Add support for Cloudflare API Token replacing legacy API Key

src/Site_Command.php

@@ -113,7 +113,7 @@ public function __invoke( $args, $assoc_args ) {
 					continue;
 				}
 
-				$api_key_absent        = empty( EE\Utils\get_config_value( 'cloudflare-api-key' ) );
+				$api_key_absent        = empty( EE\Utils\get_config_value( 'cloudflare-api-key' ) ) &&  empty ( get_config_value( 'cloudflare-api-token' ) );
 				$skip_wildcard_warning = false;
 
 				if ( $site->site_ssl_wildcard && $api_key_absent ) {

src/helper/SimpleDnsCloudflareSolver.php

@@ -40,7 +40,14 @@ class SimpleDnsCloudflareSolver implements SolverInterface {
 	public function __construct( DnsDataExtractor $extractor = null, OutputInterface $output = null ) {
 		$this->extractor = null === $extractor ? new DnsDataExtractor() : $extractor;
 		$this->output    = null === $output ? new NullOutput() : $output;
-		$key             = new \Cloudflare\API\Auth\APIKey( get_config_value( 'le-mail' ), get_config_value( 'cloudflare-api-key' ) );
+
+		// If user has provided cloudflare-api-token config, then use it for authentication, otherwise fallback to hte legacy API key
+		if ( !empty( get_config_value( 'cloudflare-api-token' ) ) ) {
+			$key         = new \Cloudflare\API\Auth\APIToken( get_config_value( 'cloudflare-api-token' ) );
+		} else {
+			$key         = new \Cloudflare\API\Auth\APIKey( get_config_value( 'le-mail' ), get_config_value( 'cloudflare-api-key' ) );
+		}
+
 		$adapter         = new \Cloudflare\API\Adapter\Guzzle( $key );
 		$this->dns       = new \Cloudflare\API\Endpoints\DNS( $adapter );
 		$this->zones     = new \Cloudflare\API\Endpoints\Zones( $adapter );
@@ -81,19 +88,19 @@ public function solve( AuthorizationChallenge $authorizationChallenge ) {
 
 		if ( $manual ) {
 
-			EE::log( "Couldn't add dns record using cloudlfare API. Re-check the config values of `le-mail` and `cloudflare-api-key`." );
+			EE::log( "Couldn't add dns record using cloudlfare API. Re-check the config values of `cloudflare-api-token` OR `le-mail` and `cloudflare-api-key`." );
 
 			$this->output->writeln(
 				sprintf(
 					<<<'EOF'
 		Add the following TXT record to your DNS zone
 			Domain: %s
 			TXT value: %s
-			
+
 		<comment>Wait for the propagation before moving to the next step</comment>
 		Tips: Use the following command to check the propagation
-	
-			host -t TXT %s	
+
+			host -t TXT %s
 EOF
 					,
 					$recordName,

src/helper/Site_Letsencrypt.php

@@ -198,7 +198,7 @@ public function register( $email ) {
 	public function authorize( Array $domains, $wildcard = false, $preferred_challenge = '' ) {
 		$is_solver_dns = ( $wildcard || 'dns' === $preferred_challenge ) ? true : false;
 		if ( $is_solver_dns ) {
-			$solver = empty ( get_config_value( 'cloudflare-api-key' ) ) ? new SimpleDnsSolver( null, new ConsoleOutput() ) : new SimpleDnsCloudflareSolver( null, new ConsoleOutput() );
+			$solver = empty ( get_config_value( 'cloudflare-api-key' ) ) &&  empty ( get_config_value( 'cloudflare-api-token' ) ) ? new SimpleDnsSolver( null, new ConsoleOutput() ) : new SimpleDnsCloudflareSolver( null, new ConsoleOutput() );
 		} else {
 			$solver = new SimpleHttpSolver();
 		}
@@ -338,7 +338,7 @@ public function check( Array $domains, $wildcard = false, $preferred_challenge =
 		$is_solver_dns = ( $wildcard || 'dns' === $preferred_challenge ) ? true : false;
 		\EE::debug( ( 'Starting check with solver ' ) . ( $is_solver_dns ? 'dns' : 'http' ) );
 		if ( $is_solver_dns ) {
-			$solver = empty ( get_config_value( 'cloudflare-api-key' ) ) ? new SimpleDnsSolver( null, new ConsoleOutput() ) : new SimpleDnsCloudflareSolver( null, new ConsoleOutput() );
+			$solver = empty ( get_config_value( 'cloudflare-api-key' ) ) &&  empty ( get_config_value( 'cloudflare-api-token' ) ) ? new SimpleDnsSolver( null, new ConsoleOutput() ) : new SimpleDnsCloudflareSolver( null, new ConsoleOutput() );
 		} else {
 			$solver = new SimpleHttpSolver();
 		}

src/helper/class-ee-site.php

@@ -1515,7 +1515,7 @@ protected function init_le( $site_url, $site_fs_path, $wildcard = false, $www_or
 		if ( ! $client->authorize( $domains, $wildcard, $preferred_challenge ) ) {
 			return;
 		}
-		$api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) );
+		$api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) ) &&  empty ( get_config_value( 'cloudflare-api-token' ) );
 		if ( $is_solver_dns && $api_key_absent ) {
 			echo \cli\Colors::colorize( '%YIMPORTANT:%n Run `ee site ssl-verify ' . $site_url . '` once the DNS changes have propagated to complete the certification generation and installation.', null );
 		} else {
@@ -1621,7 +1621,7 @@ public function ssl_verify( $args = [], $assoc_args = [], $www_or_non_www = fals
 
 		// This checks if this method was called internally by ee or by user
 		$called_by_ee   = ! empty( $this->site_data['site_url'] );
-		$api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) );
+		$api_key_absent = empty( get_config_value( 'cloudflare-api-key' ) ) &&  empty ( get_config_value( 'cloudflare-api-token' ) );
 
 		if ( ! $called_by_ee ) {
 			$this->site_data = get_site_info( $args );
@@ -1646,7 +1646,7 @@ public function ssl_verify( $args = [], $assoc_args = [], $www_or_non_www = fals
 				throw $e;
 			}
 			$is_solver_dns   = ( $this->site_data['site_ssl_wildcard'] || 'dns' === $preferred_challenge ) ? true : false;
-			$api_key_present = ! empty( get_config_value( 'cloudflare-api-key' ) );
+			$api_key_present = ! empty( get_config_value( 'cloudflare-api-key' ) ) &&  ! empty ( get_config_value( 'cloudflare-api-token' ) );
 
 			if ( $called_by_ee && ! $is_solver_dns && $api_key_present ) {
 				throw $e;
@@ -1712,7 +1712,7 @@ public function ssl_renew( $args, $assoc_args ) {
 
 		if ( $all ) {
 			$sites                 = Site::all();
-			$api_key_absent        = empty( get_config_value( 'cloudflare-api-key' ) );
+			$api_key_absent        = empty( get_config_value( 'cloudflare-api-key' ) ) &&  empty ( get_config_value( 'cloudflare-api-token' ) );
 			$skip_wildcard_warning = false;
 			foreach ( $sites as $site ) {
 				if ( 'le' !== $site->site_ssl || ! $site->site_enabled ) {