How to crate a One-Time Login Hash URL via API

denismariano

denismariano

Verified User
Joined
Jan 1, 2021
Messages
6
Location
Kampala
There is a feature "/usr/local/directadmin/directadmin --create-login-url user=admin" (https://www.directadmin.com/features.php?id=2463) that creates a one-time login URL via command line, am wondering if there is an API based version of it as it is with cPanel and Plesk. I badly need it because am looking at adding Directadmin to a list of our offerings. We have already tightly integrated a similar feature in cPanel and Plesk into our customer portal, And now trying to integrate DA, but seem to be stuck with this particular feature. any help, hints will be greatly appreciated.
 
Thanks, @bdacus01, I looked at API keys as suggested, but unfortunately, it doesn't work for me. "One-Time Login Hash URL" (https://www.directadmin.com/features.php?id=2463) could be the perfect match, but unfortunately it's only available via the command line. In cPanel it could be equivalent to "create_user_session" (https://documentation.cpanel.net/display/DD/WHM+API+1+Functions+-+create_user_session).

As per the screen below, basically what I want is that if a client clicks any of those links (from our customer portal), a DA session will automatically be created for that user and the customer auto-logged into DA, and redirected to the specific section. eg if they click the SSL Certificates Icon, they should get auto-logged into DA and taken to "https://your-servername.com:2222/user/ssl/"

DA-Shortcuts.PNG
 
Until DA has a solution like Cpanel has, i suggest to put a call from your "Customer Portal Server" to the "DA Server", a few security checks like File/Hash/IP and the DA Server calls the terminal internally, the result is a "One Click Login Url" that could send as response to the call from the "Customer Portal Server", right?
 
Good day team,
unfortunately it is not working as we expect. To make a one-time Login HASH through API it is required to send current password (of the user,reseller or admin). But we don't save any kind of passwords, we handle all using LoginKeys, so it is impossible for us to create One-time Login HASH at all.
I voted for API modification here: https://feedback.directadmin.com/b/feature-requests/request-options-for-one-time-login-hash-url/
Related Ticket #39691
And hope it is possible to remove password restriction from this function.
 
Just a quick update, after a while with a bit of reading and use of the DirectAdmin PHP Communication Class, we were able to achieve the desired functionality. However, as @shvaber reported, it requires the use of some kind of password (in our case, we use the admin password)

$this->_socket->set_login($this->adminUsername."|".$this->username,$this->adminPassword); $this->_socket->query('/CMD_API_LOGIN_KEYS', array ( 'method'=>'GET', 'action' => 'create', 'type' => 'one_time_url', 'redirect-url' => $this->ssoRedirectUrl, 'login_keys_notify_on_creation' => 0, 'expiry'=>'30m', 'user' => $this->adminUsername."|".$this->username, 'passwd' => $this->adminPassword, )); return $this->parse_response($this->_socket->fetch_body());

And the above code snippet returns something similar to this:

[error] => 0 [text] => One-Time Login URL Created [details] => https://yoursite.com:2222/CMD_LOGIN_URL?hash=fEDdAioESDuaTK3R5UcyHd9HqrhvOAg3NrgXaSm0fgb6yeW4660Nj9cZyISMS8Opy2NYV7Y8l7DkljoppmDXtp6r5ZEYfaLdcg97ngEZnRJXA5MxpZUiNZZS6
 
Last edited:
PLEASE DO NOT POST LOGIN KEYS/URLS.

Since the login key hash was still valid I managed to login into your DA panel.
I have no intentions for harm but please do not do it again.proof.jpeg
 
You must log in or register to reply here.
Back
Top