Category: Other
-
Talking Drupal: Talking Drupal #320 – Drupal 8 End of Life
Today we are talking about Drupal 8 End of Life with Gábor Hojtsy.
Topics- John – NEDCamp is in two weeks
- April – Planning Drupal Camp Asheville in person next year
- Gábor – Thinking of all versions of Drupal
- Nic – Vacation was great – visited Salem
- What End of Life (EoL) means
- Statistics on number of sites
- Why D8 EoL is before D7
- What can people do to continue using D8
- Does the new release schedule and EoL schedule improve the platform
- Improvements to the process
- Process expected for D9 and D10
- D8 -> D9 migration process affect on adoption
- Expected differences with D7 EoL
- Current Projects
- Contributions
- Next big thing
- Core committer experience over the years
- Initiative lead, lead
- Merge request support with gitlab
- Making core committer’s life easier
- New England Drupal Camp
- Old versions of Drupal
- FGM getting it working on newer php
- https://osinet.fr/presentation/histoire-blocs-drupal
- Cheppers made a running version of Drupal 1 – 8
- Drupal Usage
- Drupal Upgrade Status
- Drupal 9 Deprecation
- Drupal 10 Deprecation
- Drupal rector sponsored by palantir.net
- Multi-core compatibility
- Project Update Bot
- Lenient Composer Facade
- Talking Drupal #312 – DrupalPod
- Closure of the multilingual initiative
- (over 1600 contributors credited on this issue!)
- Last page of commit history
- First contribution – contrib
- First core contributions (drupal.org issues did not yet exist, you would send in a patch via email) found through git log –reverse –grep “Gabor” | less
Gábor Hojtsy – www.hojtsy.hu @gaborhojtsy
HostsNic Laflin – www.nLighteneddevelopment.com @nicxvan John Picozzi – www.epam.com @johnpicozzi April Sides – @weekbeforenext
MOTWViews AJAX History Enable bookmaking of AJAX views. Supports filters and paging.
-
Tag1 Consulting: Has app development become too complex?
lynette@tag1co… Mon, 11/08/2021 – 07:00Over time, development has gotten more complex in some ways, and less in others. As technology develops, some of the requirements for coding that had been necessary in the past has shifted to a need to understand tooling. While changing some parts of a website have become easy due to advancements in CSS tools and other helpers, those changes may be harder to deploy due to build processes. Instead of making a quick and simple change, you may need a full CI/CD process – trading speed for stability and repeatability.
-
Zyxware Technologies: Why Drupal is Best for Content Heavy Websites?
Drupal is highly customizable and can be scaled to meet the needs of content-heavy websites like those in the government, media, and publishing space. -
Zyxware Technologies: Complete Guide to Drupal Security Modules 2021
Drupal, a market leader in open source CMS offers flexible architecture, fast implementation, scalability, and a host of other features. Here is a list of top Drupal 9 Security Modules -
Event Organizers: Announcing the Drupal Event Accessibility Playbook
The Drupal Event Organizers Working Group and Drupal Community Working Group are pleased to announce a resource to help make inclusivity easier to build into event planning. Initiated by the Community Working Group and taken over by the Event Organizers Working Group, the new Drupal Event Accessibility Playbook aims to provide guidance and accountability for addressing the accessibility of events with respect, professionalism, and grace.
The Drupal community is composed of and fully reliant on the amazing diverse people who choose to participate. Each individual and their perspective is valued. Our community is already a leader in our attention to the health of its members. This Event Accessibility Playbook is another way that we, as a community, can show respect to all our members. We continue to lead by example by being inclusive and accessible.
The initial release of the Drupal Event Accessibility Playbook has been set up like the Code of Conduct event playbook offered in the community; meant to be customized and refined to meet the needs of the event organizers and the local governmental requirements. This structure offers sample commitment messages, suggested acknowledgments, and ways for users to reach out for additional accommodations as needed. It is our hope that this playbook makes it easier for event organizing teams to build accessibility into their ongoing efforts.
We strongly encourage all Drupal event organizers to review the playbook and implement the suggestions as they see fit to best serve their local community.
