Planet Drupal

Subscribe to Planet Drupal feed
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 15 hours 23 min ago

Drupal Association blog: Promote Drupal - Starting with Drupal.org Redesign

25 April 2018 - 5:48pm

You may have noticed that the Drupal.org front page has a new look. It’s just the start of our Promote Drupal Initiative that focuses on getting new decision makers to fall in love with Drupal. We started this work with the front page redesign, which is detailed below. 

We will accelerate this initiative and do so much more once we reach the $100,000 goal of the Promote Drupal Fund. This allows us to put the staff and resources in place to coordinate a multi-prong Drupal promotion with community members. 

Good news! We are more than halfway to our $100,000 goal. Thank you early supporters for investing in this fund. 

Together, let's show the world just how amazing Drupal is for organizations.  

Invest in the Promote Drupal Fund today! About the New Drupal.org Front Page

Come for the software; stay for the community is Drupal community’s long time tagline and remains at the heart of the project. It resonates because so many of us chose Drupal as our CMS and then we fell in love with the community. We want more people to take this journey and it starts with getting more people to adopt Drupal. 

That is why the Drupal Association updated the Drupal.org front page. Today, it is oriented to serve the various types of decision makers and influencers who are considering Drupal for their organization – and who will hopefully be our new community members. You may have heard about this project in our public board updates, Supporting Partner updates, or other channels. If not,  this post should provide ample insight. 

The research

Over the last two years, the Drupal Association iterated to improve the front page to better communicate with the audience who comes to the front page – evaluators. We could tell they were evaluators because they click on the content that someone needs to evaluate Drupal: Case studies, Try Drupal, etc. While there are roughly 2 million unique visitors to Drupal.org each month, about 350,000 of those uniques are visiting the front page. 

With 93% of Drupal.org traffic being anonymous, what we didn’t know was “who were these evaluators and what did they need to fall in love with Drupal faster?”

Over the last six months we set out to answer those questions in order to inform a front page redesign. Research included:

  • Cross reference traffic with audience insight tools to know who is coming to the site (using our own implementation of Do-Not-Track to ensure user privacy is respected)
  • Industry research to understand who the CMS buyers and influencers are now
  • Interviews with agency owners to understand who they sell to (job function)
  • Persona research, especially front page user research about the key personas coming to evaluate Drupal
Identifying  our evaluators

What we found was that the majority of Drupal.org front page visitors have technical positions (developer to C-level) and they work for end users (like corporations, governments, universities, etc.) or agencies.  These were not surprising findings. 

What was notable was that a significant amount of visitors worked in marketing and communications. This persona is the marketer and they are the people who use a CMS to generate leads for their business, gain engagement around their company’s brand and content, and drive online sales conversions. 

The lead marketer is the Chief Marketing Officer and they are a new business decision maker for CMS. Many agencies are now selling to the CMO in addition to the CIO. When looking at industry reports, this isn’t surprising. Gartner and other industry reports show that the CMO spends nearly the same amount on technology as the CIO. It’s more and more the CMO or marketing technologist who determines what MarTech tools their team uses to drive their business. This includes their CMS, personalization, analytics, social, and more. 

Based on this initial research, we knew the Drupal.org front page had to serve three evaluator personas: developer, agency, and marketer.  The next question to answer was: “How do we design the evaluator experiences for these different audiences”?  This started our persona and user research. 

Understanding our evaluators

We used the research listed above to understand what these evaluators think, feel, and need when choosing Drupal. Below is a summary of our findings and how they informed the evaluator experience we created for the three personas. Note, there are many evaluation paths. Below provides a simple and consolidated view. 

End user technical decision maker and influencers

The technical decision maker is the CIO or Director of Engineering for an end user organization (e.g. corporation, government, university, etc.). They ultimately decide if the organization is going to standardize on a platform. Our interviews showed that they care about performance, security, maintenance, etc. A common theme showed they have a criteria scorecard. With or without a committee they shortlist CMSes. Then, they send their developers to get information and bring it back. These developers are influencers – very important people for us to cater to. 

If open source was one of the CMS criteria, then Drupal is often short listed. The developer goes to the Drupal.org front page to get information that the CIO requested such as case studies (to find out if their peers or companies of similar size use Drupal), analyst reports, and comparison sheets (e.g. Drupal vs Sitecore). Plus, this developer wants to Try Drupal so they can see how it works and decide if it is  a tool they want to work with.  From this point, there are many other steps like finding an agency in the Drupal.org marketplace to work with. 

The user research showed that the front page needs to amplify more recognizable brand name case studies and give more detail about the power of Drupal by industry. The research as well as Matthew Grasmick’s blog shows that we need a better Try Drupal experience. Plus, we need to provide a comparison sheet that that speaks to a technical person. 

While there was a need for Drupal to show up in analyst reports, there is also the understanding that Gartner and Forrester will only include software that generates income (via proprietary software license fee). Drupal being open source is not considered by these analysts (yet). So – no analyst report for now.  

Marketing decision maker and influencer

To understand this persona, we talked to CMOs and marketing technologists – the marketing people who select and maintain their marketing tools. What we found is that they want to hear how a CMS can help them achieve their business goals around lead generation, brand proliferation, customer engagement, and sales conversions. They want their team to have tools that are easy to use so they can make a fast impact doing things like pushing out press releases or new marketing campaigns. Plus, they want their teams to have autonomy so they can make the changes they need all on their own and without IT. The marketing decision makers’ needs are very different from the technical decision maker. 

The CMO or marketing technologist’s decision making process starts with the need to drive business and have the right tools to do this. Often they bring in a marketing consultant to provide a brand or business strategy. As part of the strategy implementation recommendation, the consultant may recommend a new CMS or other MarTech tool

In the absence of bringing in a business consultant, the CMO / marketing technologist will do their own research, coming up with a scorecard focused on the marketing team’s needs (content authoring experience, ease of use, impact, business ROI). They will read technologist blogs that provide product comparisons. Then, they go to the product websites to get product comparison sheets that have a marketing/business focus, watch videos known as sizzle reels and they watch videos that show what it is like to use the tool from the marketing team’s perspective. They also want to see case studies, but they want to read about the product’s business impact. They do not want to read about which modules were used. Plus, they want to learn about how a product is used in their industry. After their interest is peaked, they want to talk to someone who can answer their questions and give them a demo. 

