Bulk update of cPanel user contact email addresses
With the change to requiring an account password for API methods of modifying cPanel contact info email addresses, is there currently an approved method of bulk modifying the primary and secondary contact email addresses for all cPanel accounts?
We have many thousands of accounts over many servers. We previously used the now deprecated cpapi2 CustInfo savecontactinfo call to handle one-off bulk updates, but that now requires the end-user's account password for authentication in line with the new uapi calls.
Do we now need to resort to direct modification of the /var/cpanel/users files?
That seems to be a backward step in cPanel's development if that's the case.
Thanks for any advice or solution anyone can offer.
-
Hey there! I'm not entirely sure what you mean when you say a password is now required to run the API commands. Using this command as the root user:
cpapi2 --user=username CustInfo savecontactinfo email=user@domain.tld
works well on my personal machine to change the contact email of an account. Are you seeing different behavior on your side?
1 -
That's how it previously performed, but now we see the following results ever since CustInfo::savecontactinfo was deprecated - (fake user and email parameters provided for security)...
# cpapi2 --user=lexglr02 CustInfo savecontactinfo email=support@test.com
[2024-10-19 08:12:00 +1100] warn [cpanel] Unable to run [Cpanel::CustInfo::api2_savecontactinfo(cpanel_jsonapi_func savecontactinfo email support@test.com api.module CustInfo cpanel_jsonapi_module CustInfo api.function savecontactinfo cpanel_jsonapi_apiversion 2)]: (Cpanel::Exception/(XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
at /usr/local/cpanel/Cpanel/CustInfo/Impl.pm line 743.
Cpanel::CustInfo::Impl::_savecontactinfo(HASH(0x3c47370), HASH(0x3c34088)) called at /usr/local/cpanel/Cpanel/CustInfo/Impl.pm line 475
Cpanel::CustInfo::Impl::save("appname", "cpaneld", "cpuser", "lexglr02", "cphomedir", "/home/lexglr02", "username", "lexglr02", ...) called at /usr/local/cpanel/Cpanel/CustInfo.pm line 85
Cpanel::CustInfo::api2_savecontactinfo("cpanel_jsonapi_func", "savecontactinfo", "email", "support\@test.com", "api.module", "CustInfo", "cpanel_jsonapi_module", "CustInfo", ...) called at /usr/local/cpanel/Cpanel/Api2/Exec.pm line 168
eval {...} called at /usr/local/cpanel/Cpanel/Api2/Exec.pm line 168
Cpanel::Api2::Exec::api2_exec("CustInfo", "savecontactinfo", HASH(0x3c33c68), HASH(0x3c2caf0)) called at cpanel.pl line 1374
cpanel::cpanel::docpanelaction(HASH(0x3c33ae8)) called at cpanel.pl line 4582
cpanel::cpanel::run_fast_json_mode() called at cpanel.pl line 927
cpanel::cpanel::script("cpanel::cpanel", "--json-fast-connect", "--stdin") called at cpanel.pl line 324
)
[2024-10-19 08:12:00 +1100] warn [cpanel] Encountered error in CustInfo::savecontactinfo: (XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
---
cpanelresult:
apiversion: 2
data:
reason: (XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
result: 0
error: (XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
event:
reason: (XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
result: 0
func: savecontactinfo
module: CustInfo
postevent:
result: 1
preevent:
result: 1The error is only shown if the new email address truly differs from the current email address. If no change is required, then no error is reported.
0 -
...and just to clarify...
# whoami
rootcpapi2 is running as root.
Checking the code of the cPanel scripts, that looks to be the intended behavior. I'm not sure why your test system is not showing the same result as all our boxes.
0 -
We're definitely seeing different results to you, but although I replied to you around an hour ago, I've just noticed that my first reply (should be the third item in this thread) is sitting as "Pending approval" and is not yet visible to other users.
That post shows the failure message we receive on all our servers...
Encountered error in CustInfo::savecontactinfo: (XID 4fwrq8) Contact email address updates now require authentication.
0 -
My reply to you with the full output of the current cpapi2 custInfo savecontactinfo is still marked as pending, which makes it a bit hard to have a meaningful dialog. There's no true user details or email addresses included in that post, so it really should be approved. I've even modified the post to explain that data has been anonymized, but still no luck.
In any case, whmapi1 modifyacct still allows us to change CONTACTEMAIL and CONTACTEMAIL2 without authentication, so that'll do the job.
0 -
For some reason the Forum didn't like all that code in your reply so it marked it as needing approval, which I did earlier this morning.
What version of cPanel and OS are you using? Maybe I can reproduce this in a different environment if I knew that. I'm glad you did find a workaround, though!
0 -
cPanel 118.0.21 LTS
CloudLinux 8.10.0
0 -
Take a look at whmapi1 modifyacct:
https://api.docs.cpanel.net/openapi/whm/operation/modifyacct/
whmapi1 modifyacct user='example' contactemail=username@example.com
You should also consider notify_contact_address_change and notify_contact_address_change_notification_disabled to avoid sending unnecessary emails.
whmapi1 modifyacct user='example' notify_ contact _ address _ change _ notificati on _ disabled = 0 notify _ contact _ address _ change = 0 contactemail=username@example.com
This is not not a complete solution, make sure you test everything before you run it in bulk.0 -
Yes. From my post above from a few days ago...
In any case, whmapi1 modifyacct still allows us to change CONTACTEMAIL and CONTACTEMAIL2 without authentication, so that'll do the job.
Job done.
1 -
Interesting - I still couldn't reproduce on a test machine. I know you found that workaround with modifyacct, but if you need us to look into this could you create a ticket?
0 -
I still couldn't reproduce on a test machine.
How very odd.
Issuing the cpapi2 command as root results in the same error message on all of our cPanel boxes.
The error message issued by cPanel's script is very clear...
(XID 4fwrq8) Contact email address updates now require authentication.
...and the code of the cPanel scripts also clearly shows that as the intended behavior.
I won't bother with taking the ticket route since we've sorted it with whmapi1 modifyacct.
So long as cPanel continues to allow at least one non-deprecated API call to modify a client's contact info without requiring access to the end-user's password, things will still work securely.
0
Please sign in to leave a comment.
Comments
11 comments