YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Passwords can be set interactively

Browse source
This commit is contained in:
theo@manjaro 2022-07-04 10:07:30 +02:00
parent 02a4a5fecf
commit 1506146450
3 changed files with 28 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
share/actionsmap.yml
View file

@ -459,6 +459,8 @@ domain:
action: store_true action: store_true
-p: -p:
full: --password full: --password
nargs: "?"
const: 0
help: Subscribe to the DynDNS service with a password, used to later delete the domain help: Subscribe to the DynDNS service with a password, used to later delete the domain
extra: extra:
pattern: *pattern_password pattern: *pattern_password
@ -483,6 +485,8 @@ domain:
action: store_true action: store_true
-p: -p:
full: --password full: --password
nargs: "?"
const: 0
help: Password used to delete the domain from DynDNS help: Password used to delete the domain from DynDNS
extra: extra:
pattern: *pattern_password pattern: *pattern_password
@ -1419,6 +1423,8 @@ dyndns:
help: Public DNS key help: Public DNS key
-p: -p:
full: --password full: --password
nargs: "?"
const: 0
help: Password used to later delete the domain help: Password used to later delete the domain
extra: extra:
pattern: *pattern_password pattern: *pattern_password
@ -1436,9 +1442,10 @@ dyndns:
required: True required: True
-p: -p:
full: --password full: --password
nargs: "?"
const: 0
help: Password used to delete the domain help: Password used to delete the domain
extra: extra:
required: True
pattern: *pattern_password pattern: *pattern_password
### dyndns_update() ### dyndns_update()

2
src/domain.py
View file

@ -356,7 +356,7 @@ def domain_remove(operation_logger, domain, remove_apps=False, force=False, pass
hook_callback("post_domain_remove", args=[domain]) hook_callback("post_domain_remove", args=[domain])
# If a password is provided, delete the DynDNS record # If a password is provided, delete the DynDNS record
if password: if password!=None:
from yunohost.dyndns import dyndns_unsubscribe from yunohost.dyndns import dyndns_unsubscribe
# Actually unsubscribe # Actually unsubscribe

22
src/dyndns.py
View file

@ -31,7 +31,7 @@ import base64
import subprocess import subprocess
import hashlib import hashlib
from moulinette import m18n from moulinette import Moulinette, m18n
from moulinette.core import MoulinetteError from moulinette.core import MoulinetteError
from moulinette.utils.log import getActionLogger from moulinette.utils.log import getActionLogger
from moulinette.utils.filesystem import write_to_file, rm, chown, chmod from moulinette.utils.filesystem import write_to_file, rm, chown, chmod
@ -144,7 +144,14 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None):
# Yeah the secret is already a base64-encoded but we double-bas64-encode it, whatever... # Yeah the secret is already a base64-encoded but we double-bas64-encode it, whatever...
b64encoded_key = base64.b64encode(secret.encode()).decode() b64encoded_key = base64.b64encode(secret.encode()).decode()
data = {"subdomain": domain} data = {"subdomain": domain}
if password: if password!=None:
from yunohost.utils.password import assert_password_is_strong_enough
# Ensure sufficiently complex password
if Moulinette.interface.type == "cli" and password==0:
password = Moulinette.prompt(
m18n.n("ask_password"), is_password=True, confirm=True
)
assert_password_is_strong_enough("admin", password)
data["recovery_password"]=hashlib.sha256((domain+":"+password.strip()).encode('utf-8')).hexdigest() data["recovery_password"]=hashlib.sha256((domain+":"+password.strip()).encode('utf-8')).hexdigest()
r = requests.post( r = requests.post(
f"https://{DYNDNS_PROVIDER}/key/{b64encoded_key}?key_algo=hmac-sha512", f"https://{DYNDNS_PROVIDER}/key/{b64encoded_key}?key_algo=hmac-sha512",
@ -179,7 +186,7 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None):
@is_unit_operation() @is_unit_operation()
def dyndns_unsubscribe(operation_logger, domain, password): def dyndns_unsubscribe(operation_logger, domain, password=None):
""" """
Unsubscribe from a DynDNS service Unsubscribe from a DynDNS service
@ -190,6 +197,15 @@ def dyndns_unsubscribe(operation_logger, domain, password):
operation_logger.start() operation_logger.start()
from yunohost.utils.password import assert_password_is_strong_enough
# Ensure sufficiently complex password
if Moulinette.interface.type == "cli" and not password:
password = Moulinette.prompt(
m18n.n("ask_password"), is_password=True, confirm=True
)
assert_password_is_strong_enough("admin", password)
# '165' is the convention identifier for hmac-sha512 algorithm # '165' is the convention identifier for hmac-sha512 algorithm
# '1234' is idk? doesnt matter, but the old format contained a number here... # '1234' is idk? doesnt matter, but the old format contained a number here...
key_file = f"/etc/yunohost/dyndns/K{domain}.+165+1234.key" key_file = f"/etc/yunohost/dyndns/K{domain}.+165+1234.key"