The CMO or marketing technologist also gets recommendations from their influencers; individuals on the marketing team. They ask if anyone used the tool and if they liked using it and want to use it again. These individuals on the marketing team have a lot of power in deciding if a tool is selected or if a tool remains in their department. If they can’t use the tool well to make the business impact they must make, then they will replace that product. 

As you can see, these two decision makers within an end user organization have different evaluation paths and are choosing software based on different criteria. This means we need to offer them unique paths with different value propositions and resources that resonate with each one. 

Agency evaluator

We love when an agency choses Drupal. They provide an adoption multiplier by getting more clients to use Drupal. Plus, they are the ones who decide to have a contribution culture and encourage their staff to contribute back. 

It is often the organization’s tech lead who decides which CMS to use for their clients. That title can range from the CEO to the solution architect. This persona has similar evaluator needs as the technical end user. What is different is that they also keep in mind what their clients are asking for in terms of technology choices and functionality. 

General Drupal.org user research

Whichever persona we interviewed, there were some common themes that came up. They are:

  • There are way too many calls to action. “I don’t know what you want me to do first.”
  • The page is trying to serve too many types of people. “It’s not clear what is the page’s goal.”
  • The language on the page makes me feel like this site is not for me
  • When I click on things I don’t get what I expect to get
  • The main navigation is confusing
  • The page feels very 1990s and needs to be modernized and have a personality (not corporate, please)
Turning feedback into a redesign

After all that research and feedback, it was clear that the time was now for redesigning the Drupal.org front page. 

With all this research, we decided to

  • Modernize the look and feel, which was done by the amazing sixeleven who donated their services.
  • Streamline the front page to reduce the calls to action
  • Add evaluation paths for developers, marketers, and agencies that take them to landing pages that are tailored for their evaluation needs.
  • Highlight more big name case studies
  • Expand the industries pages
  • Use community marketing assets like the Acquia video to provide a better evaluation experience for marketing personas.
  • Update the main navigation so it is user-centric for those evaluating Drupal, Building with Drupal, and participating in the community.
What this redesign doesn’t do

We knew that we alone could not create all of the resources that are needed to effectively support each evaluation path. While we did use resources from the business community, there are many gaps such as videos that show the content authoring experience. 

Promote Drupal Fund

We will complete this work via the Promote Drupal Initiative. We can begin once we reach our $100,000 goal for the Promote Drupal Fund. Funding will allow us to put the staff and resources in place to coordinate a multi-prong Drupal promotion. Contribute today!

What About The Sponsored Content

Yes, Drupal.org is funded by placing relevant and contextual content in the evaluation path. Try Drupal is a great example. We also highlight great case studies from our Premium and Signature Supporting Partners.  Evaluators can still find our community case studies and we will amplify strong ones on the front page, too.  We started this approach in 2014 and will continue to find ways to highlight the power of the community’s work while also finding ways to generate income through sponsored content so we can grow our Promote Drupal investments.

What about the Community Resources?

Come for the software; Stay for the community – as we improve the evaluation path, we need to make it easy for these new users to find their way to the community – to understand the power and passion of our community as well as join us in our efforts. Our Community Liaison, Rachel Lawson, will begin to work with a community group this year to improve drupal.org/community<https://www.drupal.org/community>. Much of the improvements will be guided by the feedback from the community governance group and their very useful discussions and insightful recommendations.

File attachments:  persona final.png front page screenshot.jpg
Categories: Drupal

Lullabot: The Blue Drop and the Red Pill

25 April 2018 - 1:20pm
In this episode, Matthew Tift discusses DrupalCon Nashville, the movie *The Matrix*, and various ways to understand the Drupal community. He plays clips from the Driesnote and Steve Francia's keynote, describes some of his experiences at DrupalCon, and offers ideas for what it might mean to understand "the real" Drupal.
Categories: Drupal

roomify.us: Tutorial: using BEE for Tours, Classes and Appointments

25 April 2018 - 11:33am
BEE makes it easy to quickly implement all kinds of booking & reservation use cases. We've created a new video that walks you through setting up reservations for classes using BEE and Drupal 8.
Categories: Drupal

Valuebound: Visualising Drupal Security Advisory Data

25 April 2018 - 11:30am
Drupalgeddon 2.0 brought a lot of focus on the Drupal security initiative and its practices. The way the security team was proactive with respect to disclosure,  the way it was communicated to the developers, community and press was commendable. In addition to all these the communication was continuous.

The vulnerability which started off with a risk score of 21/25 on March 28th was upgraded to 22/25 on April 13th and was finally marked as 24/25 on April 14th. If you are interested in what changed across these days for the score to vary you can checkout the revisions and…

Categories: Drupal

Platform.sh: Another Drupal security update: We've still got you covered

25 April 2018 - 10:54am
Another Drupal security update: We've still got you covered Crell Wed, 04/25/2018 - 17:54 Blog

The Drupal project today released another security update to Drupal 7 and 8 core, SA-CORE-20108-004. It is largely a refinement of the previous fix released for SA-CORE-2018-002 a few weeks ago, which introduced a Drupal-specific firewall to filter incoming requests. The new patch tightens the firewall further, preventing newly-discovered ways of getting around the filters, as well as correcting some deeper issues in Drupal itself.

We previously added the same logic to our own network-wide WAF to address SA-CORE-2018-002. With the latest release we've updated out WAF rules to match Drupal's updates, and the new code is rolling out to all projects and regions as we speak.

The upshot?

  1. You really need to update Drupal to 7.59 or 8.5.3 as soon as possible. We believe that some of the attack vectors fixed in the latest patch cannot be blocked by a WAF. See our earlier post for quick and easy instructions to update your Drupal 7 or 8 sites on Platform.sh in just a few minutes.

  2. Still, most of the attack vectors fixed in the latest release are covered by the WAF. That should help keep your site safe from most attacks until you can update. But please, update early and often.

Stay safe out there on the Internet!

Larry Garfield 25 Apr, 2018
Categories: Drupal

myDropWizard.com: Critical Drupal core security update for SA-CORE-2018-004 (including Drupal 6!)

25 April 2018 - 9:53am

Today, there is a Critical security release for Drupal core to fix a Remote Code Execution (RCE) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004

This issue also affects Drupal 6 (although, less severely than Drupal 7 or 8). So, we're also making a Drupal 6 Long-Term Support (D6LTS) release of Drupal core and the Filefield module.

Drupal 6 core security update

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

This fix is both for Drupal 6 core and the Filefield module. This is because the Drupal 7 & 8 fixes include changes to the core 'file' module, which isn't in Drupal 6 core, but an equivalent fix applies to the Filefield module.

Here you can download:

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install security updates for contrib modules (even though they won't necessarily have a release on Drupal.org).

Categories: Drupal

Lullabot: Should you Decouple?

25 April 2018 - 9:44am

One of the major topics of discussion in the Drupal community has been decoupled (or headless) Drupal. Depending on who you ask, it’s either the best way to build break-through user experiences, or nothing short of a pandemic. But what exactly is a decoupled architecture?

A decoupled content store splits the content of a website from how it is displayed into multiple independent systems. Decoupled sites are the logical evolution of splitting content from templates in current CMSs. Decoupled architectures started to become mainstream with the publication of NPR’s Create Once, Publish Everywhere (COPE) series of articles. Other media organizations including Netflix have seen great benefits from a decoupled approach to content.

Like many other solutions in computer science, decoupling is simply adding a layer of technical abstraction between what content producers create and what content consumers see.

Technical decision makers face an important choice when evaluating Drupal 8. When an existing site is upgraded to Drupal 8, how do we decide if we should decouple the site or not? Before we decide to work on a decoupled implementation, it’s critical that everyone, from developers and project managers, to content editors and business leaders, understand what decoupling is and how to ensure a decoupled effort is worth the technical risk.

Why Decouple?

I’ve seen many people jump to the conclusion that decoupling will solve problems unrelated to a decoupled architecture. Decoupling doesn’t mean a website will have a cleaner content model or a responsive design. Those are separate (though relevant) solutions for separate problem sets.

These are the specific advantages of a decoupled architecture for a large organization:

  • Clean APIs for mobile apps: Since the website front-end is consuming the same APIs as mobile apps, app developers know that they aren’t a second-tier audience.
  • Independent upgrades: When the content API is decoupled from the front-end, the visual design of a website can be completely rebuilt without back-end changes. Likewise, the back-end systems can be rebuilt without requiring any front-end changes. This is a significant advantage in reducing the risk of replatforming projects, but requires strict attention to be paid to the design of the content APIs.
  • APIs can grow to multiple, independent consumers: New mobile apps can be created without requiring deep access to the back-end content stores. APIs can be documented and made available to third parties or the public at large with little effort.
  • Less reliance on Drupal specialists: Drupal is a unique system in that front-end developers need to have relatively deep understanding of the back-end architecture to be effective. By defining a clear line between back-end and front-end programming, we broaden our pool of potential developers.
  • Abstraction and constraints reduce individual responsibilities while promoting content reuse: Content producers are freed from needing to worry about exact presentation on every single front-end that consumes content. Style and layout tweaks are solely the responsibility of each front-end. Meanwhile, front-end developers can trust the semantics of content fields and the relationships between content as determined by the content experts themselves.
Here Be Dragons

At the beginning of a decoupled project, the implementation will seem simple and straight-forward. But don’t be fooled! Decoupled architectures enable flexibility at the cost of simplicity. They aren’t without risk.

  • One system becomes a web of systems: A decoupled architecture is more complex to understand and debug. Figuring out why something is broken isn’t just solving the bug, but sorting out whether the problem lies in the request or in the API itself.
  • Strict separation of concerns is required to gain tangible benefits: As front-end applications grow and change, care has to be taken to ensure that front-end display logic isn’t encoded in the API. Otherwise, decoupled systems can slowly create circular dependencies. This leads to systems with all of the overhead of a decoupled architecture and none of the benefits.
  • Drupal out-of-the-box functionality only works for the back-end: Many contributed modules provide pre-built functionality we rely on for Drupal site builds. For example, the Google Analytics module provides deep integration with Drupal users and permissions, "page not found" tracking, and link tracking. In a decoupled architecture, this functionality must be rewritten. Site preview (or even authenticated viewing of content) has to be built from scratch in every front-end, instead of using the features we get for free with Drupal. Need UI localization? Get ready for some custom code. Drupal has solved a lot of problems over the course of its evolution so you don’t have to—unless you decouple.
  • The minimum team size is higher for efficient development: A Drupal site with a small development team is not a good candidate for decoupling unless content is feeding a large number of other applications. In general, decoupling allows larger teams to work concurrently and more efficiently, but doesn't reduce the total implementation effort.
  • Abstraction and constraints affect the whole business: The wider web publishing industry still has the legacy of the "webmaster". Editors are used to being able to tweak content with snippets of CSS or JavaScript. Product stakeholders often view products as a unified front-end and back-end, so getting the funding to invest in building excellent content APIs is an uphill battle. Post-launch support of decoupled products can lead to short-term fixes that are tightly coupled, negating the original investment in the first place.
The Heuristic

To help identify when decoupling is a good fit for a client, Lullabot uses the following guidelines.

Decoupled architectures may be appropriate when:

  1. The front-end teams require full freedom to structure and display the data.
  2. The front-end team does not have Drupal expertise.
  3. More than one content consumer (such as a website and multiple mobile apps) is live at the same time.
  4. Display front-ends combine data from multiple distinct API sources like CMSs, video management systems, and social media.
  5. A project consists of multiple development teams.

If a project meets some of these criteria, then we’ll begin a deep-dive into what decoupling would require.

  • Does decoupling also require a complete content rewrite, such as when migrating from legacy "full-page" CMS’s? We’ve encountered sites that haven’t made the move to structured data yet and still consist primarily of HTML “blobs.” This scenario presents a significant hurdle to decoupling, though it’s a separate problem from decoupling.
  • Does the development team have the time needed to build and document a content API with something like Swagger? Or is using Drupal as a site building (but coupled) development framework a better fit?
  • Does the web team consist primarily of Drupal developers, and will those developers continue to support the website in the future? Would the front-end team be better served by Views, Panels and the theme layer, or by a pure front-end solution like React or Angular?
  • Is there enough value in decoupling that the business is willing to change how they work to see it’s benefits?

Decoupled architectures are a great solution - but they’re not the only solution. Some of the best websites are built with a completely coupled Drupal implementation. It’s up to us as technical leaders and consultants to ensure we don’t let our excitement over an updated architecture get in between us and what a client truly needs.

Header image by Daniel Schwen CC BY-SA 4.0, from Wikimedia Commons

Categories: Drupal

Security advisories: Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004

25 April 2018 - 9:13am
Project: Drupal coreDate: 2018-April-25Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: 

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. While SA-CORE-2018-002 is being exploited in the wild, this vulnerability is not known to be in active exploitation as of this release.

Solution: 

Upgrade to the most recent version of Drupal 7 or 8 core.

  • If you are running 7.x, upgrade to Drupal 7.59.
  • If you are running 8.5.x, upgrade to Drupal 8.5.3.
  • If you are running 8.4.x, upgrade to Drupal 8.4.8. (Drupal 8.4.x is no longer supported and we don't normally provide security releases for unsupported minor releases. However, we are providing this 8.4.x release so that sites can update as quickly as possible. You should update to 8.4.8 immediately, then update to 8.5.3 or the latest secure release as soon as possible.)

If you are unable to update immediately, or if you are running a Drupal distribution that does not yet include this security release, you can attempt to apply the patch below to fix the vulnerability until you are able to update completely:

These patches will only work if your site already has the fix from SA-CORE-2018-002 applied. (If your site does not have that fix, it may already be compromised.)

Reported By: Fixed By: 
Categories: Drupal

Web Wash: Easily Link to Content using Linkit in Drupal 8

25 April 2018 - 8:11am

The Linkit module allow site editors to work in a more comfortable way when linking to internal entities (i.e. content, users, taxonomy terms, files, comments, etc.) and when linking to external content as well.

The benefit of the module is that your editors won’t have to copy and paste URLs of content they're linking to, instead the module provides an autocomplete field, which they can use to search for content.

Linkit works based on a profile system. You can choose as many or as few plugins (linking options) for each profile and then assign each profile to a particular text format. This provides an extra layer of granularity, because the linking permissions are granted in the text editor and not within Linkit. That way you can add multiple roles or just one role to a Linkit profile.

Categories: Drupal

mark.ie: Showing Fields in a Referenced Node Depending on the Value of a Boolean in a Paragraph Bundle

25 April 2018 - 6:18am
Showing Fields in a Referenced Node Depending on the Value of a Boolean in a Paragraph Bundle

Mission: you have 2 fields in a Drupal paragraph bundle, one a node reference field and one a boolean field. Show certain fields in the referenced node depending on the value of the boolean field.

markconroy Wed, 04/25/2018 - 14:18

That's a question that popped up today in the DrupalTwig Slack. Here's my response, which I implemented a version of recently.  (In that particular case, we had an 'Event' content type with fields for 'address', 'phone number', etc and also a reference field for 'Amenity'. If the fields were filled in in the event content type, they were to be presented, but if they were left blank on the event content type, we had to pull in the corresponding fields for address, phone number, etc from the referenced amenity.) Anyway, my response:

{# Check the value of the boolean field #}
{% if paragraph.field_boolean.value === 'on' %}
  {# Just render the title of the referenced node #}
  {{ paragraph.field_reference.0.entity.label }}

{% else %}
  {# Render the title and the image field #}
  {{ paragraph.field_reference.0.entity.label }}
 
{% endif %}

{# Ensure that the cache contexts can bubble up by rendering the {{ content }} variable #}
{{ content|without('field_boolean', 'field_reference') }}

Just for clarity - variables in that code snippet are simply made up off the top of my head (this is what happens when answering questions on Slack). I'm sure I have things slightly wrong and you'll need to play with them to get them to work correctly.

Also, the reason for the cache contexts bit? Say thanks to Lee Rowlands from Previous Next for his blog post Ensuring Drupal 8 Block Cache Tags bubble up to the Page

Categories: Drupal

Specbee: Drupal 8.5.0 - What Is New And What To Expect!

25 April 2018 - 5:56am

The latest version of Drupal was released with a bunch of bug fixes and some amazing new features to help your business grow. Discover what Drupal 8.5.0 means to your business and learn the advantages it holds in Drupal web development.

Categories: Drupal

OSTraining: Integrate Telegram Chat in Your Drupal 8 Site

24 April 2018 - 10:36pm

Telegram is an easy to use free chat application, that is rapidly winning fans all over the world. 

There is a Telegram plugin for WordPress but there is no a Telegram module for Drupal.

In this tutorial, you will learn how to integrate the Telegram app with your Drupal 8 site using a JavaScript from Re:plain.

Categories: Drupal

Evolving Web: Integrating Auth0 with Drupal for Single Sign-On Authentication

24 April 2018 - 6:36pm
Using Auth0 to create a centralized login page for Drupal sites

Drupal’s basic user authentication system is ideal for small and isolated apps. But when users are signing into multiple interactive sites and apps, it makes sense to offer a centralized authentication system to save users from remembering multiple passwords.

These days, social sites have become de facto identity providers. Users expect websites to provide social login and single sign on functionality. In these scenarios, the built-in Drupal authentication system is very limited.

Introducing Auth0: authentication and authorization as a service

There are several ways of enabling single sign-on and social logins on Drupal websites. In this article, we’ll introduce Auth0 and explain how to use it to create a cool, centralized login page like the one shown below.

