Plesk Module Bugs

[austenite]

Hi there,

Thought I'd report a couple of bugs I've came across while using the Plesk Module to automatically provision accounts. 

When adding a new server in the Plesk Module it asks for the server IP, this should be the server Hostname instead, when a user manages their service via Blesta it and clicks "Log In" it tries to login via the IP rather than the hostname resulting in an SSL error. Using the hostname in the IP field doesn't work either and results in a creation error.

The second one is also upon account creation, if your Plesk server password policy is set to anything above 'Medium' strength Blesta doesn't generate a strong enough password, resulting in a 'Creation Error'. Perhaps a dropdown menu could be added to the module to select your desired password strength?

Hoping for a fix for these bugs soon, any new sign ups we receive due to the password bug we're having to activate manually at the moment.

[Paul]

Ok, just to clarify:

1. You'd like the IP address field renamed to hostname?
2. Trying to use a hostname now does not work because of an error check that expects an IP address?
3. The Plesk module generates passwords that are considered insecure in Plesk by default. Is "Strong" the default password strength setting in Plesk?

It's likely any modification to the password generation would be to simply meet the requirements that Plesk typically expects. In this case, it looks like it must be: 8 characters, contain upper and lower case letters, digits, and special characters.

[austenite]

1 hour ago, Paul said:

Ok, just to clarify:

1. You'd like the IP address field renamed to hostname?
2. Trying to use a hostname now does not work because of an error check that expects an IP address?
3. The Plesk module generates passwords that are considered insecure in Plesk by default. Is "Strong" the default password strength setting in Plesk?

It's likely any modification to the password generation would be to simply meet the requirements that Plesk typically expects. In this case, it looks like it must be: 8 characters, contain upper and lower case letters, digits, and special characters.

Hi Paul,

Thanks for the response, yes to both 1 and 2. The CPanel module uses the hostname, so I believe the Plesk Module should use it to. Also avoids users receiving an SSL error. 

Also, yes to number 3. I've tried modifying plesk.php within the Plesk Module to generate stronger passwords and have broken it in the process.

[austenite]

Hi @Paul, I was wondering if you had any updates regarding this?

[Paul]

I have created 2 tasks for this: CORE-2287 and CORE-2288

Please review and advise if you have any suggestions for the tasks beyond what is described.

[austenite]

Hi @Paul

Thanks for the response, I'm happy to see this is being treated as high priority and looking forward to the fixes soon. 

I think the best way forward for the password generation is to generate one that fits with Plesks 'Very Strong' settings so that regardless of which setting is selected the password will always work. 

I'll look out for the update

EDIT: Forgot to ask, do you have an ETA of when fixes will be made available?

[Paul]

6 hours ago, austenite said:

EDIT: Forgot to ask, do you have an ETA of when fixes will be made available?

I don't have an ETA unfortunately.

[ctalkington]

In regards to hostname, this is something I've manually fixed before.

Instead of removing the IP, I just added another field and changed a few outputs to use it and it can be referenced in emails as well.

I borrowed a lot of the naming/logic from cPanel module.

Here's a gist showing the changes made (replace + with / for filenames):

https://gist.github.com/ctalkington/e72ecefaeb1cd3eec73905e411dba89c/

[Nelsa]

Well IP can't be just removed and replaced by hostname  because Plesk need IP to create account,without IP it will not create account at all...so you can't just change IP to host name.

There are more solutions for this...first without changing module would be to have one dedicated IP just for hostname and than just set rule in .htaccess to redirect IP to hostname.

I have it now for my dedicated IP...

if you intend to change module make sure to leave IP as it is and just add one more field for host name.>..and than use it as  login link in service tab.

 

 

[Paul]

15 minutes ago, Nelsa said:

Well IP can't be just removed and replaced by hostname  because Plesk need IP to create account,without IP it will not create account at all...so you can't just change IP to host name.

There are more solutions for this...first without changing module would be to have one dedicated IP just for hostname and than just set rule in .htaccess to redirect IP to hostname.

I have it now for my dedicated IP...

if you intend to change module make sure to leave IP as it is and just add one more field for host name.>..and than use it as  login link in service tab to host name.

 

 

Interesting. So, Plesk expects the IP address? It would explain why we implemented it this way to begin with.

[Nelsa]

Yes, in past there was  problem even with auto provision on plesk behind NAT...because public IP has to be set in module Plesk throw error every time ...now it is solved but still expect IP

[nahanil]

Hey guys, I feel like a bit of a twit for not searching the forums for this stuff before forking and working on a fix for these same issues, but it looks like everyone's come to the same realisations.

Password Strength

For this issue I took the code in this gist and tweaked it a bit, overwriting the current generatePassword method in plesk.php with this. It can probably be greatly improved upon by someone less lazy than I as it's never going to pass the 'Very Strong' level of password strength set in Plesk.

I took a look at Jsw.PasswordGenerator in Plesk Admin's jsw.min.js file and came up with this translation to PHP which seems to do the job. There's also a crude test loop at the bottom.

IP/Hostname Debacle

Also noticed this when I was playing with the "Log In" links generated for services. Then tweaked so it was called Hostname thinking all would be dandy before realising Plesk requires an IP address to create a service. So, undid my changes and added an extra "module_row" called host_name, and modified addModuleRow, getRowRules, getEmailTags, addService (maybe addService for another unneccessary reason) appropriately, added a new error message for the host_name field in the language file/modified the template file.
The existing validateHostname method at a glance looks as though it should work fine for both IP addresses and domain-looking hostnames so I've used this for validating the field.

These changes aren't too dissimilar to those in the gist @ctalkington linked to.

I can try and tidy the file up and remove other unrelated changes if anyone would care to take a gander - I've hacked in a few other unrelated bits and pieces but after getting to know Blesta a bit better and putting some stuff into plugins I probably don't need them anyway.

Moving Forward

I'm about to put on my thinking hat in regards to CORE-1533 (Use shared login information for multiple accounts for the same client), but no idea how to approach this one yet - looks like it'd take a bit more work to get something working, especially if you have >1 Plesk server running (which is likely  to be the case eventually. . I hope). This is a showstopper for me though before I can actually start using Blesta so it's up near the top of my todo list. Not sure if anyone's made progress on this front?

(The fruits of my labor)

Edited October 12, 2019 by nahanil
Update gist link