The continued commitment to inclusivity and respect are at the forefront of our volunteers’ efforts. If there are additional ways we can help event organizers create better events, please submit your thoughts to the Drupal Event Organizers Working Group via the issue queue.
Each member’s unique perspective makes our global community stronger. We look forward to our continued growth together.
(The EOWG would like to thank April Sides, Donna Bungard, Mike Anello, and the rest of the CWG for their time and dedication to this initiative.)
-
Evolving Web: What I Learned at Acquia Engage 2021
Earlier this week, I attended the 8th edition of Acquia Engage, a two-day event full of learnings and connection opportunities by Acquia, one of the largest contributors to the Drupal open source. We at Evolving Web are proud to be Acquia Silver Partners, allowing us to support our clients with Acquia’s enterprise cloud and marketing solutions, which complement Drupal’s open source content management tools.
This was my first time at Acquia Engage. It gave me excellent insights into how organizations are leveraging Drupal to drive digital transformation, be more relevant to their audiences, and generate impact in their communities. It was truly exciting to see so many success stories, so here I’ll share my main takeaways from the event. Let’s get to it!
Drupal-based Business Solutions
Drupal is a powerful tool for businesses—and at Acquia Engage, I got to hear from end-users who pointed out how they’re driving innovation and efficiency in their organizations with Drupal. Those case studies involved more than 40 clients from many industries and sectors, such as house financing (Fannie Mae), food (King Arthur Baking Company), healthcare (WSIB), higher education (Penn State University, EAB), publicly funded media (PBS), and more.
King Arthur Baking Company’s CMO Bill Tine tells Acquia’s Lynne Capozzi what’s cooking with digital transformation. Many of the case studies had a marketing focus:
- PennState University is using headless Drupal and Gatsby to scale news delivery to partner websites and readers within the university community.
- Fannie Mae implemented the Acquia platform to create content that is easier to find and share by audiences looking for house financing.
- EAB (a US-based company that provides operational support to educational institutions) used Acquia’s Drupal-based tools to centralize their marketing resources and streamline content publishing processes for their distributed teams.
Others were about digital transformation and using Acquia’s platform to create richer experiences for users. Like King Arthur Baking, which went through a Drupal-powered journey from conventional food industry players to high-value content creators. In the end, they all were clear evidence that you can leverage Drupal as a complete digital experience platform (DXP) and not just as a flexible CMS—as we’ll be discussing in an upcoming webinar in November.
👩💻 [Webinar] Register to learn about the future of Drupal as a digital experience platform
One thing I found interesting was the emphasis on low-code and no-code digital platforms, such as Acquia’s Site Studio or Drupal’s Layout Builder and Paragraphs modules. These solutions are uniquely tailored for marketers, editors, and business leaders who want to save time and focus on “real work,” not worrying about technicalities.
Take SoCalGas, for example, the main provider of natural gas to Southern California. Their case study showed how their internal content team previously lacked the flexibility to publish and update content, needing constant technical support due to their unsupported legacy systems. By adopting Drupal 9, they incorporated a low-code approach to their content delivery workflows, helping them become a more customer-centric utility provider.
Human Connections, Moving Stories
Acquia Engage 2021 was not only about business, though. It was also about doing good through technology and awakening a sense of purpose. One example was Mick Eberling’s eye-opening note about his work at Not Impossible Labs. Mick and his organization are committed to tackling issues such as food insecurity and accessible healthcare by taking direct action. In the cases he presented, technology was a powerful means for change, like setting up a 3-D printing prosthetic lab based in Sudan.
Not Impossible Labs’s Mick Eberling gave one of the event’s best keynotes. Mick’s talk made me think about how our work in the digital industry has the power to make people’s lives better, for real. Like Evolving Web‘s recent work with Looking Forward, a mobile-first, bilingual website that provides information for patients recovering from all types of cancer, actively helping them rebuild their lives after completing their treatment.
I also saw some compelling talks about diversity at Acquia Engage. This is one of Evolving Web’s values and crucial in making the Drupal community more plural and innovative.