Auth0 provides authentication and authorization as a service. It includes various methods to authenticate, such as username/password, social accounts, SAML and OTP. It can also connect on-premise identity databases. The authentication mechanism is device-agnostic, so it works consistently across various devices.

Auth0 implements OAuth 2.0 — an open standard for authentication that can be used between applications and websites. It also implements other standards that can be used for authentication, including SAML and OpenID Connect.

Here are some of the ways you can integrate Auth0 with Drupal

  • As a single sign-on across multiple Drupal apps, where Auth0 acts as a central store for credentials

  • To allow users to log into Drupal using existing credentials from systems such as LDAP, Google Suite, or Office 365

  • To integrate social logins such as Google and Facebook

How to implement Auth0

In the steps below, you’ll learn how to set up Auth0 on a Drupal site for a typical use case. It will enable users to log into your Drupal site using their social media accounts. They'll also be able to create an account if they don't already have one.

There are two Auth0 modules you can choose from:

  • Auth0 module on GitHub: is the official module. It has more features but doesn't follow all of Drupal coding standards.

  • Auth0 module on Drupal.org is a fork of the official module on drupal.org. It follows coding standards, but lacks some functionality, as many changes have not been merged from the aforementioned GitHub repository.

When we integrated Auth0 on a client’s site a few months ago, we spent a good amount of time analyzing these two modules.

Only some basic features were required, all of which were available in the Drupal.org module. We therefore opted for cleaner code over the additional features.

In fact, both modules contained errors that we needed to fix. The generic patches that resulted from this process were submitted to both repositories. These patches were recently merged; there is some collaboration underway to sync changes between the two repositories. In the future, this will save users the extra step of choosing a module.

Create an Auth0 Application

Here is the basic configuration to get started with Auth0 for Drupal.

Note that it’s very important that the callback you use in this configuration is HTTPS. You should always use HTTPS in production (or even during development if sensitive user accounts are being used).

  1. Create an Auth0 account and log into the Auth0 Dashboard.

  2. Create a new application and select Type as "Regular Web Applications".

  3. In the Settings tab, do the following:

    1. Add https://example.com/auth0/callback to the Allowed callback URLs section. Make sure you replace example.com with the domain name of your site. You can also add local URLs.

    2. Add https://example.com/user/logout to the allowed logout URLs section.

    3. Add https://example.com to the Allowed Origins (CORS) section to allow the origins that will be able to make requests.

  1. Proceed to the next step and select PHP for "What technology are you using for your web app?"

  2. Go to Connections > Social and enable the social logins that you want to use (these links are located in left sidebar of the Auth0 Dashboard)

You are now done with the basic setup! Users can now create accounts, or log in using their credentials from the providers that you enabled in the previous step.

Optional Configuration

Additionally, Auth0 provides many features for building advanced authentication mechanisms, and it can determine how data is stored and passed to applications.

For example, Auth0 enables you to:

  • Use add-ons to generate access tokens for systems such as Salesforce, Azure Service Bus and SAP.

  • Configure social connections for authentication.

  • Implement username and password authentication to have an Auth0 DB or your own DB connected to store authentication information.

  • Use passwordless authentication to send a login link to email or OTPs to mobile.

  • Use multi-factor authentication.

  • Customize data shared with apps, but using simple JavaScript based rules.

Configure Auth0 in Drupal

Next, you'll need to configure Drupal to connect to the Auth0 Client we created:

  1. Go to the Auth0 configuration page (admin/config/auth0) in your Drupal site’s admin area.

  2. Add the Auth0 Credentials Client ID, Domain and Client Secret. This information is in the Auth0 dashboard.

  3. Make sure you select RS256 as the "JWT signature algorithm". This is the default algorithm configured in the Auth0 Client.

Advanced Setup

Depending on how you want users to log in, you can use the Auth0 hosted login page or embed a widget in the Drupal login page/block:

  • Select Redirect login for SSO to use an Auth0 hosted login page. We recommend this option because it’s more secure. It is ideal if you have multiple web applications using the same authentication information — users will be logged in automatically without having to provide their credentials each time. If you want more control over how the widget looks using the hosted login approach, you can customize the look in the "Hosted Pages" section in the Auth0 Dashboard.

  • Select Redirect login for SSO to embed a widget in the login page and block. This makes more sense for an isolated app.

Similarly you can select other options, such as: allowing users to signup via Auth0, or requiring users to verify their email addresses before they can log in.

Next Steps

Now that you have done the basic Auth0 setup, it’s time to learn more about what Auth0 can bring to your Drupal site and explore how you can extend Auth0 functionality:

  • Read the Auth0 official documentation pages.

  • Extend the Auth0 module’s functionality by subscribing to various events, such as Auth0UserSigninEvent and Auth0UserSignupEvent.

We’d love to hear about new ways you’ve found to implement Auth0 to streamline authentication. Leave us a comment to share your questions, experiences and use cases.

+ more awesome articles by Evolving Web
Categories: Drupal

Mike Crittenden: Drupal 8 Cache API examples cheat sheet

24 April 2018 - 5:00pm

Here are some random useful snippets for dealing with caches in Drupal 8, just because I keep having to dig them up from the API.

I'll try to add more here as I go.

Set an expiring cache item \Drupal::cache()->set('cache_key', 'cache_data', $expiration_timestamp); Set a permanent cache item \Drupal::cache()->set('cache_key', 'cache_data', CacheBackendInterface::CACHE_PERMANENT); Set a permanent cache item with tags \Drupal::cache()->set('cache_key', 'cache_data', CacheBackendInterface::CACHE_PERMANENT, array('tag_one', 'second_tag')); Fetch an item from the cache $cache = \Drupal::cache()->get('cache_key'); if (!empty($cache->data) { // Do something with $cache->data here. }

(Note that in Drupal 8 you don't have to manually check to make sure the cache isn't expired, thanks to this issue)

Invalidate a cache item \Drupal::cache()->invalidate('cache_key'); Invalidate multiple cache items \Drupal::cache()->invalidateMultiple($array_of_cache_ids); Invalidate specific cache tags

This one allows you to pass in an array of cache tags to invalidate manually.

use Drupal\Core\Cache\Cache; Cache::invalidateTags(['config:block.block.YOURBLOCKID', 'config:YOURMODULE.YOURCONFIG', 'node:YOURNID']);

Note that the invalidation functions also exist for deleting caches, by just replacing invalidate with delete.

