Drupal

KnackForge: How to update Drupal 8 core?

Planet Drupal - 23 March 2018 - 10:01pm
How to update Drupal 8 core?

Let's see how to update your Drupal site between 8.x.x minor and patch versions. For example, from 8.1.2 to 8.1.3, or from 8.3.5 to 8.4.0. I hope this will help you.

  • If you are upgrading to Drupal version x.y.z

           x -> is known as the major version number

           y -> is known as the minor version number

           z -> is known as the patch version number.

Sat, 03/24/2018 - 10:31
Categories: Drupal

qed42.com: Securing Cookie for 3rd Party Identity Management in Drupal

Planet Drupal - 30 October 2017 - 1:15am
Securing Cookie for 3rd Party Identity Management in Drupal Body

We are in an era where we see a lots of third party integrations being done in projects. In Drupal based projects, cookie management is done via Drupal itself to maintain session, whether it be a pure Drupal project or decoupled Drupal project,.

But what when we have a scenario where user’s information is being managed by a third party service and no user information is being saved on Drupal? And when the authentication is done via some other third party services? How can we manage cookie in this case to run our site session and also keep it secure?

One is way is to set and maintain cookie on our own. In this case, our user’s will be anonymous to Drupal. So, we keep session running based on cookies! The user information will be stored in cookie itself, which then can be validated when a request is made to Drupal.

We have a php function to set cookie called setCookie() , which we can use to create and destroy cookie. So, the flow will be that a user login request which is made to website is verified via a third party service and then we call setCookie function which sets the cookie containing user information. But, securing the cookie is must, so how do we do that?

For this, let’s refer to Bakery module to see how it does it. It contains functions for encrypting cookie, setting it and validating it.

To achieve this in Drupal 8, we will write a helper class let’s say “UserCookie.php” and place it in ‘{modulename}/src/Helper/’. Our cookie helper class will contain static methods for setting cookie and validating cookie. Static methods so that we will be able to call them from anywhere.

We will have to encrypt cookie before setting it so we will use openssl_encrypt() php function in following manner:

/** * Encrypts given cookie data. * * @param string $cookieData * Serialized Cookie data for encryption. * * @return string * Encrypted cookie. */ private static function encryptCookie($cookieData) { // Create a key using a string data. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Create an initialization vector to be used for encryption. $iv = openssl_random_pseudo_bytes(16); // Encrypt cookie data along with initialization vector so that initialization // vector can be used for decryption of this cookie. $encryptedCookie = openssl_encrypt($iv . $cookieData, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); // Add a signature to cookie. $signature = hash_hmac('sha256', $encryptedCookie, $key); // Encode signature and cookie. return base64_encode($signature . $encryptedCookie); }
  1. String parameter in openssl_digest can be replaced with any string you feel like that can be used as key. You can keep simple keyword too.
  2. Key used should be same while decryption of data.
  3. Same initialization vector will be needed while decrypting the data, so to retrieve it back we append this along with cookie data string.
  4. We also add a signature which is generate used the same key used above. We will verify this key while validating cookie.
  5. Finally, we encode both signature and encrypted cookie data together.

For setting cookie:
 

/** * Set cookie using user data. * * @param string $name * Name of cookie to store. * @param mixed $data * Data to store in cookie. */ public static function setCookie($name, $data) { $data = (is_array($data)) ? json_encode($data) : $data; $data = self::encrypt($data); setcookie($name, $cookieData,Settings::get('SOME_DEFAULT_COOKIE_EXPIRE_TIME'), '/'); }

Note: You can keep 'SOME_COOKIE_KEY' and 'SOME_DEFAULT_COOKIE_EXPIRE_TIME' in your settings.php. Settings::get() will fetch that for you.
Tip: You can also append and save expiration time of cookie in encrypted data itself so that you can also verify that at time of decryption. This will stop anyone from extending the session by setting cookie timing manually.

Congrats! We have successfully encrypted the user data and set it into a cookie.

Now let’s see how we can decrypt and validate the same cookie.

To decrypt cookie:

/** * Decrypts the given cookie data. * * @param string $cookieData * Encrypted cookie data. * * @return bool|mixed * False if retrieved signature doesn't matches * or data. */ public static function decryptCookie($cookieData) { // Create a key using a string data used while encryption. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Reverse base64 encryption of $cookieData. $cookieData = base64_decode($cookieData); // Extract signature from cookie data. $signature = substr($cookieData, 0, 64); // Extract data without signature. $encryptedData = substr($cookieData, 64); // Signature should match for verification of data. if ($signature !== hash_hmac('sha256', $encryptedData, $key)) { return FALSE; } // Extract initialization vector from data appended while encryption. $iv = substr($string, 64, 16); // Extract main encrypted string data which contains profile details. $encrypted = substr($string, 80); // Decrypt the data using key and // initialization vector extracted above. return openssl_decrypt($encrypted, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); }
  1. We generate the same key using same string parameter given while encryption.
  2. Then we reverse base64 encoding as we need extract signature to verify it.
  3. We generate same signature again as we have used the same key which was used to creating signature while encryption. If doesn’t signatures doesn’t matches, validation fails!
  4. Else, we extract initialization vector from the encrypted data and use to decrypt the data return to be utilized.
/** * Validates cookie. * * @param string $cookie * Name of cookie. * * @return boolean * True or False based on cookie validation. */ public static function validateCookie($cookie) { if (self::decryptCookie($cookieData)) { return TRUE; } return FALSE; }

We can verify cookie on requests made to website to maintain our session. You can implement function for expiring cookie for simulating user logout. We can also use decrypted user data out of cookie for serving user related pages.

navneet.singh Mon, 10/30/2017 - 13:45
Categories: Drupal

Lullabot: React in Drupal Core?

Planet Drupal - 19 October 2017 - 5:37pm
Matt and Mike talk with Drupal core committter Lauri Eskola, Drupal JavaScript maintainers Théodore Biadala, and Matthew Grill, and Lullabot's own Senior Technical Architect Sally Young about adopting a front-end JavaScript framework, specifically React into Drupal core.
Categories: Drupal

PreviousNext: Testing CSV output in Drupal 8 with BrowserTestBase

Planet Drupal - 19 October 2017 - 2:39pm
Share:

In a recent project we were outputting CSV and wanted to test that the file contents were valid.

Read on for a quick tip on how to achieve this with Drupal 8's BrowserTestBase

by Lee Rowlands / 20 October 2017

Basically, the easiest way to validate and parse CSV in PHP is with the built in fgetcsv function.

So how do you go about using that inside a functional test - in that instance we're not dealing with a file so its not your ordinary approach for fgetcsv.

The answer is to create a stream wrapper in memory, and use fgetcsv on that.

The code looks something like this:

$response = $this->getSession() ->getDriver() ->getContent(); // Put contents into a memory stream and use fgetcsv to parse. $stream = fopen('php://memory', 'r+'); fwrite($stream, $response); rewind($stream); $records = []; // Get the header row. $header = fgetcsv($stream); while ($row = fgetcsv($stream)) { $records[] = $row; } fclose($stream);

There you have it, you now have the header in $header and the rows in $rows and can do any manner of asserts that you need to validate the CSV generation works as expected.

Tagged Drupal 8, Testing, Functional Testing

Posted by Lee Rowlands
Senior Drupal Developer

Dated 20 October 2017

Add new comment
Categories: Drupal

Drupal Association blog: Drupal Association Board Meeting Summary - 28 September, 2017

Planet Drupal - 19 October 2017 - 11:38am

On 28 September 2017, the Drupal Association held its third open board meeting of the year where community members listened in via zoom and in person. You can find the meeting minutes, board materials, and meeting recording here.

The board meeting was kicked off by an update from Dries Buytaert, followed by an Executive update from Megan Sanicki, Executive Director, and a Drupal.org update from Tim Lehnen, Director of Engineering. We also thanked and celebrated Tiffany Farriss, Vesa Palmu, and Jeff Walpole whose terms on the board end in November.

Dries Buytaert moving from Chairman to Founding Director position

One of the key announcements made during the meeting came from Dries Buytaert, who announced that in response to the Community Discussions findings, he is stepping down from the Drupal Association Chairman position. He will remain on the board in the Founding Director position.  This will go into effect in November when board seats expire and Adam Goodman will step into the role as interim Chairman, which is also in response to the community’s request for a neutral, outside expert to lead the board. To learn more about the Community Discussions, go here.

Adam Goodman is a leadership professor from Northwest University in Chicago, Illinois, USA. He's advised the Drupal Association on and off for the past 8 years, helping us evolve from a volunteer board to a strategic board. In this role, Adam will further evolve the board so it can orient itself around a new chairman structure.

Since Adam is a paid consultant, the Drupal Association needs to change its bylaws to allow Adam to sit on the board and be paid for his service. In addition to this change, we are doing a general update of the bylaws to include:

  • Eliminate non-existent committees like the HR committee

  • Modernize the tools we can use for online voting. Today we can use teleconferencing, but we also need to be able to use video conferencing.

To learn more about this board meeting, please watch the recording and stay tuned for an update on other improvements we are making in response to the community’s input.

Categories: Drupal

Drupal Association blog: Status of Speaker Agreement Violation

Planet Drupal - 19 October 2017 - 10:36am

Our community does amazing things together and they deserve to have the best working environment for collaboration. At the Drupal Association, we strive to create these open and collaborative environments at DrupalCon and on Drupal.org.

We recently became aware that a community member violated our speaker agreement at DrupalCon. The Drupal Association removed the video from the DrupalCon event site and the Drupal Association YouTube channel and we are determining additional actions. The community member acknowledged that they broke the speaker agreement and is cooperating with the Drupal Association as we take action.

We apologize that this content was shared. It didn’t create the best environment for our community to thrive and we will do better. We are looking at ways to enhance our process to avoid situations like this from happening again.

We also heard from the community discussion findings that were provided this summer, that the community needs a better understanding of the roles and responsibilities for volunteers that work on Drupal Association programs. The Drupal Association is working to define what is expected of each role and policies for managing situations when expectations are not met. We are working on developing a clear outline of these and you can expect to see them finalized by February 2018.

Categories: Drupal

Redfin Solutions: Pulling Salesforce Data in as Taxonomy Terms in D7

Planet Drupal - 19 October 2017 - 9:27am
Pulling Salesforce Data in as Taxonomy Terms in D7

Salesforce Suite is a group of modules for Drupal that allows for pulling data from Salesforce into Drupal, as well as pushing data from Drupal to Salesforce. The module api provides some very useful hooks, including the _salesforce_pull_entity_presave hook implemented by the Salesforce Pull module. In this blog post, we’ll look at using that hook to pull three Salesforce custom fields (select lists) into Drupal as taxonomy terms in three vocabularies.

Christina October 19, 2017
Categories: Drupal

Mediacurrent: Announcing Mediacurrent Labs

Planet Drupal - 19 October 2017 - 6:55am

Mediacurrent’s commitment to innovation has been clear since our founding ten years ago.

Categories: Drupal

Content Notifications

New Drupal Modules - 19 October 2017 - 5:54am

Display unread contents to logged-in users

Categories: Drupal

Normalize Address

New Drupal Modules - 19 October 2017 - 5:33am
Categories: Drupal

CKEditor Line Height

New Drupal Modules - 19 October 2017 - 4:44am

Integrates CKEditor's Line Height plugin to Drupal's CKEditor integration adding a new button to modify the line height.

Categories: Drupal

Varnish ban URLs

New Drupal Modules - 19 October 2017 - 4:44am

This module uses the Varnish module to provide to the user the possibility of banning a list of URLs from the Varnish cache in any moment.

It creates a new entry in the menu

/admin/content/cache/varnish-ban-urls

Where you can enter a list of URLs that will be banned from the cache.

Categories: Drupal

Amazon Widget

New Drupal Modules - 19 October 2017 - 3:54am

A client side Amazon widget.
This widget will hide the amazon fields and show the relevant items for the country code detected.

Categories: Drupal

Flocon de toile | Freelance Drupal: Filter content by year with Views on Drupal 8

Planet Drupal - 19 October 2017 - 3:00am
It is not uncommon to propose to filter contents according to dates, and in particular depending on the year. How to filter content from a view based on years from a date field? We have an immediate solution using the Search API module coupled with Facets. This last module allows us very easily to add a facet, to a view, based on a date field of our content type, and to choose the granularity (year, month, day) that we wish to expose to the visitors. But if you do not have these two modules for other reasons, it may be a shame to install them just for that. We can get to our ends pretty quickly with a native Views option, the contextual filter. Let's discover in a few images how to get there.
Categories: Drupal

BugHerd API

New Drupal Modules - 19 October 2017 - 1:57am

Drupal integration for BugHerd.

BugHerd turns client feedback into actionable tasks.

Your clients report issues by making annotations right from the site being worked on.

BugHerd turns these into full bug reports with all the info you need to fix the problem.

For more info visit the official BugHerd website

-- SPONSOR --


Categories: Drupal

Visually Impaired Support (module)

New Drupal Modules - 18 October 2017 - 11:56pm
Synopsis

Module provides version for visually impaired people according to Russian legislation

Dependencies

Visually Impaired Theme

You can help!

Repository on GitHub

Donate

You can donate here

Categories: Drupal

Panopoly Media

New Drupal Modules - 18 October 2017 - 10:40pm

Comming soon!

In Panopoly 2.0 for Drupal 8, we're moving the Media configuration to a new Feature (rather than bundling it in with Panopoly Widgets).

Categories: Drupal

CiviMember Roles Sync

New Drupal Modules - 18 October 2017 - 3:57pm

Synchronize CiviCRM Contacts with Membership Status to a specified Drupal Role both automatically and manually.

Categories: Drupal

anonymize

New Drupal Modules - 18 October 2017 - 12:49pm

Anonymize any field with Faker data.

Categories: Drupal

Elevated Third: Elevated Third Wins 2017 Acquia Engage Award

Planet Drupal - 18 October 2017 - 11:04am
Elevated Third Wins 2017 Acquia Engage Award Elevated Third Wins 2017 Acquia Engage Award Ayla Peacock Wed, 10/18/2017 - 12:04

At the 2017 Acquia Engage Conference, our enterprise web project for Pinnacol Assurance won the Financial Services category. As an Acquia Preferred Partner and sponsor of the Acquia Engage conference, we are thrilled to have been ranked beside the world's top Drupal websites. 

Pinnacol.com launched in December of 2016. As Colorado’s leading workers compensation insurer, Pinnacol Assurance needed a Drupal website design that reflected the company’s commitment to first-class service.

Built on Drupal 8, we launched a brand new enterprise content management system, created a one-of-a-kind knowledge hub, and revamped the site’s user experience interface.

“The Pinnacol project was lengthy and complex, we had very specific problems that required creative solutions. Elevated Third developed a high performing, enterprise-level website that continues to exceed our expectations.”

- Hilary Miller, Brand and Marketing Director, Pinnacol Assurance

This year, five of our Drupal websites were finalists in the annual Acquia Engage competition. Partners and customers submitted more than 200 nominations across 17 categories to the program. Our Drupal work ranked in the following categories. 

Powdr Corporation, Digital Experience Finalist

Denver Botanic Gardens, Nonprofit Finalist

Comcast Technology Solutions, Brand Experience Finalist

Firewise USA, Community Finalist

Pinnacol Assurance, Financial Services Winner

“Winning sites set themselves apart in how they grabbed our attention and made us want to learn more,” said CMSWire’s Dom Nicastro, one of the award program jurors. “The first thing I looked for were search and commerce capabilities. It's a Google and Amazon world that we live in. No one comes to a website just for a pretty design, and no one remembers a red call-to-action button versus a blue one. Sites that deliver excellent search and easy transactional experiences won for me.”

Congratulations to all the 2017 Acquia Engage winners!

Categories: Drupal

Pages

Subscribe to As If Productions aggregator - Drupal