Skip to main content

Bulk update of cPanel user contact email addresses

Comments

11 comments

  • cPRex Jurassic Moderator

    Hey there!  I'm not entirely sure what you mean when you say a password is now required to run the API commands.  Using this command as the root user:

    cpapi2 --user=username CustInfo savecontactinfo email=user@domain.tld

    works well on my personal machine to change the contact email of an account.  Are you seeing different behavior on your side?

    1
  • LBJ LBJ

    That's how it previously performed, but now we see the following results ever since CustInfo::savecontactinfo was deprecated - (fake user and email parameters provided for security)...

    # cpapi2 --user=lexglr02 CustInfo savecontactinfo email=support@test.com
    [2024-10-19 08:12:00 +1100] warn [cpanel] Unable to run [Cpanel::CustInfo::api2_savecontactinfo(cpanel_jsonapi_func savecontactinfo email support@test.com api.module CustInfo cpanel_jsonapi_module CustInfo api.function savecontactinfo cpanel_jsonapi_apiversion 2)]:  (Cpanel::Exception/(XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
     at /usr/local/cpanel/Cpanel/CustInfo/Impl.pm line 743.
            Cpanel::CustInfo::Impl::_savecontactinfo(HASH(0x3c47370), HASH(0x3c34088)) called at /usr/local/cpanel/Cpanel/CustInfo/Impl.pm line 475
            Cpanel::CustInfo::Impl::save("appname", "cpaneld", "cpuser", "lexglr02", "cphomedir", "/home/lexglr02", "username", "lexglr02", ...) called at /usr/local/cpanel/Cpanel/CustInfo.pm line 85
            Cpanel::CustInfo::api2_savecontactinfo("cpanel_jsonapi_func", "savecontactinfo", "email", "support\@test.com", "api.module", "CustInfo", "cpanel_jsonapi_module", "CustInfo", ...) called at /usr/local/cpanel/Cpanel/Api2/Exec.pm line 168
            eval {...} called at /usr/local/cpanel/Cpanel/Api2/Exec.pm line 168
            Cpanel::Api2::Exec::api2_exec("CustInfo", "savecontactinfo", HASH(0x3c33c68), HASH(0x3c2caf0)) called at cpanel.pl line 1374
            cpanel::cpanel::docpanelaction(HASH(0x3c33ae8)) called at cpanel.pl line 4582
            cpanel::cpanel::run_fast_json_mode() called at cpanel.pl line 927
            cpanel::cpanel::script("cpanel::cpanel", "--json-fast-connect", "--stdin") called at cpanel.pl line 324
    )
    [2024-10-19 08:12:00 +1100] warn [cpanel] Encountered error in CustInfo::savecontactinfo: (XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
    ---
    cpanelresult:
      apiversion: 2
      data:
        reason: (XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
        result: 0
      error: (XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
      event:
        reason: (XID 4fwrq8) Contact email address updates now require authentication. If you called API 2’s legacy CustInfo::savecontactinfo, switch to UAPI’s ContactInformation::* calls.
        result: 0
      func: savecontactinfo
      module: CustInfo
      postevent:
        result: 1
      preevent:
        result: 1

    The error is only shown if the new email address truly differs from the current email address. If no change is required, then no error is reported.

     

    0
  • LBJ LBJ

    ...and just to clarify...

    # whoami
    root

    cpapi2 is running as root.

    Checking the code of the cPanel scripts, that looks to be the intended behavior. I'm not sure why your test system is not showing the same result as all our boxes.

     

    0
  • LBJ LBJ

    cPRex

    We're definitely seeing different results to you, but although I replied to you around an hour ago, I've just noticed that my first reply (should be the third item in this thread) is sitting as "Pending approval" and is not yet visible to other users.

    That post shows the failure message we receive on all our servers...

    Encountered error in CustInfo::savecontactinfo: (XID 4fwrq8) Contact email address updates now require authentication.

     

    0
  • LBJ LBJ

    cPRex

    My reply to you with the full output of the current cpapi2 custInfo savecontactinfo is still marked as pending, which makes it a bit hard to have a meaningful dialog. There's no true user details or email addresses included in that post, so it really should be approved. I've even modified the post to explain that data has been anonymized, but still no luck.

    In any case, whmapi1 modifyacct still allows us to change CONTACTEMAIL and CONTACTEMAIL2 without authentication, so that'll do the job.

    0
  • cPRex Jurassic Moderator

    For some reason the Forum didn't like all that code in your reply so it marked it as needing approval, which I did earlier this morning.

    What version of cPanel and OS are you using?  Maybe I can reproduce this in a different environment if I knew that.  I'm glad you did find a workaround, though!

    0
  • LBJ LBJ

    cPanel 118.0.21 LTS

    CloudLinux 8.10.0

    0
  • Scurtu Silviu-Nicolae

    Take a look at whmapi1 modifyacct:
    https://api.docs.cpanel.net/openapi/whm/operation/modifyacct/

    whmapi1 modifyacct user='example' contactemail=username@example.com

    You should also consider notify_contact_address_change and notify_contact_address_change_notification_disabled to avoid sending unnecessary emails.

    whmapi1 modifyacct user='example' notify_contact_address_change_notification_disabled=0 notify_contact_address_change=0 contactemail=username@example.com

    This is not not a complete solution, make sure you test everything before you run it in bulk.

    0
  • LBJ LBJ

    Scurtu Silviu-Nicolae

    Yes. From my post above from a few days ago...

    In any case, whmapi1 modifyacct still allows us to change CONTACTEMAIL and CONTACTEMAIL2 without authentication, so that'll do the job.

    Job done.

     

    1
  • cPRex Jurassic Moderator

    Interesting - I still couldn't reproduce on a test machine.  I know you found that workaround with modifyacct, but if you need us to look into this could you create a ticket?

    0
  • LBJ LBJ

    I still couldn't reproduce on a test machine.

    How very odd.

    Issuing the cpapi2 command as root results in the same error message on all of our cPanel boxes.

    The error message issued by cPanel's script is very clear...

    (XID 4fwrq8) Contact email address updates now require authentication.

    ...and the code of the cPanel scripts also clearly shows that as the intended behavior.

    I won't bother with taking the ticket route since we've sorted it with whmapi1 modifyacct.

    So long as cPanel continues to allow at least one non-deprecated API call to modify a client's contact info without requiring access to the end-user's password, things will still work securely.

     

     

    0

Please sign in to leave a comment.