Flush the entire site cache

This one is still the same as Drupal 7.

drupal_flush_all_caches();

The end!

Categories: Drupal

Sooper Drupal Themes: Drupal 8 Menu Tutorial And How To Create Dropdown Menus | 8 Days To Drupal 8 | Day 8

24 April 2018 - 1:49pm

We're counting down the days to the official SooperThemes Drupal 8 Release! Count with us as we will be writing a Drupal 8 related blog post every day for the next 8 days.

Drupal 8 menus, menu links, and dropdown menus video tutorial

view on sooperthemes.com if you can't see the video

A well designed menu is a menu that works great on all devices and gets your users where they need to go with minimal effort. We'll first get into the basics of creating and placing menu links in Drupal 8 and then cover the topic of dropdown menus. 

Managing Menu Links In Drupal 8

Menus are part of the structure of your Drupal website and you manage them by clicking Structure and then Menus. Here you find a listing of menus installed on your website. The most important item in the list is the Main Navigation. There may be other menus in your website, but there is one menu that is more important than all others because it links to your most important pages and is placed at the top of your page. 

At the far right in the Menus administration page click the "edit links" item in the Main Navigation row. This will take you to an overview of the links in your main menu. If you just installed the Drupal 8 default installation profile this menu will only contain the Home link. If you installed one of the Glazed Theme demos the main menu will contain a number of links already

Drupal 8 Links Administration

Adding New Menu Links In Drupal 8

Once you are at the Main Navigation administration form (Structure > Menus > Main Navigation/edit menu) you see an overview of the links that are already in your main menu. Here you can add, edit, and delete links. You can also change the order of links by dragging the move icon at the left hand side of the table.

To add a new link click the "+ Add link" button at the top of the table. For the menu link title fill in the link text that you want to appear in your main menu. In the link field you can add an internal path, or an external URL. With the weight option in the end of the form you can tell Drupal to place new menu items to the front or the back of the menu. For example you can add a weight of 10 to you Contact link because you typically want that link to appear in the end of the menu.

The other optionsnot important now and they'll be covered in the next section when we talke about dropdown menus. 

Drupal 8 Creating A New Link

Creating A Dropdown Menu

Dropdown menus are a popular solution when you want site visitors to be able to reach a large number of pages in a single click. One such situation is in the main demo website of our Glazed Theme and Glazed Builder products. We know people want to explore the elements and features that are offered to we organize close to a 100 menu items all in the main navigation.

There are generally 2 different paths to get a dropdown menu in your Drupal website: From your theme or from a module. If you use our Glazed Theme you have a dropdown menu system built into the theme. If you use a theme that doesn't support dropdown menus (like Drupal's default theme) and you don't want to code it yourself, you can rely on a module like SuperFish.

Drupal 8 Glazed Main Demo Dropdown Menu

Dropdown Menus Included In Glazed Theme

The menu system in Glazed theme is one of the biggest selling points of the theme because it's a beautiful, user-friendly menu that works perfectly with Drupal's native menu administration. With the flick of a switch you can have a horizontal menu or a vertical menu. It supports multi-level menus by automatically creating a megamenu for large devices and collapsing into a beautiful vertical menu on small devices. The menu's design is customizable in the Glazed Theme Settings system.

To create a dropdown menu on your Glazed Theme website, or when using any theme that has support for dropdown menus built in we're only have to edit our Main Navigation menu links to have parent and child links. By parent links we mean the menu links that are in show navigation bar and the child links are the links that are contained in a dropdown box that appears only when we hover a parent link. One little quirck in Drupal is that you have to remember to enable the Expanded checkbox on every parent link for your dropdowns to work. Check out the video above to see how we build the menu structure.

Dropdown Menus With The SuperFish Drupal 8 Module

If your theme doesn't support dropdown menus natively you can add the SuperFish module to your Drupal website. You might also use this module if it has some features or design elements that you prefer over the system built into your theme. 

The SuperFish module also relies on the menus created in Drupal's native menu administration pages, and you'll also be creating a menu structure with parent and child links. Check out the video above to see how the structure is made.

Once you have the menu structure set up you can download the SuperFish module and follow the instructions on their project page to install it. Next you will go to the blocks administration page to remove the Main Navigation block to then replace it with the SuperFish Main Navigation block. This is a new block the is generated by the SuperFish module. Once you place this block you can view your homepage and the dropdown menu should be working. As was the case in our demo that we did in our video above you may have to do some theming to style the menu.

Categories: Drupal

OPTASY: How to Migrate Content to Drupal 8 Using the Migrate Module: No Line of PHP Needed!

24 April 2018 - 9:42am
How to Migrate Content to Drupal 8 Using the Migrate Module: No Line of PHP Needed! radu.simileanu Tue, 04/24/2018 - 16:42

Whether you're "constrained" to migrate content to Drupal 8 or you're just eager to jump on the Drupal 8 bandwagon and harness all its much-talked-about advanced features, the most important “warning/advice” to keep in mind is:

Don't migrate mindlessly!

Meaning that before you even get to the point of:
 

  • triggering the Migrate module's capabilities and adjusting them to your migration project's needs and requirements
  • selecting and combining all the needed contrib modules
  • writing down your YAML files for carrying out your content migration process
     

You'll need to think through every little aspect  involved in /impacted by this process:
 

Categories: Drupal

Drupal blog: State of Drupal presentation (April 2018)

24 April 2018 - 9:11am

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.

© Yes Moon

Last week, I shared my State of Drupal presentation at Drupalcon Nashville. In addition to sharing my slides, I wanted to provide more information on how you can participate in the various initiatives presented in my keynote, such as growing Drupal adoption or evolving our community values and principles.

