for new, if this happened.
(This was the former reason, why we created the "ddns list- providers" command to prevent from this.)
My change simplifies, the check if token based authentication should be used or not. It removes the check against the static list of providers which supports token based authentications. (This is the list, which needs to be keep up to date by hand.)
For the user nothing changes, because if he speciefies "token" as username, still the token base auth will be used for the choosen provider.
The only way an user may be affected is, if he configures a token based auth for a provider which does not supports it. This now would be possible and will result in an authentication error against the provider - But Hey, if he fills in incorrect data the same will be happen.
The only bigger problem would be if the valid username of a user is "token". In this case he will be affected in the same way and this could not be fixed in an easy way.
IMHO, the benefits are bigger for us, because the maintain work will become much easier and one stupid error source will get eliminated.
Best regards,
-Stefan
Hello,
I do not understand exactly what this patch is trying to achieve.
Unfortunately we have no choice than doing it this way with the current UI.
I do not think it is worth altering the UI for this, and I do not know how we could do it without having a list again?
-Michael
On 2 Dec 2020, at 11:30, Stefan Schantl < stefan.schantl@ipfire.org> wrote:
This is really hard to maintain when adding new or altering existing providers.
Reference #12415.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
html/cgi-bin/ddns.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 715c37290..024eaf7f6 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -665,13 +665,13 @@ sub GenerateDDNSConfigFile {
my $use_token = 0;
# Handle token based auth for variousproviders.
if ($provider ~~ ["dns.lightningwirelabs.com","entrydns.net", "regfish.com",
"spdns.de", "zzzz.io"] &&$username eq "token") {
# Check if token based auth is configured.if ($username eq "token") { $use_token = 1;}# Handle token auth for freedns.afraid.org and
regfish.com.
} elsif ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") {
if ($provider ~~ ["freedns.afraid.org","regfish.com"] && $password eq "") { $use_token = 1; $password = $username;
-- 2.20.1
-
Adolf Belka -
Michael Tremer -
Stefan Schantl