Make script work again with new SSO login

[bb]

Hi Aikhjarto,

Looks like you also wanted to automate dns-01 challenge with HostEurope AutoDNS. I found this project by looking for a solution for this. :)

Are you planning to work around the issue you observed in a8ad9daf9e97a81dafb52d2f4b21ace84d8ee99f or is this project abandoned? Or do you by chance have it fixed locally and just not published? ;)

My investigation so far:

It still seems easily possible to login via curl by using a cookie-jar (Using curl: -b hosteurope.cookies to read and -c hosteurope.cookies to write during login.

Before the first fetch, I run $FETCH_BIN 'https://sso.hosteurope.de/api/app/v1/login' -H 'Origin: https://sso.hosteurope.de' -H 'Content-Type: application/json' -H 'Accept: application/json, text/plain, */*' -H 'Referer: https://sso.hosteurope.de/' -H 'Connection: keep-alive' -H 'DNT: 1' --data-binary "{\"brandId\":\"b9c8f0f0-60dd-4cab-9da8-512b352d9c1a\",\"locale\":\"de-DE\",\"identifier\":\"$HE_USERNAME\",\"password\":\"$HE_PASSWORD\"}" --compressed -c hosteurope.cookies The output will be {"success":true} if the login was successful.

Subsequent requests to KIS seem to work in general, however the old kdnummer and passwd params need to be removed.

In addition, something else seems to be wrong on my side, but I wanted to reach out to you first before spending too much time.

[Aikhjarto]

Yes, I was planning to work on the login problem. However, last time i checked, there was a captcha and I could not find a way around it. As the captcha is gone, work can continue.

@bb Nice work, I tried your command to store the cookies and it seems to work for me too. At least for curl. I Just pushed a commit to include your work. Any change this might also work with wget?

[bb]

I‘m currently on a family trip and don’t have the computer with me, so I can’t try. Maybe this stack overflow answer helps: https://stackoverflow.com/questions/1324421/how-to-get-past-the-login-page-with-wget

[phil8900]

It seems that the captcha reappeared which is too bad, the idea of this script is amazing - but there is probably not much we can do as of now..

[cstender]

As a workaround you can login via browser and export the cookie (using e.g. this add-on https://addons.mozilla.org/en-US/firefox/addon/export-cookies-txt/). Afterwards just remove the login part from the hosteurope_domservice.sh script and everything works fine. At least for many domains it is still better than doing the update manually.

[mf0390]

Any news on this? I tried implementing this in PHP and I am stuck at the login request. The response JSON shows me this: string(75) "{"name":"SsoError","code":8020,"message":"Recaptcha is required for login"}"

I tried adding the cookie file and jar with the following cURL options: curl_setopt($curl, CURLOPT_COOKIEJAR, 'hosteurope.cookies'); curl_setopt($curl, CURLOPT_COOKIEFILE, 'hosteurope.cookies');

The file is created whenever I run the PHP script and it also contains some data, but it did not make the error go away.

[Aikhjarto]

Any news on this?

The captcha still prevents automated access from a script. I had contact with HostEurope, and they do not plan to remove the captcha. As a far-fetched workaround, I'm currently using HostEurope's mail service, which works, but has some limitations, e.g. no possibility to set the TTL.