Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rotate PPSKs #264

Open
Polymaix opened this issue Feb 15, 2025 · 2 comments
Open

Rotate PPSKs #264

Polymaix opened this issue Feb 15, 2025 · 2 comments

Comments

@Polymaix
Copy link

Hey,

Would it be possible to list and edit ppsks?

I can list them from SSH / Mongodb and also via the Unifi API
ssh
$sshFetchPPSKs = "sshpass -p '$UDM_PASS' ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $UDM_USER@$UDM_IP << 'EOF' mongo --port 27117 ace --eval 'printjson(db.wlanconf.findOne({\"_id\": ObjectId(\"$WLAN_ID\")}, {\"private_preshared_keys\":1}))' EOF";
and list them via api:
/proxy/network/api/s/default/rest/wlanconf
But I can't edit them without the message of 403.

output example of API:
[ {"networkconf_id":"602277319da96b04de9db1f4","password":"SecretPass123","name":"VLAN-1f4"}, {"networkconf_id":"63611a45d4c36171ee5dd6c5","password":"AnotherPass456","name":"VLAN-6c5"} ]

Let me know if this is a feature that can be added!
@malle-pietje
Copy link
Collaborator

When you say you get a 403 error, how were you trying that? Can you share the code you used?

I’ll try to find some time in the next couple of days to see whether we can implement this in the class.

@Polymaix
Copy link
Author

Polymaix commented Feb 15, 2025
edited
Loading

this was the PHP I ended up with after giving up, but couldnt make the part work to update the ppsk&vlan combination.

<?php
// UDM Pro Credentials
$UDM_IP = "192.168.1.1";  // Change to your UDM IP
$Username = "xxxx";        // Change to your API username
$Password = "xxxxx";  // Change to your password

// Function to send API requests
function unifi_api_request($url, $method = "GET", $data = null) {
    global $UDM_IP, $cookieFile;
    
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://$UDM_IP" . $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile);
    
    if ($method == "POST") {
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
    } elseif ($method == "PUT") {
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
    }
    
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        "Content-Type: application/json"
    ]);

    $response = curl_exec($ch);
    curl_close($ch);
    
    return json_decode($response, true);
}

// Step 1: Authenticate and Get Session Cookie
$cookieFile = tempnam(sys_get_temp_dir(), "unifi_cookie");
$loginData = [
    "username" => $Username,
    "password" => $Password,
    "remember" => true
];
unifi_api_request("/api/auth/login", "POST", $loginData);

// Step 2: Get all WiFi Networks
$wifiNetworks = unifi_api_request("/proxy/network/api/s/default/rest/wlanconf");

// Step 3: Find "Fillory IoT", edit this to another SSID if you need to
$filloryIoT = null;
foreach ($wifiNetworks['data'] as $network) {
    if ($network['name'] == "Fillory IoT") {
        $filloryIoT = $network;
        break;
    }
}

if (!$filloryIoT) {
    die("❌ No WiFi network named 'Fillory IoT' found!");
}

$wifiID = $filloryIoT['_id'];
$ppsks = $filloryIoT['private_preshared_keys'];

// Step 4: Display Current PPSKs
echo "---------------------------------------------------\n";
echo "Managing PPSKs for Fillory IoT (WiFi ID: $wifiID)\n";
echo "---------------------------------------------------\n";

$updatedPPSKs = [];

foreach ($ppsks as $ppsKey) {
    $currentPassword = $ppsKey['password'];
    $networkConfID = $ppsKey['networkconf_id'];

    echo "VLAN (NetworkConfID): $networkConfID | Current PPSK: $currentPassword\n";
    $newPPSK = readline("Enter new PPSK for VLAN $networkConfID (or press Enter to keep existing): ");

    if (trim($newPPSK) == "") {
        $updatedPPSKs[] = [
            "password" => $currentPassword,
            "networkconf_id" => $networkConfID
        ];
        echo "ℹ️ No changes made. PPSK remains the same.\n";
    } else {
        $updatedPPSKs[] = [
            "password" => $newPPSK,
            "networkconf_id" => $networkConfID
        ];
        echo "✅ Updated PPSK for VLAN $networkConfID to $newPPSK\n";
    }
}

// Step 5: Apply PPSK Changes to UDM Pro
$updateData = ["private_preshared_keys" => $updatedPPSKs];
$response = unifi_api_request("/proxy/network/api/s/default/rest/wlanconf/$wifiID", "PUT", $updateData);

echo "🎉 PPSK Update Process Complete!\n";
?>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@malle-pietje @Polymaix