The Women in Martech panel, for example, mediated by Acquia’s CMO Lynne Capozzi, was an engaging talk about women’s roles in the digital industry. The panellists—Maria Greene, Senior Web Developer at Insulet Corporation, Barbara Von Euw, Director, Business Process – Consumer Data & Insights at PVH, and Hannah Smith, Senior Manager, Global CRM Solutions at MCM—discussed issues like gender equality, career options vs. parenting, and self-esteem, sharing some inspiring success stories and insights.
“Don’t compromise what you want because of expectations. One of the things that being a feminist is about is choosing your own path regardless of what society wants to push you towards.”
— Maria Greene, Senior Web Developer at Insulet CorporationAcquia Engage’s Women in Martech panel presented relevant perspectives about gender equality in tech. Watching this panel, it was clear to me that, while many women still have to hurdle the barriers of traditional gender roles, especially in a historically male-dominated industry such as ours, success is up for grabs for women in tech, as long as we promote inclusion. That’s why we at Evolving Web firmly believe that initiatives such as Drupal Diversity & Inclusion (DDI)—a team of Drupalists that provides a safe space to discuss and share resources about diversity, supporting people who feel underrepresented in the tech industry.
An Event Not to Be Missed
For a first-time attendee like myself, Acquia Engage 2021 was a display of innovation, inspiration, and human connection. It’s clear that Acquia not only offers secure, fully supported Drupal-based solutions, but they also know how to put up a fantastic event.
I can’t wait for the next Acquia Engage. See you next year, partners!
>> Register in our webinar about how Drupal fits into the landscape of DXPs
+ more awesome articles by Evolving Web -
Droptica: What is Two Factor Authentication and How to Use It in Drupal?
Two factor authentication (2FA) is an increasingly popular functionality on websites, and this article will teach you how to completely implement it on a Drupal 9 or 8 site.
What is two factor authentication?
Two-step authentication is the process of authenticating the user at login, consisting of two verification methods. The first method refers to the well-known login by entering login and password. Along with web development and many services storing sensitive data, such as Facebook or GitHub, the risk of attacks and the possibility that someone unauthorised gains access to your account has increased. To prevent such a situation, the second method of authentication has been introduced. The solution doesn’t guarantee 100% certainty that your data is safe, but it greatly improves data security, for instance, in Drupal.
The most popular methods of the second authentication at login include:
- a code sent by SMS message,
- a list of generated codes to be used,
- generation of access codes in external applications such as Google Authenticator.
Implementation of two factor authentication in Drupal
Implementing the basic version of this functionality comes down to installing several modules and their configuration.
The basic version includes:
- changing the login process in Drupal,
- new block with a login form,
- generation of text access codes.
The extended issues that we’ll describe in this article will concern the generation of codes in the Google Authenticator application and codes sent to an email address.
Modules
To build the two factor authentication presented in this article, you’ll need the following modules:
- Two-factor Authentication (TFA) – main functionality,
- Key – Drupal module for managing keys,
- Encrypt – allows other modules to encrypt and decrypt data,
- Real AES or other module adding an encryption method (a list of these modules is listed on the site of the Encrypt module),
- GA_login – integration with Google Authenticator, a mobile application that generates codes.
Installation
The fastest way to install all the modules you need is to use Composer and execute the shell command:
composer require drupal/tfa
and
composer require drupal/real_aes
If you aren’t using Composer, download each of these modules and unzip them in the directory where the site is hosted – /modules/contrib. If you don’t have a contrib directory, you’ll need to create one.
Now enable all modules.
Drush: drush en key real_aes encrypt tfa ga_login
Or conventionally on the site /admin/modules
Login process after installation of Two-Factor Authentication (TFA) module
- The user enters their login data (login and password) into the form and confirms them.
- If the data are correct, Drupal creates a user session, identifying the user as authenticated.
- TFA module implements hook_user_login.
- TFA verifies whether the logged-in user should use the second authentication method. If yes, the user is logged out and redirected to the second authentication method.
- The authentication process follows, e.g., by entering a code from an SMS message.
- If the code is correct, the user is logged in again.
Configuration of modules
The first step is to create a key for encryption. For this purpose, proceed to the Key module configuration and add a new key.
/admin/config/system/keys/add
Give the key a name. Select Encryption as the key type and set the Key size to 256 bits.
In the settings, where the key is taken from, there are three options to choose from. However, for security reasons, I recommend choosing to keep the key in a file outside the website’s main directory or as an environment variable (env).
