Fix verification for namecheap domains not *owned* by the calling user #2106
Conversation
| @@ -94,6 +110,10 @@ _get_root() { | |||
| #not valid | |||
| return 1 | |||
| fi | |||
| if ! _contains "$h" "\\."; then | |||
There was a problem hiding this comment.
I added this small guard branch because $h was being set to the TLD, which obviously can not be the only part of the domain name. However, since my domain was not being returned in the response from the getList api call, the if statement a few lines down was finding that $response does contain the string "com" (unsurprisingly). It was then setting the _sub_domain and _domain variables both to "com" (obviously wrong) and returning success.
With my update, this method will correctly return false for domains which are not returned in $response. The _get_root method will then fall back to trying another method of verifying that this user has access to the requested domain.
|
Good. Would you like to create an issue for namecheap dns api? so that users can report bugs to it. Thanks. |
|
Sure. I just created the issue at #2107 |
The NameCheap DNS plugin is using NameCheap's
domains.getListapi call to try and verify that the user has access to the requested domain. That works great as long as the user is the primary owner of the domain. If the user is just a user who has been granted administrative DNS rights to the domain, then thedomains.getListapi will not include that domain in the response. See http://disq.us/p/1q6v9x9 for NameCheap's official comment (short story, getList only returns domains the user owns, not ones they've been granted admin rights for).I changed the code so that it will first attempt to verify that the user has permissions to the domain by calling the original
domains.getListapi endpoint. If that verification fails, then it falls back to calling thedomains.dns.getHostsapi endpoint directly.