Straight From Drupal

KnackForge: How to update Drupal 8 core?

Feeds from Drupal.org - Sat, 2018-03-24 05:01
How to update Drupal 8 core?

Let's see how to update your Drupal site between 8.x.x minor and patch versions. For example, from 8.1.2 to 8.1.3, or from 8.3.5 to 8.4.0. I hope this will help you.

  • If you are upgrading to Drupal version x.y.z

           x -> is known as the major version number

           y -> is known as the minor version number

           z -> is known as the patch version number.

Sat, 03/24/2018 - 10:31
Categories: Straight From Drupal

qed42.com: Securing Cookie for 3rd Party Identity Management in Drupal

Feeds from Drupal.org - Mon, 2017-10-30 08:15
Securing Cookie for 3rd Party Identity Management in Drupal Body

We are in an era where we see a lots of third party integrations being done in projects. In Drupal based projects, cookie management is done via Drupal itself to maintain session, whether it be a pure Drupal project or decoupled Drupal project,.

But what when we have a scenario where user’s information is being managed by a third party service and no user information is being saved on Drupal? And when the authentication is done via some other third party services? How can we manage cookie in this case to run our site session and also keep it secure?

One is way is to set and maintain cookie on our own. In this case, our user’s will be anonymous to Drupal. So, we keep session running based on cookies! The user information will be stored in cookie itself, which then can be validated when a request is made to Drupal.

We have a php function to set cookie called setCookie() , which we can use to create and destroy cookie. So, the flow will be that a user login request which is made to website is verified via a third party service and then we call setCookie function which sets the cookie containing user information. But, securing the cookie is must, so how do we do that?

For this, let’s refer to Bakery module to see how it does it. It contains functions for encrypting cookie, setting it and validating it.

To achieve this in Drupal 8, we will write a helper class let’s say “UserCookie.php” and place it in ‘{modulename}/src/Helper/’. Our cookie helper class will contain static methods for setting cookie and validating cookie. Static methods so that we will be able to call them from anywhere.

We will have to encrypt cookie before setting it so we will use openssl_encrypt() php function in following manner:

/** * Encrypts given cookie data. * * @param string $cookieData * Serialized Cookie data for encryption. * * @return string * Encrypted cookie. */ private static function encryptCookie($cookieData) { // Create a key using a string data. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Create an initialization vector to be used for encryption. $iv = openssl_random_pseudo_bytes(16); // Encrypt cookie data along with initialization vector so that initialization // vector can be used for decryption of this cookie. $encryptedCookie = openssl_encrypt($iv . $cookieData, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); // Add a signature to cookie. $signature = hash_hmac('sha256', $encryptedCookie, $key); // Encode signature and cookie. return base64_encode($signature . $encryptedCookie); }
  1. String parameter in openssl_digest can be replaced with any string you feel like that can be used as key. You can keep simple keyword too.
  2. Key used should be same while decryption of data.
  3. Same initialization vector will be needed while decrypting the data, so to retrieve it back we append this along with cookie data string.
  4. We also add a signature which is generate used the same key used above. We will verify this key while validating cookie.
  5. Finally, we encode both signature and encrypted cookie data together.

For setting cookie:
 

/** * Set cookie using user data. * * @param string $name * Name of cookie to store. * @param mixed $data * Data to store in cookie. */ public static function setCookie($name, $data) { $data = (is_array($data)) ? json_encode($data) : $data; $data = self::encrypt($data); setcookie($name, $cookieData,Settings::get('SOME_DEFAULT_COOKIE_EXPIRE_TIME'), '/'); }

Note: You can keep 'SOME_COOKIE_KEY' and 'SOME_DEFAULT_COOKIE_EXPIRE_TIME' in your settings.php. Settings::get() will fetch that for you.
Tip: You can also append and save expiration time of cookie in encrypted data itself so that you can also verify that at time of decryption. This will stop anyone from extending the session by setting cookie timing manually.