For a file in File location, you need to specify the path where the file is located. It must already exist because otherwise, you won’t be able to save any changes. See below how to generate such a file.
File path
../keys/tfa.key
Where .. (two dots) means that you are leaving the current directory to go up higher.
A third option, which isn’t recommended, is to keep the key in the configuration files. In this case, you have to be careful because they are in the directory where the site is hosted. They might also be sent to the repository by mistake.
You can see an example of a directory structure presenting the keys’ location in the screenshot below.
- Web – directory with Drupal,
- keys – directory with keys,
- tfa.key – file with keys.
How to generate a 256-bit key?
The easiest way to do this is with the Linux command:
openssl rand -base64 32 > tfa.key
or
dd if=/dev/urandom of=keyfile bs=32 count=1 > tfa.key
In both cases, the result will be creating a tfa.key file with the generated key.
After saving the changes, you proceed to the configuration of the Encrypt module, where you’ll need to add an encryption profile.
/admin/config/system/encryption/profiles
Configuration is simple, limited to selecting the encryption method, in this case, provided by the Real AES module, and choosing the key you have just generated.
After these operations, you can proceed to the configuration of the TFA module, which can be found at the site
/admin/config/people/tfa
From here, you manage the entire functionality. You enable and disable 2FA (two factor authentication) for our site, by default, 2FA is disabled. We also select the roles for which 2FA will be required. It’s important that on the site with permissions, the selected role has access to 2FA configuration.
Two factor authentication plugins
After installing the modules mentioned above, we have three plugins to choose from. Two of them are based on the Google Authenticator application.
- Time-based OTP – the application generates time codes that allow you to log in to the site.
- Hmac-based OTP – a hash key is generated, and the user can log in if there is a match.
The third plugin is available directly from the Two-factor Authentication module.
- TFA Recovery codes – generates a set number of codes for the user to use when logging in.
We can create our own plugins (we’ll mention this later in the article) and introduce new ways of authentication, e.g., via SMS codes.
In the settings, you can also specify how many times a user can skip enabling 2FA. The default is 3 logins. After logging in, the following message will appear.
If the permissions for the role are set correctly, the Security tab will appear on the profile site with the option to configure each of the authentication methods enabled.
Address: /user/UID/security/tfa
To enable two factor authentication, you only need to configure one method. If more than one method is configured, the user will be able to choose which method to use when logging in, and the user won’t have to go through authentication using each method.
We enable the TOTP and HOTP plugins via the mobile app of our choice, namely:
- Google Authenticator (Android/iPhone/BlackBerry),
- Authy (only TOTP),
- FreeOTP (Android),
- GAuth Authenticator (desktop).
You also need to scan a generated QR code in the application.
After this operation, codes will be generated in the mobile application. Now, generate the first code and confirm it. If it’s correct, the selected method will be enabled.
For Recovery Codes, simply generate and save the codes in a safe place.
This method will be enabled by generating the codes and assigning them to the user’s account – the Save codes to account button.
Your own authentication plugin
The TFA module gives you the ability to add your own two factor authentication plugins. This consists in creating appropriate classes with methods.
How else can you authenticate a user who is logging in? You can send the code by SMS, email (there is a ready-made TFA Email module for this) or on Slack.
The whole code presented below isn’t a ready-made plugin but only a description of what it’s built of.
It’s easy to map your own module based on the code from the ga_login module. I recommend reviewing and analyzing it for better understanding.
Let us assume that our module is called tfa_code. The two main classes should be located in the following directories.
TfaCodeValidation Class (name can be freely given)
tfa_code/src/Plugin/TfaValidation/TfaCodeValidation.php
TfaCodeSetup Class (name can be freely given)
tfa_code/src/Plugin/TfaValidation/TfaCodeSetup.php
The TfaCodeSetup class is used to handle the process of enabling a given authentication method, and the TfaCodeValidation class is responsible for the process of authenticating the user at login using the selected method.
TfaCodeSetup class and its main elements
The annotation in the class comment contains information that this is the TfaSetup plugin and has a unique id that will be used in the other class.
