Merge pull request #2870 from softcat/fix/inwx-api

Fix for INWX DNS API (multiple domains and 2FA enabled failing)
2024-11-20 13:21:44 +00:00 · 2020-04-19 20:36:47 +08:00 · 2020-04-19 20:36:47 +08:00 · 0043f3558c
commit 0043f3558c
parent 458c0db3a8 5d00edc896
1 changed files with 60 additions and 7 deletions
--- a/dnsapi/dns_inwx.sh
+++ b/dnsapi/dns_inwx.sh
@ -34,6 +34,10 @@ dns_inwx_add() {
  _saveaccountconf_mutable INWX_Password "$INWX_Password"
  _saveaccountconf_mutable INWX_Shared_Secret "$INWX_Shared_Secret"

+  if ! _inwx_login; then
+    return 1
+  fi
+
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
@ -64,6 +68,10 @@ dns_inwx_rm() {
    return 1
  fi

+  if ! _inwx_login; then
+    return 1
+  fi
+
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
@ -123,8 +131,42 @@ dns_inwx_rm() {

 ####################  Private functions below ##################################

+_inwx_check_cookie() {
+  INWX_Cookie="${INWX_Cookie:-$(_readaccountconf_mutable INWX_Cookie)}"
+  if [ -z "$INWX_Cookie" ]; then
+    _debug "No cached cookie found"
+    return 1
+  fi
+  _H1="$INWX_Cookie"
+  export _H1
+
+  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
+  <methodCall>
+  <methodName>account.info</methodName>
+  </methodCall>')
+
+  response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
+
+  if _contains "$response" "<member><name>code</name><value><int>1000</int></value></member>"; then
+    _debug "Cached cookie still valid"
+    return 0
+  fi
+
+  _debug "Cached cookie no longer valid"
+  _H1=""
+  export _H1
+  INWX_Cookie=""
+  _saveaccountconf_mutable INWX_Cookie "$INWX_Cookie"
+  return 1
+}
+
 _inwx_login() {

+  if _inwx_check_cookie; then
+    _debug "Already logged in"
+    return 0
+  fi
+
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>account.login</methodName>
@ -148,17 +190,25 @@ _inwx_login() {
    </value>
   </param>
  </params>
-  </methodCall>' $INWX_User $INWX_Password)
+  </methodCall>' "$INWX_User" "$INWX_Password")

  response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
-  _H1=$(printf "Cookie: %s" "$(grep "domrobot=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o 'domrobot=[^;]*;' | tr -d ';')")
+
+  INWX_Cookie=$(printf "Cookie: %s" "$(grep "domrobot=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o 'domrobot=[^;]*;' | tr -d ';')")
+  _H1=$INWX_Cookie
  export _H1
+  export INWX_Cookie
+  _saveaccountconf_mutable INWX_Cookie "$INWX_Cookie"
+
+  if ! _contains "$response" "<member><name>code</name><value><int>1000</int></value></member>"; then
+    _err "INWX API: Authentication error (username/password correct?)"
+    return 1
+  fi

  #https://github.com/inwx/php-client/blob/master/INWX/Domrobot.php#L71
-  if _contains "$response" "<member><name>code</name><value><int>1000</int></value></member>" \
-    && _contains "$response" "<member><name>tfa</name><value><string>GOOGLE-AUTH</string></value></member>"; then
+  if _contains "$response" "<member><name>tfa</name><value><string>GOOGLE-AUTH</string></value></member>"; then
    if [ -z "$INWX_Shared_Secret" ]; then
-      _err "Mobile TAN detected."
+      _err "INWX API: Mobile TAN detected."
      _err "Please define a shared secret."
      return 1
    fi
@ -191,6 +241,11 @@ _inwx_login() {
    </methodCall>' "$tan")

    response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
+
+    if ! _contains "$response" "<member><name>code</name><value><int>1000</int></value></member>"; then
+      _err "INWX API: Mobile TAN not correct."
+      return 1
+    fi
  fi

 }
@ -203,8 +258,6 @@ _get_root() {
  i=2
  p=1

-  _inwx_login
-
  xml_content='<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>nameserver.list</methodName>