Drupal 8 update

During the first portion of my presentation, I provided an overview of Drupal 8 updates. Last month, the Drupal community celebrated an important milestone with the successful release of Drupal 8.5, which ships with improved features for content creators, site builders, and developers.

Drupal 8 continues to gain momentum, as the number of Drupal 8 sites has grown 51 percent year-over-year:

This graph depicts the number of Drupal 8 sites built since April 2015. Last year there were 159,000 sites and this year there are 241,000 sites, representing a 51% increase year-over-year.

Drupal 8's module ecosystem is also maturing quickly, as 81 percent more Drupal 8 modules have become stable in the past year:

This graph depicts the number of modules now stable since January 2016. This time last year there were 1,028 stable projects and this year there are 1,860 stable projects, representing an 81% increase year-over-year.

As you can see from the Drupal 8 roadmap, improving the ease of use for content creators remains our top priority:

This roadmap depicts Drupal 8.5, 8.6, and 8.7+, along with a column for "wishlist" items that are not yet formally slotted. The contents of this roadmap can be found at https://www.drupal.org/core/roadmap.

Four ways to grow Drupal adoption

Drupal 8 was released at the end of 2015, which means our community has had over two years of real-world experience with Drupal 8. It was time to take a step back and assess additional growth initiatives based on what we have learned so far.

In an effort to better understand the biggest hurdles facing Drupal adoption, we interviewed over 150 individuals around the world that hold different roles within the community. We talked to Drupal front-end and back-end developers, contributors, trainers, agency owners, vendors that sell Drupal to customers, end users, and more. Based on their feedback, we established four goals to help accelerate Drupal adoption.

Goal 1: Improve the technical evaluation process

Matthew Grasmick recently completed an exercise in which he assessed the technical evaluator experience of four different PHP frameworks, and discovered that Drupal required the most steps to install. Having a good technical evaluator experience is critical, as it has a direct impact on adoption rates.

To improve the Drupal evaluation process, we've proposed the following initiatives:

Initiative Issue link Stakeholders Initiative coordinator Status Better discovery experience on Drupal.org Drupal.org roadmap Drupal Association hestenet Under active development Better "getting started" documentation #2956879 Documentation Working Group grasmash In planning More modern administration experience #2957457 Core contributors ckrina and yoroy Under active development

To become involved with one of these initiatives, click on its "Issue link" in the table above. This will take you to Drupal.org, where you can contribute by sharing your ideas or lending your expertise to move an initiative forward.

Goal 2: Improve the content creator experience

Throughout the interview process, it became clear that ease of use is a feature now expected of all technology. For Drupal, this means improving the content creator experience through a modern administration user interface, drag-and-drop media management and page building, and improved site preview functionality.

The good news is that all of these features are already under development through the Media, Workflow, Layout and JavaScript Modernization initiatives.

Most of these initiative teams meet weekly on Drupal Slack (see the meetings calendar), which gives community members an opportunity to meet team members, receive information on current goals and priorities, and volunteer to contribute code, testing, design, communications, and more.

Goal 3: Improve the site builder experience

Our research also showed that to improve the site builder experience, we should focus on improving the three following areas:

  • The configuration management capabilities in core need to support more common use cases out-of-the-box.
  • Composer and Drupal core should be better integrated to empower site builders to manage dependencies and keep Drupal sites up-to-date.
  • We should provide a longer grace period between required core updates so development teams have more time to prepare, test, and upgrade their Drupal sites after each new minor Drupal release.

We plan to make all of these aspects easier for site builders through the following initiatives:

Initiative Issue link Stakeholders Initiative coordinator Status Composer & Core #2958021 Core contributors + Drupal Association Coordinator needed! Proposed Config Management 2.0 #2957423 Core contributors Coordinator needed! Proposed Security LTS 2909665 Core committers + Drupal Security Team + Drupal Association Core committers and Security team Proposed, under discussion Goal 4: Promote Drupal to non-technical decision makers

The fourth initiative is unique as it will help our community to better communicate the value of Drupal to the non-technical decision makers. Today, marketing executives and content creators often influence the decision behind what CMS an organization will use. However, many of these individuals are not familiar with Drupal or are discouraged by the misconception that Drupal is primarily for developers.

With these challenges in mind, the Drupal Association has launched the Promote Drupal Initiative. This initiative will include building stronger marketing and branding, demos, events, and public relations resources that digital agencies and local associations can use to promote Drupal. The Drupal Association has set a goal of fundraising $100,000 to support this initiative, including the hiring of a marketing coordinator.

Megan Sanicki and her team have already raised $54,000 from over 30 agencies and 5 individual sponsors in only 4 days. Clearly this initiative resonates with Drupal agencies. Please consider how you or your organization can contribute.

Fostering community with values and principles

This year at DrupalCon Nashville, over 3,000 people traveled to the Music City to collaborate, learn, and connect with one another. It's at events like DrupalCon where the impact of our community becomes tangible for many. It also serves as an important reminder that while Drupal has grown a great deal since the early days, the work needed to scale our community is never done.

Prompted by feedback from our community, I have spent the past five months trying to better establish the Drupal community's principles and values. I have shared an "alpha" version of Drupal's values and principles at https://www.drupal.org/about/values-and-principles. As a next step, I will be drafting a charter for a new working group that will be responsible for maintaining and improving our values and principles. In the meantime, I invite every community member to provide feedback in the issue queue of the Drupal governance project.

An overview of Drupal's values with supporting principles.

I believe that taking time to highlight community members that exemplify each principle can make the proposed framework more accessible. That is why it was very meaningful for me to spotlight three Drupal community members that demonstrate these principles.

Principle 1: Optimize for Impact - Rebecca Pilcher

Rebecca shares a remarkable story about Drupal's impact on her Type 1 diabetes diagnosis:

Principle 5: Everyone has something to contribute - Mike Lamb

Mike explains why Pfizer contributes millions to Drupal:

Principle 6: Choose to Lead - Mark Conroy

Mark tells the story of his own Drupal journey, and how his experience inspired him to help other community members:

Watch the keynote or download my slides

In addition to the community spotlights, you can also watch a recording of my keynote (starting at 19:25), or you can download a copy of my slides (164 MB).

