SecurityPolicy::PasswordStrength API
Someone has managed to change the following value "Security Policy::Password Strength" from the WHM API, I have looked for a way to change it through the API but I have not been able to do it.
-
Hey there! I am also not finding an API call for this specific page. I do see that we use this call to display the page after it has been changed:
https://api.docs.cpanel.net/openapi/whm/operation/get_password_strength/
but I don't see one to change that specific value.
0 -
That function only returns the strength of a given password:
whmapi1 --output=jsonpretty get_password_strength password='123456789'
{
"data" : {
"strength" : 63
},
"metadata" : {
"reason" : "OK",
"command" : "get_password_strength",
"version" : 1,
"result" : 1
}
}0 -
I have found these two links, but I have not had success changing the value "SecurityPolicy::PasswordStrength"
https://api.docs.cpanel.net/openapi/whm/operation/set_tweaksetting/
whmapi1 --output=jsonpretty set_tweaksetting key='securityPolicy::PasswordStrength' value=1
{
"metadata" : {
"version" : 1,
"result" : 0,
"reason" : "Invalid tweaksetting key",
"command" : "set_tweaksetting"
}
}0 -
Tweak Settings options wouldn't be related to the "Configure Security Policies" page in WHM.
0 -
I ended up solving it using the following commands, i don't know if it is the best practice but it worked for the purposes i needed it
whmapi1 create_user_session user=root service=whostmgrd --output=json
curl --silent --insecure --data-urlencode "session=<session>" "https://127.0.0.1:2087<cp_security_token>/login/" --cookie-jar /tmp/<filecookie> > /dev/null
curl --silent --insecure "https://127.0.0.1:2087<cp_security_token>/securitypolicy_configure?TwoFactorAuth=1&PasswordStrength=1&maxage=90&cmd=Save" --cookie /tmp/<filecookie> > /dev/null
0 -
German Ramos : I was going to suggest something similar, but it's advisable to read the security policy first (which will require parsing the HTML) and then making the update request as you will overwrite ALL settings in the Security Policy every update: so if someone else (or even yourself) enables say "Password age", then it'll keep being toggled off everytime your script runs.
0
Please sign in to leave a comment.
Comments
6 comments