From fdb3c4aa491a94772fdd53cdf0c1535af64c856f Mon Sep 17 00:00:00 2001 From: Nils Blume Date: Thu, 31 Aug 2023 09:22:07 +0200 Subject: [PATCH] added optional anonymous login for clients --- README.md | 3 ++- src/Config.php | 22 ++++++++++++++++++++-- src/Handler.php | 24 ++++++++++++++++-------- src/Payload.php | 5 ++++- 4 files changed, 42 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 4329e5a..ac7d24a 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,7 @@ Parameter | Example | Explanation `allowCreate` | true/`false` | allows creation of entries if parameter `create=true` in URL `restrictDomain` | true / `false` | allows admin to restrict the domain to update to a given value `domain` and/or `host`. See URL parameters for host parameter explanation `allowNetcupCreds` | true / `false` | allows the user to pass netcup credentials directly via the URL. URL creds will be preferred if any still exist in .env file +`allowAnonymous` | true / `false` | allows anonymous login, recommended only if you do not store any credentials and disable logging * alternatively you can use .configure.sh to create your .env file for you (if you are on a *NIX system) @@ -49,7 +50,7 @@ You can now set `allowCreate=true` in .env and pass `create=true` as URL paramet Parameter | Example | Explanation ---: | :--- | :--- -user | dnsupdater | username to authenticate against this script as defined in .env file +user | dnsupdater | username to authenticate against this script as defined in .env file. If anonymous login is allowed in .env: `anonymous` password | secretpleasechange |password for that user as defined in .env file domain | home.example.com | `case A)` If `host` is not specified: the FQDN for your host domain | example.com | `case B)` If you want to update the @ or * record diff --git a/src/Config.php b/src/Config.php index 42c3ad2..f819f8e 100644 --- a/src/Config.php +++ b/src/Config.php @@ -60,6 +60,11 @@ final class Config */ private $allowNetcupCreds = false; + /** + * @var bool + */ + private $allowAnonymous = false; + /** * @var bool */ @@ -91,8 +96,13 @@ final class Config public function isValid() { return - !empty($this->username) && - !empty($this->password) && + ( + !empty($this->username) && + !empty($this->password) + ) || + ( + $this->isAllowAnonymous() + ) && ( ( !empty($this->apiKey) && @@ -202,6 +212,14 @@ final class Config return $this->allowNetcupCreds; } + /** + * @return bool + */ + public function isAllowAnonymous() + { + return $this->allowAnonymous; + } + /** * @return string */ diff --git a/src/Handler.php b/src/Handler.php index 0b4a6af..c3fde67 100644 --- a/src/Handler.php +++ b/src/Handler.php @@ -58,14 +58,22 @@ final class Handler } } - if ( - $this->config->getUsername() !== $this->payload->getUser() || - $this->config->getPassword() !== $this->payload->getPassword() - ) { - if ($this->config->isDebug()) { - throw new RuntimeException('credentials invalid'); - } else { - exit("credentials invalid\n"); + if ($this->config->isAllowAnonymous()) { + if ($this->payload->getUser() == 'anonymous') { + if ($this->config->isDebug()) { + $this->doLog('anonymous login by client'); + } + } + } else { + if ( + $this->config->getUsername() !== $this->payload->getUser() || + $this->config->getPassword() !== $this->payload->getPassword() + ) { + if ($this->config->isDebug()) { + throw new RuntimeException('credentials invalid'); + } else { + exit("credentials invalid\n"); + } } } diff --git a/src/Payload.php b/src/Payload.php index 066465d..0fc56d2 100644 --- a/src/Payload.php +++ b/src/Payload.php @@ -85,7 +85,10 @@ final class Payload { return !empty($this->user) && - !empty($this->password) && + ( + $this->user == 'anonymous' || + !empty($this->password) + ) && !empty($this->domain) && ( (