From 99d3a283efd9a6a6a5c6e5812aa829984cbb8cff Mon Sep 17 00:00:00 2001
From: Brian Hartvigsen <brian.andrew@brianandjenny.com>
Date: Sat, 26 Sep 2020 19:38:18 -0600
Subject: [PATCH 1/4] Use POST for login

This allows us to get the cookie and the token (as it appears to be only in the body in DSM 7.)  HTTP_HEADERS is only guarenteed to be output with POST for both wget and curl.
---
 deploy/synology_dsm.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh
index 2ec0ceb3..53ab5dd9 100644
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -22,7 +22,7 @@
 ########  Public functions #####################
 
 _syno_get_cookie_data() {
-  grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
+  grep -i "\W$1=" "$HTTP_HEADER" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
 }
 
 #domain keyfile certfile cafile fullchain
@@ -78,8 +78,8 @@ synology_dsm_deploy() {
   encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
   encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
   encoded_did="$(printf "%s" "$SYNO_DID" | _url_encode)"
-  response=$(_get "$_base_url/webman/login.cgi?username=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_id=$encoded_did" 1)
-  token=$(echo "$response" | grep -i "X-SYNO-TOKEN:" | sed -n 's/^X-SYNO-TOKEN: \(.*\)$/\1/pI' | tr -d "\r\n")
+  response=$(_post "username=$encoded_username&passwd=$encoded_password&device_id=$encoded_did" "$_base_url/webman/login.cgi?enable_syno_token=yes")
+  token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p')
   _debug3 response "$response"
   _debug token "$token"
 
@@ -89,7 +89,7 @@ synology_dsm_deploy() {
     return 1
   fi
 
-  _H1="Cookie: $(echo "$response" | _syno_get_cookie_data "id"); $(echo "$response" | _syno_get_cookie_data "smid")"
+  _H1="Cookie: $(_syno_get_cookie_data "id"); $(_syno_get_cookie_data "smid")"
   _H2="X-SYNO-TOKEN: $token"
   export _H1
   export _H2

From cc69285420a49f118acb37c77e3c8f9f73c19f7f Mon Sep 17 00:00:00 2001
From: Thijn <thijn38@gmail.com>
Date: Wed, 9 Dec 2020 11:45:25 +0100
Subject: [PATCH 2/4] Fix synology_dsm deployhook for DSM 7

---
 deploy/synology_dsm.sh | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh
index 53ab5dd9..bca12d8d 100644
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -73,13 +73,25 @@ synology_dsm_deploy() {
   _base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
   _debug _base_url "$_base_url"
 
+  _debug "Getting API version"
+  response=$(_get "$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth")
+  api_version=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p')
+  _debug3 response "$response"
+  _debug3 api_version "$api_version"
+
   # Login, get the token from JSON and session id from cookie
   _info "Logging into $SYNO_Hostname:$SYNO_Port"
   encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
   encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
-  encoded_did="$(printf "%s" "$SYNO_DID" | _url_encode)"
-  response=$(_post "username=$encoded_username&passwd=$encoded_password&device_id=$encoded_did" "$_base_url/webman/login.cgi?enable_syno_token=yes")
-  token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p')
+
+  if [ ! -z "$SYNO_DID" ]; then
+    _H1="Cookie: did=$SYNO_DID"
+    export _H1
+    _debug3 H1 "${_H1}"
+  fi
+
+  response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&enable_device_token=yes&enable_syno_token=yes" "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version")
+  token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
   _debug3 response "$response"
   _debug token "$token"
 
@@ -88,13 +100,11 @@ synology_dsm_deploy() {
     _err "Check your username and password."
     return 1
   fi
+  sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
 
-  _H1="Cookie: $(_syno_get_cookie_data "id"); $(_syno_get_cookie_data "smid")"
-  _H2="X-SYNO-TOKEN: $token"
+  _H1="X-SYNO-TOKEN: $token"
   export _H1
-  export _H2
   _debug2 H1 "${_H1}"
-  _debug2 H2 "${_H2}"
 
   # Now that we know the username and password are good, save them
   _savedeployconf SYNO_Username "$SYNO_Username"
@@ -102,7 +112,7 @@ synology_dsm_deploy() {
   _savedeployconf SYNO_DID "$SYNO_DID"
 
   _info "Getting certificates in Synology DSM"
-  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1" "$_base_url/webapi/entry.cgi")
+  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
   _debug3 response "$response"
   id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p")
   _debug2 id "$id"
@@ -135,7 +145,7 @@ synology_dsm_deploy() {
   content="${content%_}" # protect trailing \n
 
   _info "Upload certificate to the Synology DSM"
-  response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token" "" "POST" "multipart/form-data; boundary=${delim}")
+  response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}")
   _debug3 response "$response"
 
   if ! echo "$response" | grep '"error":' >/dev/null; then

From 7d7789ae96ef4061dfb97c41d45a7b017626d305 Mon Sep 17 00:00:00 2001
From: Brian Hartvigsen <brian.andrew@brianandjenny.com>
Date: Wed, 9 Dec 2020 20:35:50 -0700
Subject: [PATCH 3/4] Support DSM 6 and 7

Small changes for DSM 6:

All fields (except enable_syno_token as explained below) must either be in the GET params or the POST params, you can't mix GET and POST params
enable_syno_token=yes must be in both the GET and POST params.
If enable_syno_token=yes is only in the POST fields, then DSM6 returns a synotoken of --------. If enable_syno_token=yes is only in the GET params, then it returns no synotoken at all. It must be in both to work.
Need to use /webapi/auth.cgi instead of /webapi/entry.cgi
Verified with DSM 6.2.3-25426 Update 2 and DSM 7.0-40850
---
 deploy/synology_dsm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh
index bca12d8d..edbc1e3e 100644
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -90,7 +90,7 @@ synology_dsm_deploy() {
     _debug3 H1 "${_H1}"
   fi
 
-  response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&enable_device_token=yes&enable_syno_token=yes" "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version")
+  response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
   token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
   _debug3 response "$response"
   _debug token "$token"

From 2635dfef9659a69d003cc2cb1f108a6c7de044a1 Mon Sep 17 00:00:00 2001
From: Brian Hartvigsen <brian.andrew@brianandjenny.com>
Date: Wed, 9 Dec 2020 21:01:44 -0700
Subject: [PATCH 4/4] Shellcheck linting

Also removed unused code
---
 deploy/synology_dsm.sh | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh
index edbc1e3e..35d33209 100644
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -21,10 +21,6 @@
 
 ########  Public functions #####################
 
-_syno_get_cookie_data() {
-  grep -i "\W$1=" "$HTTP_HEADER" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
-}
-
 #domain keyfile certfile cafile fullchain
 synology_dsm_deploy() {
 
@@ -84,7 +80,7 @@ synology_dsm_deploy() {
   encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
   encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
 
-  if [ ! -z "$SYNO_DID" ]; then
+  if [ -n "$SYNO_DID" ]; then
     _H1="Cookie: did=$SYNO_DID"
     export _H1
     _debug3 H1 "${_H1}"