cPanel Provisioning Module for LiBilling
Find a file
Troy Siedsma 5d39d52969 Security MED (round 11): scrub credentials from cPanel error logs
The account password rides in the WHM API request query string (the API token is
correctly in the Authorization header, but createAccount/changePassword pass the
password as a query arg), so a Guzzle exception on a WHM failure embedded the
cleartext password in its message, which the module wrote to laravel.log via raw
Log::error. Every Log::error 'error' context now scrubs through SecretRedactor.
The ProvisioningResult::fail path was already scrubbed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 02:44:45 +00:00
config Re-platform onto LiBilling/libilling-cpanel Forgejo origin 2026-05-22 13:14:19 +00:00
resources/lang Re-platform onto LiBilling/libilling-cpanel Forgejo origin 2026-05-22 13:14:19 +00:00
src Security MED (round 11): scrub credentials from cPanel error logs 2026-06-28 02:44:45 +00:00
.gitattributes Re-platform onto LiBilling/libilling-cpanel Forgejo origin 2026-05-22 13:14:19 +00:00
.gitignore Re-platform onto LiBilling/libilling-cpanel Forgejo origin 2026-05-22 13:14:19 +00:00
composer.json Standardize composer.json + README + LICENSE 2026-05-22 15:03:55 +00:00
LICENSE.md Standardize composer.json + README + LICENSE 2026-05-22 15:03:55 +00:00
README.md Standardize composer.json + README + LICENSE 2026-05-22 15:03:55 +00:00

LiBilling cPanel Provisioning Module

A LiBilling server module for cPanel/WHM. Provides automated hosting account lifecycle management via the WHM JSON API, including provisioning, suspension, termination, SSO, package changes, and usage stats.

Features

  • Account Lifecycle: Create, suspend, unsuspend, terminate hosting accounts
  • Single Sign-On: Customer SSO to cPanel and admin impersonation via WHM
  • Password Management: Change hosting account passwords
  • Package Changes: Upgrade/downgrade hosting plans
  • Usage Stats: Disk usage from accountsummary
  • Quick Shortcuts: 8 deep links into cPanel (File Manager, Email, phpMyAdmin, etc.)
  • Service Info: Control panel URL, shared IP, username, package name
  • Deferred Cancellation: Optional suspend-then-delete with configurable grace period

Installation

This package is loaded as a local Composer path repository. No separate installation is needed when developing within the LiBilling monorepo.

For standalone installation:

composer require libilling/libilling-cpanel

Configuration

Publish the config file:

php artisan vendor:publish --tag=libilling-cpanel

Config Options

Key Env Default Description
deferred_cancellation_enabled CPANEL_DEFERRED_CANCELLATION_ENABLED false Enable deferred cancellation
deferred_cancellation_reason CPANEL_DEFERRED_REASON Deferred Account Cancellation Suspension reason text
deferred_cancellation_days CPANEL_DEFERRED_DAYS 30 Grace period before permanent deletion
verify_ssl CPANEL_VERIFY_SSL true Verify SSL when connecting to WHM

Capabilities

Declared via supports() using ModuleCapability constants:

  • sso: Customer single sign-on to cPanel
  • impersonate: Admin impersonation via WHM session
  • change_password: Password changes
  • change_package: Plan upgrades/downgrades
  • suspend / unsuspend / terminate -- Account lifecycle
  • usage_stats: Disk usage data
  • shortcuts: 8 cPanel panel deep links
  • service_info: CP URL, IP, username, package
  • deferred_cancel: Present when deferred cancellation is enabled

Self-Registration

The module registers itself automatically via its service provider:

$this->app->make(ServiceProvisioningRegistry::class)
    ->register('cpanel', new Cpanel());

No manual wiring required -- install the package and add a server.

Dependencies

  • lithiumhosting/laravel-cpanel-api: WHM/cPanel JSON API client

Testing

vendor/bin/sail artisan test --filter=ModuleSystemTest

License

LiBilling is (C) Lithium Holdings, LLC. All components except for third-party modules and select packages with their own license are licensed under a Commercial License. Contact licensing@lithiumholdings.com for licensing enquiries. Any dissemination of material herein is prohibited without expressed written consent of Lithium Holdings.

This package, libilling-cpanel is licensed under The MIT License (MIT). Please see License File for more information.

Is it any good?

Yes.

When people first hear about a new product, they frequently ask if it is any good. A Hacker News user remarked:

Note to self: Starting immediately, all raganwald projects will have a "Is it any good?" section in the readme, and the answer shall be "yes.".