Enom Provisioning Module for LiBilling
Find a file
Troy Siedsma 568b33b570 Security HIGH (round 11): scrub reseller credentials from eNom error logs
The reseller uid/pw ride in the request query string, so a Guzzle RequestException
on any non-2xx eNom response embedded the full credentialed URL in its message,
which the module wrote verbatim to laravel.log via Log::error. Every Log::error
'error' context now runs through SecretRedactor::scrub() (with pw/uid added to the
key list in the core app), so the reseller password no longer reaches the log.
The RegistrarResult::fail path was already scrubbed.

Test: a failed registration whose exception carries uid=/pw= logs no reseller
credential.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 02:41:02 +00:00
config Re-platform onto LiBilling/libilling-enom Forgejo origin 2026-05-22 13:14:19 +00:00
resources/lang Re-platform onto LiBilling/libilling-enom Forgejo origin 2026-05-22 13:14:19 +00:00
src Security HIGH (round 11): scrub reseller credentials from eNom error logs 2026-06-28 02:41:02 +00:00
tests/Feature Security HIGH (round 11): scrub reseller credentials from eNom error logs 2026-06-28 02:41:02 +00:00
.gitattributes Re-platform onto LiBilling/libilling-enom Forgejo origin 2026-05-22 13:14:19 +00:00
.gitignore Re-platform onto LiBilling/libilling-enom Forgejo origin 2026-05-22 13:14:19 +00:00
CHANGELOG.md Re-platform onto LiBilling/libilling-enom Forgejo origin 2026-05-22 13:14:19 +00:00
composer.json Standardize composer.json + README + LICENSE 2026-05-22 15:03:56 +00:00
CONTRIBUTING.md Re-platform onto LiBilling/libilling-enom Forgejo origin 2026-05-22 13:14:19 +00:00
LICENSE.md LICENSE: Copyright (c) Lithium Holdings, LLC 2026-05-22 15:13:47 +00:00
README.md Standardize composer.json + README + LICENSE 2026-05-22 15:03:56 +00:00

LiBilling eNom Domain Registrar Module

A LiBilling domain registrar module for eNom. Enables domain availability checks, registration, renewal, transfer, nameserver management, registrar lock, EPP code retrieval, and ID protection through eNom's reseller platform.

Features

  • Domain Registration: Register domains via eNom Purchase API
  • Domain Renewal: Renew domains via Extend API
  • Domain Transfer: Initiate transfers via TP_CreateOrder API
  • Nameserver Management: Get/set nameservers via GetDNS/ModifyNS APIs
  • Registrar Lock: Transfer lock via GetRegLock/SetRegLock APIs
  • EPP Code: Auth code retrieval via SynchAuthInfo API
  • Availability Check: Domain search via Check API (RRPCode 210/211)
  • ID Protection: WHOIS privacy via SetIDProtection API
  • TLD Sync: Available TLD list via GetTLDList API
  • Error Handling: Rate-limited staff notifications for API issues

Installation

This package is loaded as a local Composer path repository. No separate installation is needed when developing within the LiBilling monorepo.

For standalone installation:

composer require libilling/libilling-enom

Configuration

Add the following to your .env file:

ENOM_API_USERNAME=your-reseller-username
ENOM_API_PASSWORD=your-reseller-password
ENOM_TESTING=true

Publish the config file:

php artisan vendor:publish --tag=libilling-enom

Config Options

Key Env Default Description
default_nameservers DEFAULT_NS1, DEFAULT_NS2 ns1.lithiumhosting.com, ns2.lithiumhosting.com Default nameservers for new registrations and transfers

Capabilities

Declared via supports() using RegistrarCapability constants:

  • register: Domain registration
  • renew: Domain renewal
  • transfer: Domain transfer
  • nameservers: Nameserver management
  • registrar_lock: Transfer lock
  • epp_code: EPP/auth code retrieval
  • availability: Domain availability check
  • id_protection: WHOIS privacy
  • tld_sync: TLD list sync from registrar

Dependencies

  • lithiumhosting/laravel-enom-api: eNom Reseller API client

Testing

vendor/bin/sail artisan test --filter=ModuleSystemTest

License

LiBilling is (C) Lithium Holdings, LLC. All components except for third-party modules and select packages with their own license are licensed under a Commercial License. Contact licensing@lithiumholdings.com for licensing enquiries. Any dissemination of material herein is prohibited without expressed written consent of Lithium Holdings.

This package, libilling-enom is licensed under The MIT License (MIT). Please see License File for more information.

Is it any good?

Yes.

When people first hear about a new product, they frequently ask if it is any good. A Hacker News user remarked:

Note to self: Starting immediately, all raganwald projects will have a "Is it any good?" section in the readme, and the answer shall be "yes.".