Congrats! We have successfully encrypted the user data and set it into a cookie.

Now let’s see how we can decrypt and validate the same cookie.

To decrypt cookie:

/** * Decrypts the given cookie data. * * @param string $cookieData * Encrypted cookie data. * * @return bool|mixed * False if retrieved signature doesn't matches * or data. */ public static function decryptCookie($cookieData) { // Create a key using a string data used while encryption. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Reverse base64 encryption of $cookieData. $cookieData = base64_decode($cookieData); // Extract signature from cookie data. $signature = substr($cookieData, 0, 64); // Extract data without signature. $encryptedData = substr($cookieData, 64); // Signature should match for verification of data. if ($signature !== hash_hmac('sha256', $encryptedData, $key)) { return FALSE; } // Extract initialization vector from data appended while encryption. $iv = substr($string, 64, 16); // Extract main encrypted string data which contains profile details. $encrypted = substr($string, 80); // Decrypt the data using key and // initialization vector extracted above. return openssl_decrypt($encrypted, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); }
  1. We generate the same key using same string parameter given while encryption.
  2. Then we reverse base64 encoding as we need extract signature to verify it.
  3. We generate same signature again as we have used the same key which was used to creating signature while encryption. If doesn’t signatures doesn’t matches, validation fails!
  4. Else, we extract initialization vector from the encrypted data and use to decrypt the data return to be utilized.
/** * Validates cookie. * * @param string $cookie * Name of cookie. * * @return boolean * True or False based on cookie validation. */ public static function validateCookie($cookie) { if (self::decryptCookie($cookieData)) { return TRUE; } return FALSE; }

We can verify cookie on requests made to website to maintain our session. You can implement function for expiring cookie for simulating user logout. We can also use decrypted user data out of cookie for serving user related pages.

navneet.singh Mon, 10/30/2017 - 13:45
Categories: Straight From Drupal

heykarthikwithu: Composer in Drupal 8 - Manage dependencies

Feeds from Drupal.org - 1 hour 56 min ago
Composer in Drupal 8 - Manage dependencies

Install Modules/Themes via Composer in Drupal 8

 

heykarthikwithu Monday, 23 October 2017 - 11:32:54 IST
Categories: Straight From Drupal

Drupal Mexico: La UNAM en Drupal

Feeds from Drupal.org - Sun, 2017-10-22 15:34

Tal vez todos ya sabian, tal vez no, Pero el portal de la UNAM esta hecho con drupal.

https://www.unam.mx

Versión: Drupal 7Categorias: Sitios hechos en Drupal
Categories: Straight From Drupal

Vuetable

Latest Drupal Modules - Sun, 2017-10-22 11:33

This module provides a render element for Vuetable 2 that is a Vue.js component.

You can use this render element to add a Vuetalbe 2 component into a form or page, wherever can render a render array, just like other render element.

Here is the example codes:

Categories: Straight From Drupal

D8: Bootstrap Tour

Latest Drupal Modules - Sat, 2017-10-21 19:40
Categories: Straight From Drupal

Block instance field

Latest Drupal Modules - Sat, 2017-10-21 17:33

With this you can create a block instance that is rendered inside a field.

Categories: Straight From Drupal

Flysystem - Aliyun OSS

Latest Drupal Modules - Sat, 2017-10-21 15:31

Provides an Aliyun OSS plugin for Flysystem.

Categories: Straight From Drupal

Semantria Integration

Latest Drupal Modules - Sat, 2017-10-21 14:07

Provides integration with the Lexalytics Semantria Services.

Categories: Straight From Drupal

Freshmarketer

Latest Drupal Modules - Sat, 2017-10-21 10:14

Freshmarketer plugin for Drupal assists you in the quick integration of Freshmarketer tracking code into your Drupal template after which you can use Freshmarketer to optimize your site and boost conversions.

Categories: Straight From Drupal

Link Formatter query fix

Latest Drupal Modules - Sat, 2017-10-21 07:50

This module fix query parameters duplication.
See https://www.drupal.org/node/2885351 for more info.

