Talking Drupal: Talking Drupal #320 – Drupal 8 End of Life

Today we are talking about Drupal 8 End of Life with Gábor Hojtsy.

TalkingDrupal.com/320

Topics

  • John – NEDCamp is in two weeks
  • April – Planning Drupal Camp Asheville in person next year
  • Gábor – Thinking of all versions of Drupal
  • Nic – Vacation was great – visited Salem
  • What End of Life (EoL) means
  • Statistics on number of sites
  • Why D8 EoL is before D7
  • What can people do to continue using D8
  • Does the new release schedule and EoL schedule improve the platform
  • Improvements to the process
  • Process expected for D9 and D10
  • D8 -> D9 migration process affect on adoption
  • Expected differences with D7 EoL
  • Current Projects
  • Contributions
  • Next big thing
  • Core committer experience over the years
  • Initiative lead, lead
  • Merge request support with gitlab
  • Making core committer’s life easier

Resources

commit 62f939944f9ecdff0cfb84e1eb057237ad3d52ed Author: Dries Buytaert Date: Tue Sep 16 17:35:02 2003 +0000 – Added ‘escape HTML’ option to the filters. Patch by Gabor Hojtsy. commit 069e1bb87b9971f160f8ddccfe95335986dd17e0 Author: Dries Buytaert Date: Sun Sep 28 17:07:46 2003 +0000 – More translation fixes for the menu items. Patch by Gabor. commit bcfa6dca1e6646a50f12f617425c6087cae97ac8 Author: Dries Buytaert Date: Sun Sep 28 18:23:13 2003 +0000 – Translation improvements for the block module help. Patch by Gabor. commit 7531e82969cda841d2e03a736c2b0568ed2647e7 Author: Dries Buytaert Date: Mon Sep 29 18:35:46 2003 +0000 – Made sure non US-ASCII mails are sent out properly. Patch by Gabor. TODO: rename user_mail() to drupal_mail() and move it to common.inc. Other modules, such as the project module, should use this as well or they risk to send out /invalid/ mails. Guests

Gábor Hojtsy – www.hojtsy.hu @gaborhojtsy

Hosts

Nic Laflin – www.nLighteneddevelopment.com @nicxvan John Picozzi – www.epam.com @johnpicozzi April Sides – @weekbeforenext

MOTW

Views AJAX History Enable bookmaking of AJAX views. Supports filters and paging.


Go to Source
Author:

Tag1 Consulting: Has app development become too complex?

Over time, development has gotten more complex in some ways, and less in others. As technology develops, some of the requirements for coding that had been necessary in the past has shifted to a need to understand tooling. While changing some parts of a website have become easy due to advancements in CSS tools and other helpers, those changes may be harder to deploy due to build processes. Instead of making a quick and simple change, you may need a full CI/CD process – trading speed for stability and repeatability.

lynette@tag1co…
Mon, 11/08/2021 – 07:00


Go to Source
Author:

Event Organizers: Announcing the Drupal Event Accessibility Playbook

The Drupal Event Organizers Working Group and Drupal Community Working Group are pleased to announce a resource to help make inclusivity easier to build into event planning. Initiated by the Community Working Group and taken over by the Event Organizers Working Group, the new Drupal Event Accessibility Playbook aims to provide guidance and accountability for addressing the accessibility of events with respect, professionalism, and grace.

The Drupal community is composed of and fully reliant on the amazing diverse people who choose to participate. Each individual and their perspective is valued. Our community is already a leader in our attention to the health of its members. This Event Accessibility Playbook is another way that we, as a community, can show respect to all our members. We continue to lead by example by being inclusive and accessible. 

The initial release of the Drupal Event Accessibility Playbook has been set up like the Code of Conduct event playbook offered in the community; meant to be customized and refined to meet the needs of the event organizers and the local governmental requirements. This structure offers sample commitment messages, suggested acknowledgments, and ways for users to reach out for additional accommodations as needed. It is our hope that this playbook makes it easier for event organizing teams to build accessibility into their ongoing efforts. 

We strongly encourage all Drupal event organizers to review the playbook and implement the suggestions as they see fit to best serve their local community.

The continued commitment to inclusivity and respect are at the forefront of our volunteers’ efforts. If there are additional ways we can help event organizers create better events, please submit your thoughts to the Drupal Event Organizers Working Group via the issue queue

Each member’s unique perspective makes our global community stronger. We look forward to our continued growth together.

(The EOWG would like to thank April Sides, Donna Bungard, Mike Anello, and the rest of the CWG for their time and dedication to this initiative.)


Go to Source
Author:

Evolving Web: What I Learned at Acquia Engage 2021

Earlier this week, I attended the 8th edition of Acquia Engage, a two-day event full of learnings and connection opportunities by Acquia, one of the largest contributors to the Drupal open source. We at Evolving Web are proud to be Acquia Silver Partners, allowing us to support our clients with Acquia’s enterprise cloud and marketing solutions, which complement Drupal’s open source content management tools.

This was my first time at Acquia Engage. It gave me excellent insights into how organizations are leveraging Drupal to drive digital transformation, be more relevant to their audiences, and generate impact in their communities. It was truly exciting to see so many success stories, so here I’ll share my main takeaways from the event. Let’s get to it!

Drupal-based Business Solutions

Drupal is a powerful tool for businesses—and at Acquia Engage, I got to hear from end-users who pointed out how they’re driving innovation and efficiency in their organizations with Drupal. Those case studies involved more than 40 clients from many industries and sectors, such as house financing (Fannie Mae), food (King Arthur Baking Company), healthcare (WSIB), higher education (Penn State University, EAB), publicly funded media (PBS), and more.

 

King Arthur Baking Company’s CMO Bill Tine tells Acquia’s Lynne Capozzi what’s cooking with digital transformation.
King Arthur Baking Company’s CMO Bill Tine tells Acquia’s Lynne Capozzi what’s cooking with digital transformation.

Many of the case studies had a marketing focus:

  • PennState University is using headless Drupal and Gatsby to scale news delivery to partner websites and readers within the university community.
  • Fannie Mae implemented the Acquia platform to create content that is easier to find and share by audiences looking for house financing.
  • EAB (a US-based company that provides operational support to educational institutions) used Acquia’s Drupal-based tools to centralize their marketing resources and streamline content publishing processes for their distributed teams.

Others were about digital transformation and using Acquia’s platform to create richer experiences for users. Like King Arthur Baking, which went through a Drupal-powered journey from conventional food industry players to high-value content creators. In the end, they all were clear evidence that you can leverage Drupal as a complete digital experience platform (DXP) and not just as a flexible CMS—as we’ll be discussing in an upcoming webinar in November.

👩‍💻 [Webinar] Register to learn about the future of Drupal as a digital experience platform

One thing I found interesting was the emphasis on low-code and no-code digital platforms, such as Acquia’s Site Studio or Drupal’s Layout Builder and Paragraphs modules. These solutions are uniquely tailored for marketers, editors, and business leaders who want to save time and focus on “real work,” not worrying about technicalities.

Take SoCalGas, for example, the main provider of natural gas to Southern California. Their case study showed how their internal content team previously lacked the flexibility to publish and update content, needing constant technical support due to their unsupported legacy systems. By adopting Drupal 9, they incorporated a low-code approach to their content delivery workflows, helping them become a more customer-centric utility provider.

Human Connections, Moving Stories

Acquia Engage 2021 was not only about business, though. It was also about doing good through technology and awakening a sense of purpose. One example was Mick Eberling’s eye-opening note about his work at Not Impossible Labs. Mick and his organization are committed to tackling issues such as food insecurity and accessible healthcare by taking direct action. In the cases he presented, technology was a powerful means for change, like setting up a 3-D printing prosthetic lab based in Sudan.

Not Impossible Labs’s Mick Eberling gave one of the event’s best keynotes.
Not Impossible Labs’s Mick Eberling gave one of the event’s best keynotes.

Mick’s talk made me think about how our work in the digital industry has the power to make people’s lives better, for real. Like Evolving Web‘s recent work with Looking Forward, a mobile-first, bilingual website that provides information for patients recovering from all types of cancer, actively helping them rebuild their lives after completing their treatment.

I also saw some compelling talks about diversity at Acquia Engage. This is one of Evolving Web’s values and crucial in making the Drupal community more plural and innovative.

The Women in Martech panel, for example, mediated by Acquia’s CMO Lynne Capozzi, was an engaging talk about women’s roles in the digital industry. The panellists—Maria Greene, Senior Web Developer at Insulet Corporation, Barbara Von Euw, Director, Business Process – Consumer Data & Insights at PVH, and Hannah Smith, Senior Manager, Global CRM Solutions at MCM—discussed issues like gender equality, career options vs. parenting, and self-esteem, sharing some inspiring success stories and insights.

“Don’t compromise what you want because of expectations. One of the things that being a feminist is about is choosing your own path regardless of what society wants to push you towards.”
— Maria Greene, Senior Web Developer at Insulet Corporation

Acquia Engage’s Women in Martech panel brought relevant perspectives about gender equality in tech.
Acquia Engage’s Women in Martech panel presented relevant perspectives about gender equality in tech.

Watching this panel, it was clear to me that, while many women still have to hurdle the barriers of traditional gender roles, especially in a historically male-dominated industry such as ours, success is up for grabs for women in tech, as long as we promote inclusion. That’s why we at Evolving Web firmly believe that initiatives such as Drupal Diversity & Inclusion (DDI)—a team of Drupalists that provides a safe space to discuss and share resources about diversity, supporting people who feel underrepresented in the tech industry.

An Event Not to Be Missed

For a first-time attendee like myself, Acquia Engage 2021 was a display of innovation, inspiration, and human connection. It’s clear that Acquia not only offers secure, fully supported Drupal-based solutions, but they also know how to put up a fantastic event.

I can’t wait for the next Acquia Engage. See you next year, partners!

 

>> Register in our webinar about how Drupal fits into the landscape of DXPs

Evolving Web's webinar on the future of content management
+ more awesome articles by Evolving Web


Go to Source
Author:

Droptica: What is Two Factor Authentication and How to Use It in Drupal?

.

Two factor authentication (2FA) is an increasingly popular functionality on websites, and this article will teach you how to completely implement it on a Drupal 9 or 8 site.

What is two factor authentication?

Two-step authentication is the process of authenticating the user at login, consisting of two verification methods. The first method refers to the well-known login by entering login and password. Along with web development and many services storing sensitive data, such as Facebook or GitHub, the risk of attacks and the possibility that someone unauthorised gains access to your account has increased. To prevent such a situation, the second method of authentication has been introduced. The solution doesn’t guarantee 100% certainty that your data is safe, but it greatly improves data security, for instance, in Drupal.

The most popular methods of the second authentication at login include:

  • a code sent by SMS message,
  • a list of generated codes to be used,
  • generation of access codes in external applications such as Google Authenticator.

Implementation of two factor authentication in Drupal

Implementing the basic version of this functionality comes down to installing several modules and their configuration.

The basic version includes:

  • changing the login process in Drupal,
  • new block with a login form,
  • generation of text access codes.

The extended issues that we’ll describe in this article will concern the generation of codes in the Google Authenticator application and codes sent to an email address.

Modules

To build the two factor authentication presented in this article, you’ll need the following modules:

  • Two-factor Authentication (TFA) – main functionality,
  • Key – Drupal module for managing keys,
  • Encrypt – allows other modules to encrypt and decrypt data,
  • Real AES or other module adding an encryption method (a list of these modules is listed on the site of the Encrypt module),
  • GA_login – integration with Google Authenticator, a mobile application that generates codes.

Installation

The fastest way to install all the modules you need is to use Composer and execute the shell command:

composer require drupal/tfa

and

composer require drupal/real_aes

Executing the shell command in Composer

 

If you aren’t using Composer, download each of these modules and unzip them in the directory where the site is hosted – /modules/contrib. If you don’t have a contrib directory, you’ll need to create one.

Now enable all modules.

Drush: drush en key real_aes encrypt tfa ga_login

Or conventionally on the site /admin/modules

Enabling the modules like Two-factor Authentication (TFA) in Drupal

 

Login process after installation of Two-Factor Authentication (TFA) module

  1. The user enters their login data (login and password) into the form and confirms them.
  2. If the data are correct, Drupal creates a user session, identifying the user as authenticated.
  3. TFA module implements hook_user_login.
  4. TFA verifies whether the logged-in user should use the second authentication method. If yes, the user is logged out and redirected to the second authentication method.
  5. The authentication process follows, e.g., by entering a code from an SMS message.
  6. If the code is correct, the user is logged in again.

Configuration of modules

The first step is to create a key for encryption. For this purpose, proceed to the Key module configuration and add a new key.

/admin/config/system/keys/add

Adding a new key in the Key module configuration

 

Give the key a name. Select Encryption as the key type and set the Key size to 256 bits.

In the settings, where the key is taken from, there are three options to choose from. However, for security reasons, I recommend choosing to keep the key in a file outside the website’s main directory or as an environment variable (env).

For a file in File location, you need to specify the path where the file is located. It must already exist because otherwise, you won’t be able to save any changes. See below how to generate such a file.

File path

../keys/tfa.key

Where .. (two dots) means that you are leaving the current directory to go up higher.

A third option, which isn’t recommended, is to keep the key in the configuration files. In this case, you have to be careful because they are in the directory where the site is hosted. They might also be sent to the repository by mistake.

You can see an example of a directory structure presenting the keys’ location in the screenshot below.

  • Web – directory with Drupal,
  • keys – directory with keys,
  • tfa.key – file with keys.

An example directory structure with the place where the keys are kept

 

How to generate a 256-bit key?

The easiest way to do this is with the Linux command:

openssl rand -base64 32 > tfa.key

or

dd if=/dev/urandom of=keyfile bs=32 count=1 > tfa.key

In both cases, the result will be creating a tfa.key file with the generated key.

After saving the changes, you proceed to the configuration of the Encrypt module, where you’ll need to add an encryption profile.

/admin/config/system/encryption/profiles

Configuration is simple, limited to selecting the encryption method, in this case, provided by the Real AES module, and choosing the key you have just generated.

Adding an encryption profile for the Encrypt Drupal module

After these operations, you can proceed to the configuration of the TFA module, which can be found at the site

/admin/config/people/tfa

From here, you manage the entire functionality. You enable and disable 2FA (two factor authentication) for our site, by default, 2FA is disabled. We also select the roles for which 2FA will be required. It’s important that on the site with permissions, the selected role has access to 2FA configuration.

Selecting the roles for who the two factor authentication will be required

 

Two factor authentication plugins

After installing the modules mentioned above, we have three plugins to choose from. Two of them are based on the Google Authenticator application.

Authentication plugins available in the TFA Settings

 

  • Time-based OTP – the application generates time codes that allow you to log in to the site.
  • Hmac-based OTP – a hash key is generated, and the user can log in if there is a match.

The third plugin is available directly from the Two-factor Authentication module.

  • TFA Recovery codes – generates a set number of codes for the user to use when logging in.

We can create our own plugins (we’ll mention this later in the article) and introduce new ways of authentication, e.g., via SMS codes.

In the settings, you can also specify how many times a user can skip enabling 2FA. The default is 3 logins. After logging in, the following message will appear.

A message that displays after skipping enabling two factor authentication for the third time

If the permissions for the role are set correctly, the Security tab will appear on the profile site with the option to configure each of the authentication methods enabled.

Address: /user/UID/security/tfa

To enable two factor authentication, you only need to configure one method. If more than one method is configured, the user will be able to choose which method to use when logging in, and the user won’t have to go through authentication using each method.

Configuring two factor authentication method in Drupal

 

We enable the TOTP and HOTP plugins via the mobile app of our choice, namely:

  • Google Authenticator (Android/iPhone/BlackBerry),
  • Authy (only TOTP),
  • FreeOTP (Android),
  • GAuth Authenticator (desktop).

You also need to scan a generated QR code in the application.

QR code generated in Drupal that we need to scan in the chosen mobile app

After this operation, codes will be generated in the mobile application. Now, generate the first code and confirm it. If it’s correct, the selected method will be enabled.

The authentication code for logging into Drupal website, generated in Google Authenticator app

For Recovery Codes, simply generate and save the codes in a safe place.

Generating the recovery codes for two factor authentication

This method will be enabled by generating the codes and assigning them to the user’s account – the Save codes to account button.

Your own authentication plugin

The TFA module gives you the ability to add your own two factor authentication plugins. This consists in creating appropriate classes with methods.

How else can you authenticate a user who is logging in? You can send the code by SMS, email (there is a ready-made TFA Email module for this) or on Slack.

The whole code presented below isn’t a ready-made plugin but only a description of what it’s built of.

