Lightning Wire Labs: Drop authentication using username/password
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 30 Jan 2020 17:38:13 +0000 (17:38 +0000)
committerStefan Schantl <stefan.schantl@ipfire.org>
Thu, 30 Jan 2020 19:02:41 +0000 (20:02 +0100)
This is quite dangerous using the main credentials to
update DDNS. Hence LWL is dropping this now and only
supports authentication using tokens.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
src/ddns/providers.py

index 85cb6af..dcdc5da 100644 (file)
@@ -1256,27 +1256,17 @@ class DDNSProviderLightningWireLabs(DDNSProvider):
        url = "https://dns.lightningwirelabs.com/update"
 
        def update(self):
+               # Raise an error if no auth details are given.
+               if not self.token:
+                       raise DDNSConfigurationError
+
                data =  {
                        "hostname" : self.hostname,
+                       "token"    : self.token,
                        "address6" : self.get_address("ipv6", "-"),
                        "address4" : self.get_address("ipv4", "-"),
                }
 
-               # Check if a token has been set.
-               if self.token:
-                       data["token"] = self.token
-
-               # Check for username and password.
-               elif self.username and self.password:
-                       data.update({
-                               "username" : self.username,
-                               "password" : self.password,
-                       })
-
-               # Raise an error if no auth details are given.
-               else:
-                       raise DDNSConfigurationError
-
                # Send update to the server.
                response = self.send_request(self.url, data=data)