Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel API get_password_strength

Discussion in 'cPanel Developers' started by nickwuk, Sep 4, 2018.

Tags:
  1. nickwuk

    nickwuk Active Member

    Joined:
    Jul 18, 2009
    Messages:
    26
    Likes Received:
    2
    Trophy Points:
    53
    I had the Cpanel API get_password_strength function working previously, but today when I test it was only returning a strength of 31 for the test password *fox&jn3)G>L, then I found the strength remained at 31 even if I added more characters.

    Then in a separate test script I'm getting the following error: "Failed to read valid json data in json fast mode". I'm wondering if I've made too many requests with the test script?

    I've now tried setting the ftp password to *fox&jn3)G>L$T7j\"B9 using the API function Ftp::passwd and it failed with a 'too weak' error. This was working ok last week.

    I found the ftp account had not been created so maybe that's why the password would not reset, but if so then it was returning spurious errors.

    I've now recreated the ftp account and get_password_strength is now working correctly again.
     
    #1 nickwuk, Sep 4, 2018
    Last edited: Sep 4, 2018
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,124
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @nickwuk


    Can you show me the full query string you were using (without any personal domain/account information) so that I can try testing this locally?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. nickwuk

    nickwuk Active Member

    Joined:
    Jul 18, 2009
    Messages:
    26
    Likes Received:
    2
    Trophy Points:
    53
    The test script I was using with the Cpanel class is below:
    Code:
    <?php
    $new_pass = '*fox&jn3)G>L$h£32Tg^£';
    include "Cpanel.php";
    $cpanel = new Cpanel();
    $cp_user = $cpanel->getCpUser();
    $opts = array('password' => $new_pass);
    if($result = $cpanel->callCpanelApi($cp_user, 'PasswdStrength', 'get_password_strength',$opts)) {
        $json = json_decode($result,true);
        if($json['cpanelresult']['event']['result']!=1) {
            print 'Error checking password strength: ';
            print_r($json);
        } else {
            print 'Strength: ' . $json['cpanelresult']['data'][0]['strength'];
        }
    } else {
        print 'Error for callCpanelApi with function PasswdStrength|get_password_strength: ' . $cpanel->getError();
    }
    I extended the Cpanel class with
    Code:
    $this->cpUser = 'myusername';
    in the constructor and the following function:
    Code:
        public function getCpUser()
        {
            return $this->cpUser;
        }
    And I'm using a token for authentication.

    The full code includes comprehensive error and debug logging and I've noticed that testing an ftp connection immediately after the ftp account has been created via the api (also immediately after an addon domain has been created) is giving me intermittent errors, so I'm wondering if it's connected or whether it's a server load issue. Hopefully more testing will reveal.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,124
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @nickwuk

    Can you test this after you've recently restarted queuprocd? It may be the task queue has a backlog as well which could also be due to high load.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. nickwuk

    nickwuk Active Member

    Joined:
    Jul 18, 2009
    Messages:
    26
    Likes Received:
    2
    Trophy Points:
    53
    I've started retesting the addftp function (more than 3 months later) and now when it fails the code is outputting the result. In the example below the creation failed but succeeded using the same password when created manually. I notice the event result is 1 but the data result is 0 without reason, although the reason is given in the 'error' key.

    Code:
        [cpanelresult] => Array
            (
                [apiversion] => 2
                [error] => This system does not allow the given password for “” because it is too weak and would be too easy to crack. Please select a password with strength rating of 90 or higher.
                [event] => Array
                    (
                        [result] => 1
                    )
                [module] => Ftp
                [func] => addftp
                [data] => Array
                    (
                        [0] => Array
                            (
                                [result] => 0
                                [reason] =>
                            )
                    )
            )
    The user and password option parameters used were:
    user: sitepro
    pass: 3$#J^$ownGur

    When an ftp account was created manually using the same parameters then it worked.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @nickwuk,

    Let's try to reproduce the behavior with the PasswdStrength::get_password_strength cPanel API 2 function via the command line first. This way we can isolate if it's an issue with our API functionality, or an issue with the custom script you are using.

    I tested the password you provided in your initial message using the following command:

    Code:
    cpapi2 --user=cptest01 PasswdStrength get_password_strength password=%2Afox%26jn3%29G%3EL%2C
    Note how the password you provided was URI-encoded for use with the API function from:

    Code:
    *fox&jn3)G>L,
    To:

    Code:
    %2Afox%26jn3%29G%3EL%2C
    URI-encoding the password is required when using it with an API function to ensure it's parsed correctly.

    Here are the results from the command:

    Code:
    # cpapi2 --user=testuser123 PasswdStrength get_password_strength password=%2Afox%26jn3%29G%3EL%2C
    ---
    cpanelresult:
      apiversion: 2
      data:
        -
          strength: 100
      event:
        result: 1
      func: get_password_strength
      module: PasswdStrength
    
    As you can see, it shows a value of "100" for the strength, and matches what appears when entering it as a password in the cPanel & WHM user interfaces. Can you confirm if you see the same behavior?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice