diff --git a/src/Site_Command.php b/src/Site_Command.php index 9967fdcf..b80bd242 100644 --- a/src/Site_Command.php +++ b/src/Site_Command.php @@ -113,7 +113,7 @@ public function __invoke( $args, $assoc_args ) { continue; } - $api_key_absent = empty( EE\Utils\get_config_value( 'cloudflare-api-key' ) ); + $api_key_absent = empty( EE\Utils\get_config_value( 'cloudflare-api-key' ) ) && empty ( get_config_value( 'cloudflare-api-token' ) ); $skip_wildcard_warning = false; if ( $site->site_ssl_wildcard && $api_key_absent ) { diff --git a/src/helper/SimpleDnsCloudflareSolver.php b/src/helper/SimpleDnsCloudflareSolver.php index 81f71208..a9409c63 100644 --- a/src/helper/SimpleDnsCloudflareSolver.php +++ b/src/helper/SimpleDnsCloudflareSolver.php @@ -40,7 +40,14 @@ class SimpleDnsCloudflareSolver implements SolverInterface { public function __construct( DnsDataExtractor $extractor = null, OutputInterface $output = null ) { $this->extractor = null === $extractor ? new DnsDataExtractor() : $extractor; $this->output = null === $output ? new NullOutput() : $output; - $key = new \Cloudflare\API\Auth\APIKey( get_config_value( 'le-mail' ), get_config_value( 'cloudflare-api-key' ) ); + + // If user has provided cloudflare-api-token config, then use it for authentication, otherwise fallback to hte legacy API key + if ( !empty( get_config_value( 'cloudflare-api-token' ) ) ) { + $key = new \Cloudflare\API\Auth\APIToken( get_config_value( 'cloudflare-api-token' ) ); + } else { + $key = new \Cloudflare\API\Auth\APIKey( get_config_value( 'le-mail' ), get_config_value( 'cloudflare-api-key' ) ); + } + $adapter = new \Cloudflare\API\Adapter\Guzzle( $key ); $this->dns = new \Cloudflare\API\Endpoints\DNS( $adapter ); $this->zones = new \Cloudflare\API\Endpoints\Zones( $adapter ); @@ -81,7 +88,7 @@ public function solve( AuthorizationChallenge $authorizationChallenge ) { if ( $manual ) { - EE::log( "Couldn't add dns record using cloudlfare API. Re-check the config values of `le-mail` and `cloudflare-api-key`." ); + EE::log( "Couldn't add dns record using cloudlfare API. Re-check the config values of `cloudflare-api-token` OR `le-mail` and `cloudflare-api-key`." ); $this->output->writeln( sprintf( @@ -89,11 +96,11 @@ public function solve( AuthorizationChallenge $authorizationChallenge ) { Add the following TXT record to your DNS zone Domain: %s TXT value: %s - + Wait for the propagation before moving to the next step Tips: Use the following command to check the propagation - - host -t TXT %s + + host -t TXT %s EOF , $recordName, diff --git a/src/helper/Site_Letsencrypt.php b/src/helper/Site_Letsencrypt.php index 2f99c218..4b16f34c 100644 --- a/src/helper/Site_Letsencrypt.php +++ b/src/helper/Site_Letsencrypt.php @@ -198,7 +198,7 @@ public function register( $email ) { public function authorize( Array $domains, $wildcard = false, $preferred_challenge = '' ) { $is_solver_dns = ( $wildcard || 'dns' === $preferred_challenge ) ? true : false; if ( $is_solver_dns ) { - $solver = empty ( get_config_value( 'cloudflare-api-key' ) ) ? new SimpleDnsSolver( null, new ConsoleOutput() ) : new SimpleDnsCloudflareSolver( null, new ConsoleOutput() ); + $solver = empty ( get_config_value( 'cloudflare-api-key' ) ) && empty ( get_config_value( 'cloudflare-api-token' ) ) ? new SimpleDnsSolver( null, new ConsoleOutput() ) : new SimpleDnsCloudflareSolver( null, new ConsoleOutput() ); } else { $solver = new SimpleHttpSolver(); } @@ -338,7 +338,7 @@ public function check( Array $domains, $wildcard = false, $preferred_challenge = $is_solver_dns = ( $wildcard || 'dns' === $preferred_challenge ) ? true : false; \EE::debug( ( 'Starting check with solver ' ) . ( $is_solver_dns ? 'dns' : 'http' ) ); if ( $is_solver_dns ) { - $solver = empty ( get_config_value( 'cloudflare-api-key' ) ) ? new SimpleDnsSolver( null, new ConsoleOutput() ) : new SimpleDnsCloudflareSolver( null, new ConsoleOutput() ); + $solver = empty ( get_config_value( 'cloudflare-api-key' ) ) && empty ( get_config_value( 'cloudflare-api-token' ) ) ? new SimpleDnsSolver( null, new ConsoleOutput() ) : new SimpleDnsCloudflareSolver( null, new ConsoleOutput() ); } else { $solver = new SimpleHttpSolver(); } diff --git a/src/helper/class-ee-site.php b/src/helper/class-ee-site.php index 0cf4585c..475f36aa 100644 --- a/src/helper/class-ee-site.php +++ b/src/helper/class-ee-site.php @@ -1515,7 +1515,7 @@ protected function init_le( $site_url, $site_fs_path, $wildcard = false, $www_or if ( ! $client->authorize( $domains, $wildcard, $preferred_challenge ) ) { return; } - $api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) ); + $api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) ) && empty ( get_config_value( 'cloudflare-api-token' ) ); if ( $is_solver_dns && $api_key_absent ) { echo \cli\Colors::colorize( '%YIMPORTANT:%n Run `ee site ssl-verify ' . $site_url . '` once the DNS changes have propagated to complete the certification generation and installation.', null ); } else { @@ -1621,7 +1621,7 @@ public function ssl_verify( $args = [], $assoc_args = [], $www_or_non_www = fals // This checks if this method was called internally by ee or by user $called_by_ee = ! empty( $this->site_data['site_url'] ); - $api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) ); + $api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) ) && empty ( get_config_value( 'cloudflare-api-token' ) ); if ( ! $called_by_ee ) { $this->site_data = get_site_info( $args ); @@ -1646,7 +1646,7 @@ public function ssl_verify( $args = [], $assoc_args = [], $www_or_non_www = fals throw $e; } $is_solver_dns = ( $this->site_data['site_ssl_wildcard'] || 'dns' === $preferred_challenge ) ? true : false; - $api_key_present = ! empty( get_config_value( 'cloudflare-api-key' ) ); + $api_key_present = ! empty( get_config_value( 'cloudflare-api-key' ) ) && ! empty ( get_config_value( 'cloudflare-api-token' ) ); if ( $called_by_ee && ! $is_solver_dns && $api_key_present ) { throw $e; @@ -1712,7 +1712,7 @@ public function ssl_renew( $args, $assoc_args ) { if ( $all ) { $sites = Site::all(); - $api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) ); + $api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) ) && empty ( get_config_value( 'cloudflare-api-token' ) ); $skip_wildcard_warning = false; foreach ( $sites as $site ) { if ( 'le' !== $site->site_ssl || ! $site->site_enabled ) {