Categories: Drupal

Drupal blog: Defining Drupal's values and principles

24 April 2018 - 8:25am

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.

Since its founding, Drupal has grown a great deal, and today there are thousands of contributors and organizations that make up our community. Over the course of seventeen years, we have spent a great amount of time and effort scaling our community. As a result, Drupal has evolved into one of the largest open source projects in the world.

Today, the Drupal project serves as a role model to many other open source projects; from our governance and funding models, to how we work together globally with thousands of contributors, to our 3,000+ person conferences. However, the work required to scale our community is a continuous process.

Prompted by feedback from the Drupal community, scaling Drupal will be a key focus for me throughout 2018. I have heard a lot of great ideas about how we can scale our community, in addition to improving how we all work together. Today, I wanted to start by better establishing Drupal's values and principles, as it is at the core of everything we do.

Remarkably, after all these years, our values (what guides these behaviors) and our principles (our most important behaviors) are still primarily communicated through word of mouth.

In recent years, various market trends and challenging community events have inspired a variety of changes in the Drupal community. It's in times like these that we need to rely on our values and principles the most. However, that is very difficult to do when our values and principles aren't properly documented.

Over the course of the last five months, I have tried to capture our fundamental values and principles. Based on more than seventeen years of leading and growing the Drupal project, I tried to articulate what I know are "fundamental truths": the culture and behaviors members of our community uphold, how we optimize technical and non-technical decision making, and the attributes shared by successful contributors and leaders in the Drupal project.

Capturing our values and principles as accurately as I could was challenging work. I spent many hours writing, rewriting, and discarding them, and I consulted numerous people in the process. After a lot of consideration, I ended up with five value statements, supported by eleven detailed principles.

I shared both the values and the principles on Drupal.org as version 1.0-alpha (archived PDF). I labeled it alpha, because the principles and values aren't necessarily complete. While I have strong conviction in each of the Drupal principles and corresponding values, some of our values and principles are hard to capture in words, and by no means will I have described them perfectly. However, I arrived at a point where I wanted to share what I have drafted, open it up to the community for feedback, and move the draft forward more collaboratively.

An overview of Drupal's values with supporting principles.

While this may be the first time I've tried to articulate our values and principles in one document, many of these principles have guided the project for a very long time. If communicated well, these principles and values should inspire us to be our best selves, enable us to make good decisions fast, and guide us to work as one unified community.

I also believe this document is an important starting point and framework to help address additional (and potentially unidentified) needs. For example, some have asked for clearer principles about what behavior will and will not be tolerated in addition to defining community values surrounding justice and equity. I hope that this document lays the groundwork for that.

Throughout the writing process, I consulted the work of the Community Governance Group and the feedback that was collected in discussions with the community last fall. The 1.0-alpha version was also reviewed by the following people: Tiffany Farriss, George DeMet, Megan Sanicki, Adam Goodman, Gigi Anderson, Mark Winberry, Angie Byron, ASH Heath, Steve Francia, Rachel Lawson, Helena McCabe, Adam Bergstein, Paul Johnson, Michael Anello, Donna Benjamin, Neil Drumm, Fatima Khalid, Sally Young, Daniel Wehner and Ryan Szrama. I'd like to thank everyone for their input.

As a next step, I invite you to provide feedback. The best way to provide feedback is in the issue queue of the Drupal governance project, but there will also be opportunities to provide feedback at upcoming Drupal events, including DrupalCon Nashville.

Categories: Drupal

aleksip.net: How popular is decoupled Drupal?

24 April 2018 - 7:59am
Decoupled Drupal has been an increasingly visible topic at Drupal events and on the web for several years now. But what is the percentage of decoupled Drupal sites out of all Drupal sites?
Categories: Drupal

groups.drupal.org frontpage posts: Have your say in where Drupal 8 is going by participating in key initiatives

24 April 2018 - 7:26am

Maybe you have seen Dries Buytaert's DrupalCon keynote and are looking forward to all the goodies coming in future Drupal 8 versions. The truth is none of those things will happen without people who want to make them happen to solve their own challenges with implementing and showcasing Drupal solutions. Are you implementing decoupled solutions and have issues you are working on? In the middle of building up a suite of integrated media solutions? These core team meetings are ideal to bring in these issues and discuss solutions and to be part of shaping up where Drupal 8 is heading. Read on for details.

  1. There is a weekly meeting on all API first work (REST, Waterwheel, JSON API, GraphQL) every Monday 2pm UTC on Google Hangouts. A link to the current hangout is posted 5 minutes before the meeting in the #drupal-wscci IRC channel.
  2. The Out of the box/demo team also meets every Monday at 3pm UTC on Google Hangouts.
  3. The Javascript office hours are held weekly in https://drupal.slack.com/archives/javascript every Monday at 4:30pm UTC. Get an invite at http://drupalslack.herokuapp.com/.
  4. The Panels ecosystem meeting is on every Tuesday at 5pm UTC in the #drupal-scotch IRC channel.
  5. The usability meeting is every week at 7:30pm UTC on Tuesday at https://drupal.slack.com/archives/ux, get an invite at http://drupalslack.herokuapp.com/
  6. There is a media meeting every Wednesday at 2pm UTC, join at https://drupal.slack.com/archives/media, get an invite at http://drupalslack.herokuapp.com/.
  7. Wanna help with migrate? The team either meets in Google Hangouts or the #drupal-migrate IRC channel. (Discussed at the start of the meeting based on lead availability in IRC). Meetings are on Thursdays 9pm UTC and 2pm UTC on a weekly alternating basis.

Below is the calendar of all the meetings, subscribe to the Ical feed at https://calendar.google.com/calendar/ical/happypunch.com_eq0e09s0kvcs7v5...

Categories: Drupal

Pages