It’s easy to map your own module based on the code from the ga_login module. I recommend reviewing and analyzing it for better understanding.

Let us assume that our module is called tfa_code. The two main classes should be located in the following directories.

TfaCodeValidation Class (name can be freely given)

tfa_code/src/Plugin/TfaValidation/TfaCodeValidation.php

TfaCodeSetup Class (name can be freely given)

tfa_code/src/Plugin/TfaValidation/TfaCodeSetup.php

The TfaCodeSetup class is used to handle the process of enabling a given authentication method, and the TfaCodeValidation class is responsible for the process of authenticating the user at login using the selected method.

TfaCodeSetup class and its main elements

The annotation in the class comment contains information that this is the TfaSetup plugin and has a unique id that will be used in the other class.

/**
* Setup for 2FA by SENDING code.
*
* @TfaSetup(
*   id = "tfa_code_setup",
*   label = @Translation("TFA Code Setup"),
*   description = @Translation("TFA Code Setup Plugin"),
*   setupMessages = {
*    "saved" = @Translation("code saved."),
*    "skipped" = @Translation("code not saved.")
*   }
* )
*/
class TfaCodeSetup extends TfaCodeValidation implements TfaSetupInterface {

The class inherits from the validation class and implements the interface contained in the TFA module.

Method

public function ready() {

It returns TRUE if the authentication method can be enabled in the given context. When can it, on the other hand, return FALSE? For example, if you implement the sending of codes via SMS, users must first confirm their phone number in their profile. If the user doesn’t confirm their phone number beforehand, they can’t enable this authentication method. The ready() method should then be written in such a way that it returns FALSE.

Method

public function getOverview(array $params) {

Displays information and links about how to enable the authentication method.

Method

public function getSetupForm(array $form, FormStateInterface $form_state, $reset = 0) {

Contains the definition of the form for enabling the given method. It’s here that the requirements to enable the plugin must be included, such as a box of the form to enter the code that will come to the person who wants to enable this authentication method.

Example:

$form['get_code'] = [
 '#type' => 'button',
 '#value' => t('Get validation code),
 '#ajax' => [
   'callback' => [$this, 'get'],
   'event' => 'click',
 ],
 '#limit_validation_errors' => [],
 '#prefix' => '
', '#suffix' => '
', ];

A button that activates the get function, defined in the callback.

In the get function, you have to program the sending of the code to the user, e.g., via email or SMS. The name of the function may be freely given here.

Box for entering the sent code

$form['tfa_container']['set_tfa_code'] = [
 '#type' => 'textfield',
 '#size' => 30,
 '#placeholder' => t('Type validation code here'),
 '#prefix' => '
', '#suffix' => '
', ];

The fact whether the codes match – the one sent with the one entered – is verified in this method

public function validateSetupForm(array $form, FormStateInterface $form_state) {

If everything is correct, the method

public function submitSetupForm(array $form, FormStateInterface $form_state) {

returns TRUE.

TfaCodeValidation class and its main elements

The class annotation is analogous to that of TfaCodeSetup.

/**
* Code validation class.
*
* @TfaValidation(
*   id = "tfa_code_validation",
*   label = @Translation("TFA Code validation"),
*   description = @Translation("TFA Code Validation Plugin"),
*   setupPluginId = "tfa_code_setup",
* )
*/

Method

public function ready() {

Looks analogous to the previous class.

Method

public function getForm(array $form, FormStateInterface $form_state) {

It is here that the form for the method is created. The user sees the form when logging in and authenticating. As in the previous class, there should be boxes for sending and entering the code. The code is verified in the method

public function validateForm(array $form, FormStateInterface $form_state) {

This concludes the implementation of our own two-factor authentication plugin. Once again, I recommend analyzing the code from the ga_login module, as you will quickly create your own working module based on it.

Two factor authentication in Drupal – summary

With this extended article, we wanted to explain the implementation of two factor authentication for a Drupal website as best as possible. Nowadays, more and more Internet users are aware of the risks and loss of data. Enabling 2FA makes their accounts on websites more secure and harder to intercept. Two factor authentication isn’t a 100% guarantee, but it certainly significantly increases both security and the level of trust for the site on which this functionality is implemented. Our Drupal support team can help you implement it and provide more advice on the security of your site.


Go to Source
Author: