diff --git a/share/actionsmap.yml b/share/actionsmap.yml index 8f2e90569..fae7ab8f8 100644 --- a/share/actionsmap.yml +++ b/share/actionsmap.yml @@ -459,6 +459,8 @@ domain: action: store_true -p: full: --password + nargs: "?" + const: 0 help: Subscribe to the DynDNS service with a password, used to later delete the domain extra: pattern: *pattern_password @@ -483,6 +485,8 @@ domain: action: store_true -p: full: --password + nargs: "?" + const: 0 help: Password used to delete the domain from DynDNS extra: pattern: *pattern_password @@ -1419,6 +1423,8 @@ dyndns: help: Public DNS key -p: full: --password + nargs: "?" + const: 0 help: Password used to later delete the domain extra: pattern: *pattern_password @@ -1436,9 +1442,10 @@ dyndns: required: True -p: full: --password + nargs: "?" + const: 0 help: Password used to delete the domain extra: - required: True pattern: *pattern_password ### dyndns_update() diff --git a/src/domain.py b/src/domain.py index 3c5823037..5bdecf651 100644 --- a/src/domain.py +++ b/src/domain.py @@ -356,7 +356,7 @@ def domain_remove(operation_logger, domain, remove_apps=False, force=False, pass hook_callback("post_domain_remove", args=[domain]) # If a password is provided, delete the DynDNS record - if password: + if password!=None: from yunohost.dyndns import dyndns_unsubscribe # Actually unsubscribe diff --git a/src/dyndns.py b/src/dyndns.py index 67a8b293d..a5532f101 100644 --- a/src/dyndns.py +++ b/src/dyndns.py @@ -31,7 +31,7 @@ import base64 import subprocess import hashlib -from moulinette import m18n +from moulinette import Moulinette, m18n from moulinette.core import MoulinetteError from moulinette.utils.log import getActionLogger from moulinette.utils.filesystem import write_to_file, rm, chown, chmod @@ -144,7 +144,14 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None): # Yeah the secret is already a base64-encoded but we double-bas64-encode it, whatever... b64encoded_key = base64.b64encode(secret.encode()).decode() data = {"subdomain": domain} - if password: + if password!=None: + from yunohost.utils.password import assert_password_is_strong_enough + # Ensure sufficiently complex password + if Moulinette.interface.type == "cli" and password==0: + password = Moulinette.prompt( + m18n.n("ask_password"), is_password=True, confirm=True + ) + assert_password_is_strong_enough("admin", password) data["recovery_password"]=hashlib.sha256((domain+":"+password.strip()).encode('utf-8')).hexdigest() r = requests.post( f"https://{DYNDNS_PROVIDER}/key/{b64encoded_key}?key_algo=hmac-sha512", @@ -179,7 +186,7 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None): @is_unit_operation() -def dyndns_unsubscribe(operation_logger, domain, password): +def dyndns_unsubscribe(operation_logger, domain, password=None): """ Unsubscribe from a DynDNS service @@ -189,6 +196,15 @@ def dyndns_unsubscribe(operation_logger, domain, password): """ operation_logger.start() + + from yunohost.utils.password import assert_password_is_strong_enough + + # Ensure sufficiently complex password + if Moulinette.interface.type == "cli" and not password: + password = Moulinette.prompt( + m18n.n("ask_password"), is_password=True, confirm=True + ) + assert_password_is_strong_enough("admin", password) # '165' is the convention identifier for hmac-sha512 algorithm # '1234' is idk? doesnt matter, but the old format contained a number here...