From 4e1b638444fe5124287ae54380f381ce10f49eb4 Mon Sep 17 00:00:00 2001
From: Ferenc Schulcz <schulcz.ferenc@gmail.com>
Date: Thu, 6 Feb 2025 14:24:06 +0100
Subject: [PATCH] Dyndns registration: provide token seed

---
 dyndns.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/dyndns.py b/dyndns.py
index a085d4c..393b46a 100644
--- a/dyndns.py
+++ b/dyndns.py
@@ -4,6 +4,8 @@ import os
 import requests
 import datetime
 import config
+import random
+import hashlib
 from werkzeug.security import check_password_hash
 
 
@@ -48,12 +50,15 @@ def dyndnsRegister(**kwargs):
     if not x is None:
         db.sendMessage(session['username'], 'This domain is already registered by someone.')
         return rqtools.redirect(rqtools.url_for('service', servicename='dyndns'))
-    r = requests.get(url = config.get('DYNDNS_SERVER_URL') + '/register', params = {'domain': request.form['domainname']})
+    tokenseed = str(random.randint(1, 2**32)) + str(random.randint(1, 2**32))
+    domain = request.form['domainname']
+    r = requests.get(url = config.get('DYNDNS_SERVER_URL') + '/register', params = {'domain': domain, 'tokenseed': tokenseed})
     reply = r.json()
     if r.status_code > 299:
         db.sendMessage(session['username'], reply['message'])
         return rqtools.redirect(rqtools.url_for('service', servicename='dyndns'))
-    x = db.db['dyndns-records'].insert_one({'username': session['username'], 'domain': reply['domainName'], 'token': reply['token'], 'ip': "null", 'lastupdate': "never"})
+    token = hashlib.md5((domain + tokenseed).encode()).hexdigest()
+    x = db.db['dyndns-records'].insert_one({'username': session['username'], 'domain': reply['domainName'], 'token': token, 'ip': "null", 'lastupdate': "never"})
     db.sendMessage(session['username'], reply['message'])
     return rqtools.redirect(rqtools.url_for('service', servicename='dyndns'))
     
-- 
GitLab