One-Time Login Hash URL

Version 1.582

Feature
Finished

You can now create a one-time use URL which will automatically log you in as the specified User. NOTE: Must have Login Keys enabled for the given User in their user.conf. For example, to send someone a login URL to be logged in as admin, type: /usr/local/directadmin/directadmin --create-login-url user=admin which will output something similar to: URL: http://1.2.3.4:2222/CMD_LOGIN_URL?hash=cJbIk9GNsXk43....xmAHSTaKFiFe where the hash value is a randomly long length from 120 to 148 characters. ================ FUNCTION 1) The hash is stored on disk the the global file: /usr/local/directadmin/data/admin/login_hashes.conf but it will be crypted as the "left-side" index, with details about this hash on the right-side. Thus, a lookup of a given hash must cycle through each item, testing the crypt until found. It does create a Login Key under this User, but insetad of a crypted key, it saved "key=hash", signifying that it's a login url, standing by. 2) Once a valid hash has been accepted, the login key is swapped with a true crypted password, and that password is set in the sessions file. The password for this key is never seen. The original login hash is removed from the global login_hashes file. Cookie is sent, and the login works just like any other Login Key. ---- DURATION: By Default the Login Hashes live for 3 days, including the end of the Login Key time. So you have up to 3 days to login and logout. (it's not extended upon hash-to-key conversion) You can set a different time by adding: expiry=1d for example, to the --create-login-url options list. Valid time units are: s,m,h,d,M,y and ARE case sensitive. ---- RESTRICTIONS IPs: You can list one or many IPs or 1.2.3.4-7 ranges by adding this to the options: ips=1.2.3.4,5.6.7.8-9 --- Commands: Allow + Deny Similar to the Login Keys, you can control which CMDs are allowed or denied by doing something like: deny=ALL_RESELLER,CMD_LOGIN_KEYS,CMD_API_LOGIN_KEYS which would block all Admin Level functions for this URL hash. Just be careful, if you block ALL_ADMIN as it's difficult NOT to make Admin Level calls, for some things like ajax counts, etc. ---- CMD_LOGOUT When logged in with a login hash, upon clicking "Logout" (CMD_LOGOUT), it will destroy the session but will also delete this Login Key, so it doesn't hang around after. It should get delete eventually, after the expiry hits during various cleanup operations. ================ JSON You can also get json output by calling it with json=yes: /usr/local/directadmin/directadmin --create-login-url user=admin json=yes which would output something like: { "allow_htm": "yes", "clear_key": "yes", "expiry_timestamp": "1566096767", "hash": "QTyjeGyhIDpZLit4....abZ2UJCczm1U", "keyname": "HASHURLvicJDn5L", "max_uses": "0", "url": "http://1.2.3.4:2222/CMD_LOGIN_URL?hash=QTyjeGyhIDpZLit4....abZ2UJCczm1U" }

Interested to try DirectAdmin? Get a 30-day Free Trial!