  • Enable module.
  • Rebuild cache.
  • Set 'Link (query duplication fix)' in display settings of your link field.
Categories: Straight From Drupal

Lullabot: A Software Developer’s Guide to Project Communication: Part 1

Feeds from Drupal.org - Fri, 2017-10-20 17:32

The key to a successful project is good communication.  Honesty and directness about timelines and scopes of work go a long way to relieve pressure from the development team and avoid frustration from stakeholders, but what about the day-to-day information exchanged between developers, designers, and project managers? This is the grease that keeps the project running smoothly and should not be overlooked.

As teams vary in size, so do the roles and responsibilities of individual team members.  Smaller teams have fewer communication channels, so you may need to switch between your developer hat and project manager hat frequently.  On larger teams your hat rack may be quite sparse, but the number of communication channels, and thus the possibility of miscommunication, is far greater.

Regardless of the size of your team, information about the project must be communicated and documented effectively.  From very large teams to projects where it's just me, I've learned how damaging even minor miscommunication can be.  Conversely, you look like a hero when you get it right.  Stakeholders, project managers, and developers work in very different realms. In this article I'll discuss a few overarching principles that I've learned to help navigate the monsoon of information blustering through a project.  They will help you regain control of your time and create a more productive and successful project.

What is Communication?

Existentialism aside, what do we really mean when we talk about communication?  Communication is an exchange of information between parties.  The parties may be people, but they may also be project management tools.  From video conferences to GitHub notifications, these are all part of the project communication landscape and require different levels of attention.

Forms of Communication

Here are some of the most common methods of communication I've dealt with on projects:

  • In-Person Meetings
  • Voice conference
  • Video conference
  • Chat
  • Text message
  • Direct Email
  • Email Notifications
  • Project Management Tools
  • RSS Feeds
  • Twitter
  • Mobile Notifications

All these types of communication serve a unique role. We wouldn't use them if they weren't helpful, but the question we really should be asking is, "are they necessary?"  Gone unchecked, many of these tools can overrun each other and tangle the workflow.

For example, Slack is a great tool for team members to quickly exchange information between each other, but numerous tools can also post updates into Slack.  A few may be helpful, but too many can dilute the conversation and the effectiveness of the tool.  So how do you find the balance between effective and over-communication?  We can start by categorizing these forms of communication into two groups: active and passive.

Active vs Passive Communication

I find it helpful to group all communication into two categories: active and passive.

Active communication is a two way street.  The sender is expecting a direct response.  Google hangouts, Slack discussions, and phone calls are all forms of active communication.  There is an immediate reciprocation between the parties involved.  You wouldn't invite someone to a conversation just to read them the backlog of tickets, would you?

Passive communication, on the other hand, does not require a direct reply.  This is not as easily definable as active communication.  Let's take a look at email as an example.

If Stakeholder Sarah emails you a question about the next deadline, that is active communication.  She is expecting a response from you in a timely manner.  When a Github notification shows up in your inbox informing you that your pull request has been merged, no follow up is required.  This is passive.  Now, if you receive an email from Jira Notifications because the client asked a question on one of your tickets, which category does that fall under?  It's a notification email, so you shouldn't respond to it directly, but the client is expecting an answer.  Ultimately it depends on the ground rules for communication you set for your project.

Setting Expectations

I tend to follow this order of urgency for response, from most urgent to least.  It's important to agree on a set of communication guidelines at the beginning of a project so everyone on the team follows the same expectations.

  1. Live Communication If you ask me a question face-to-face, of course I will respond to you right away.
  2. Chat Chances are that unless I've set my away message, I'm receiving chat messages in real time.  However, I might be neck-deep in some code or preoccupied in another conversation, so I will respond as soon as I can, but maybe not be right away. 
  3. Mentions in Comments Comments in Jira tickets or GitHub pull requests will likely go unread even if they show up in my inbox unless I am specifically mentioned in them.  I get a lot.  The convention to use the @ symbol to mention another person links their account in the ticket and generates more specific notifications for that person.  It the difference between saying something needs to be done and asking someone to do something about it.
  4. Email I use a couple of email addresses to keep my interests separate so I use an email client to aggregate them into one management space.  However, I find constant email notifications and alerts distracting, so I don't keep my email client open when I don't need to (more on this later).  If you email me, I will probably get back to you within the day, but don't rely on me standing by my inbox waiting to reply to you.  This rule is so important to us that we actually wrote it into the Lullabot Employee Handbook along with a few other tips.
  5. Unmentioned Comments I will likely still get email notifications about activity on repositories, projects or tickets I'm watching or otherwise related to, but if you don't mention me in the comment, it will disappear into tornado of notifications and chances are I won't see it unless I'm reading the backscroll on the ticket.

These are just my rules, but they have worked well for me so far.

Understanding the communication landscape of your project is a necessary foundation.  Setting the proper expectations will prevent miscommunication and keep the project running smoothly.  So far we've identified some of the most common pitfalls and laid the groundwork for a fluid project.  In the next two articles of the series I'll provide advice for managers and stakeholders on how to communicate effectively with the development team and also offer some recommendations and tricks for handling the number one offender when it comes to communication overload: email.

Categories: Straight From Drupal

CKEditor Giella

Latest Drupal Modules - Fri, 2017-10-20 15:28

This module provides a CKEditor integration of the Giella CKEditor Plugin developed by the UiT The Arctic University of Norway. It offers a SCAYT spellchecker for the Sámi languages.

Categories: Straight From Drupal

InternetDevels: Spice up your Drupal 8 menus with the Superfish module

Feeds from Drupal.org - Fri, 2017-10-20 12:14
Spice up your Drupal 8 menus with the Superfish module

Let’s talk about secret ingredients in menus. Like the right spices, they create special flavours that your guests really enjoy. When it comes to your Drupal website menus, the recipe is simple: just add some jQuery! Using the Superfish Drupal module, which integrates the jQuery Superfish menu plugin, you can create interactive multi-level menus with exceptional usability features. Let’s see how it works on Drupal 8’s example.

Read more
Categories: Straight From Drupal

Webform Sanitize

Latest Drupal Modules - Fri, 2017-10-20 10:55
About this Module

Webform Sanitize module for sanitizing Webform submissions to remove potentially sensitive data. Also provides a drush command.

Do you use the excellent module Webform??
Do you move databases from production to test and need to sanitize sensitive data from webform submissions?

If yes, this module is for you!

Categories: Straight From Drupal

Deeson: Deeson at DrupalCon Vienna 2017: Becoming an Agile agency

Feeds from Drupal.org - Fri, 2017-10-20 10:51
Yoga pose

Last month a few of us in the team attended DrupalCon Vienna with fellow Drupal enthusiasts and developers from across Europe and further afield.

Over the three days, my teammates and I hosted several Birds of a Feather (BoF) sessions between us. The format is more participatory than a traditional talk, so it’s a great opportunity to engage in discussion and hear other perspectives from within the community. 

Deeson has been delivering digital projects since 2001, refining our agile delivery process over the years from the DSDM Agile Project Framework in combination with other agile practices particularly suitable for an agency environment.

My first BoF session invited other conference attendees to share their experiences (the highs and lows), tips and best practices for making Agile work in an agency. The following is a roundup of what we discussed over the hour.

Starting slow.

We identified that the typical journey sees agencies start off being ‘agile’ with a small a. They have begun to implement some of the process tools around agile, such as SCRUM, standups, sprints and so on, but aren’t yet living by the core elements of the Agile Manifesto.

Individuals and interactions over processes and tools. Working software over comprehensive documentation. Customer collaboration over contract negotiation. Responding to change over following a plan.

Agile Manifesto

Including the client.