/** * Setup for 2FA by SENDING code. * * @TfaSetup( * id = "tfa_code_setup", * label = @Translation("TFA Code Setup"), * description = @Translation("TFA Code Setup Plugin"), * setupMessages = { * "saved" = @Translation("code saved."), * "skipped" = @Translation("code not saved.") * } * ) */ class TfaCodeSetup extends TfaCodeValidation implements TfaSetupInterface {
The class inherits from the validation class and implements the interface contained in the TFA module.
Method
public function ready() {
It returns TRUE if the authentication method can be enabled in the given context. When can it, on the other hand, return FALSE? For example, if you implement the sending of codes via SMS, users must first confirm their phone number in their profile. If the user doesn’t confirm their phone number beforehand, they can’t enable this authentication method. The ready() method should then be written in such a way that it returns FALSE.
Method
public function getOverview(array $params) {
Displays information and links about how to enable the authentication method.
Method
public function getSetupForm(array $form, FormStateInterface $form_state, $reset = 0) {
Contains the definition of the form for enabling the given method. It’s here that the requirements to enable the plugin must be included, such as a box of the form to enter the code that will come to the person who wants to enable this authentication method.
Example:
$form['get_code'] = [ '#type' => 'button', '#value' => t('Get validation code), '#ajax' => [ 'callback' => [$this, 'get'], 'event' => 'click', ], '#limit_validation_errors' => [], '#prefix' => '
', '#suffix' => '', ];A button that activates the get function, defined in the callback.
In the get function, you have to program the sending of the code to the user, e.g., via email or SMS. The name of the function may be freely given here.
Box for entering the sent code
$form['tfa_container']['set_tfa_code'] = [ '#type' => 'textfield', '#size' => 30, '#placeholder' => t('Type validation code here'), '#prefix' => '
', '#suffix' => '', ];The fact whether the codes match – the one sent with the one entered – is verified in this method
public function validateSetupForm(array $form, FormStateInterface $form_state) {
If everything is correct, the method
public function submitSetupForm(array $form, FormStateInterface $form_state) {
returns TRUE.
TfaCodeValidation class and its main elements
The class annotation is analogous to that of TfaCodeSetup.
/** * Code validation class. * * @TfaValidation( * id = "tfa_code_validation", * label = @Translation("TFA Code validation"), * description = @Translation("TFA Code Validation Plugin"), * setupPluginId = "tfa_code_setup", * ) */
Method
public function ready() {
Looks analogous to the previous class.
Method
public function getForm(array $form, FormStateInterface $form_state) {
It is here that the form for the method is created. The user sees the form when logging in and authenticating. As in the previous class, there should be boxes for sending and entering the code. The code is verified in the method
public function validateForm(array $form, FormStateInterface $form_state) {
This concludes the implementation of our own two-factor authentication plugin. Once again, I recommend analyzing the code from the ga_login module, as you will quickly create your own working module based on it.
Two factor authentication in Drupal – summary
With this extended article, we wanted to explain the implementation of two factor authentication for a Drupal website as best as possible. Nowadays, more and more Internet users are aware of the risks and loss of data. Enabling 2FA makes their accounts on websites more secure and harder to intercept. Two factor authentication isn’t a 100% guarantee, but it certainly significantly increases both security and the level of trust for the site on which this functionality is implemented. Our Drupal support team can help you implement it and provide more advice on the security of your site.
-
Web Omelette: How to override the View metatags based on an entity reference filter
In this article I am going to show you a neat little trick by which we can override the static metatags of a given View with those that come from a potential dynamic filter (entity reference).
-
ImageX: What To Expect from Drupal 10, and How to Deal With Drupal 8’s End of Life
The wheels of Drupal development are turning faster and faster. -
Vasily Yaremchuk: One Possible Future of Drupal
One Possible Future of DrupalVasyl Yaremchuk 11/03/2021[youtube https://www.youtube.com/watch?v=rNWeucGdYMI]
About one month ago I took part in DrupalCamp Poland 2021.
You can find abstract of my presentation there. It’s about possible evolution of CMS like Drupal.
Also, there are a few recomendations how you can use Tome with some dynamic content.
My slides is there. Please, watch the video and let me know your feedback!
Does it make any sense?