We talked about whether the client should be an integral part of the delivery team or should be kept at arm’s length. Those who believed they had an Agile workflow suggested that the client should be part of the team and involved throughout. The benefit being that – as part of the team delivering the product – they share the risk with delivery.

Those who felt they still had some way to go in becoming Agile were more wary of this approach, believing the client either couldn’t take on these roles or wouldn’t want to. These agencies were more likely to retain full control of the project and client, and accept all the risk as a result.

Handling changing requirements.

There was a discussion about the time taken up with dealing with change, and how clients don’t always appreciate the efforts involved in managing their changing requirements. I described how we deal with this at Deeson with our Dual board in Jira.

Dual board

This process separates new ideas neatly from refined and signed off units of work ready for development. The client can see their backlog of new ideas and what state each is in, and knows that effort will be involved in taking those ideas from concept to ready for development.

We also considered the need for developers to be able to highlight to a client when an idea is completely new, and to prevent them from trying to squeeze additional functionality into a sprint which already had been signed off.

It’s good to have a SCRUM master or some level of leadership position in the team so developers don’t have to make these decisions themselves and can defer to someone else if they are unsure.

Questioning sprints.

Someone raised the idea that sprints were a waste of time in a truly agile project. They suggested that nirvana could be achieved with Kanban alone; there is only work in progress and with an engaged client and team you would be constantly refining the backlog so new work could constantly be pulled in and worked on. This works well in a model where the client has you on retainer as their technical team for a long period of time (rather than to deliver a specific thing, like a website). 

So there’s always a finite amount of WIP (work in progress). If stories are always refined to the point that they are about half a day's effort for one person, and are complete (finishing them can be tested and, in theory, released) then you can calculate the velocity and the time remaining on sections of work fairly accurately.

We invest heavily in agile training for our staff and clients, and we’re currently hiring for multiple roles including a Delivery Manager.

Categories: Straight From Drupal

Login Redirect to Front

Latest Drupal Modules - Fri, 2017-10-20 08:25
Synopsis

Module redirect to front page after login. At the moment the module has no settings and works for all users.

You can help!

Repository on GitHub

Donate

You can donate here

Categories: Straight From Drupal

Valuebound: Selenium: A beginner’s guide to automation testing tool to ensure better user experience

Feeds from Drupal.org - Fri, 2017-10-20 08:02

Before delving into the how of automation testing using Selenium, let me talk about the why.

Over the past couple of years, the demand for automation has increased at an unprecedented speed and scale as it indispensably minimizes the testing time, eliminate repetitive human tasks and make life easier. The advent of an open source automation testing tools, such as Selenium, has significantly reduced the demand and scope of manual testing.

Needless to say, every testing has its own quirks and best practices! However, there are certain standard best practices that generally apply to most automation, too. Let’s review the best practices of automation testing. You…

Categories: Straight From Drupal

Appnovation Technologies: SEO for Drupal Series, Part 1: Project Discovery and The Google Algorithm

Feeds from Drupal.org - Fri, 2017-10-20 07:00
SEO for Drupal Series, Part 1: Project Discovery and The Google Algorithm SEO for Drupal Part One - Project Discovery and The Google Algorithm In this new, fortnightly ‘A-Z of Drupal SEO and SEM’ series of Appnovation blog posts, we’ll see what it takes to turn a Drupal site into a traffic magnet, driving traffic growth and providing better Call to Action fulfillments without us...
Categories: Straight From Drupal

Lullabot: React in Drupal Core?

Feeds from Drupal.org - Fri, 2017-10-20 00:37
Matt and Mike talk with Drupal core committter Lauri Eskola, Drupal JavaScript maintainers Théodore Biadala, and Matthew Grill, and Lullabot's own Senior Technical Architect Sally Young about adopting a front-end JavaScript framework, specifically React into Drupal core.
Categories: Straight From Drupal

Pages

Subscribe to My Drupal aggregator - Straight From Drupal