Drupal Planet

OpenSense Labs: Addressing Drupal 8 Migration Challenges

8 godzin 35 minutes ago
Addressing Drupal 8 Migration Challenges Shankar Tue, 08/21/2018 - 17:18

The term ‘Migration’ accompanies itself with manifold thoughts into a person’s mind. A politics aficionado may talk about refugees who have migrated to another country for a new lease of life. On the flip side, a bird watcher would be keenly keeping track of migratory birds. In this digital age, a business analyst may think of challenges that come with the upgrade of the Drupal-powered website to a newer version.

Drupal.org website is powered by Drupal 7 and has not been upgraded to Drupal 8 yet! So, what’s the challenge?


For a website to be a high performing space, it is imperative to upgrade to the stable release of the content management system like Drupal. With Drupal 6 already having reached its End of Life in 2016, Drupal 7 and Drupal 8 have been the go-to versions for businesses. 

Drupal 8 would be supported by the community at large for a long time to come even after the Drupal 7 is no longer a community supported release on Drupal.org.

Therefore, upgrading to Drupal 8 would be a significantly important business decision with future in mind. But the trials and tribulations for a website in production have to be pondered over while migrating from Drupal 6 or Drupal 7 to Drupal 8.

What should you know before migrating to Drupal 8?

Ever since Drupal 8 was launched, it has been a commendable CMS with stupendous flexibility, enhanced scalability, and accentuated web performance. This has been the driving factor for the businesses wanting to migrate to this improved version of Drupal. Being built around newer technologies like Symfony and Twig, migration process from Drupal 6 or Drupal 7 to Drupal 8 can be attained successfully.

Upgrading to Drupal 8 would be a significantly important business decision with future in mind. Source: Mobomo

Migration process is not a pushover with issues surrounding data migration and module shifts. It is, therefore, a good approach to be better prepared beforehand to reduce any sort of trouble later on after migration.

Complete theme revamping

After the migration, the site is going to look a lot more different in Drupal 8 than what it originally looked like in Drupal 6 and Drupal 7. This is because the themes and templates that are used in the older version are completely different. So, migration would lead to enormous amount of rework on themes.

Information architecture advancement

The efficacy in building more future-focussed applications would be facilitated by the move to migrate to an advanced architecture. It may seem like an astronomical task in the beginning but it is the perfect way for you to assess your existing information architecture. 

Updating the information architecture would not mean that the older version goes obsolete. Instead, it would spell the duplication of your older version into Drupal 8 and performing the fixes based on the new needs. For instance, it allows you to analyse the fields and modules that may not be in use for a while and improve the ones not performing well or even remove them completely.

More emphasis on native OOPS feature of PHP

Object-Oriented Programming (OOPS) concept has also been an integral part of Drupal integrated with the design system. Drupal 8 promotes OOPS features by putting more focus on its importance. Modules, themes, nodes and users are some of the Drupal components that fit the description of an ‘object’.

Increased focus on Drupal 8 core and mobile-first approach

Unlike contributed modules in Drupal 7, core functionalities have been emphasised in Drupal 8. Also, the user interface and the user experience in Drupal 8 are designed to meet mobile user’s needs for maintaining the mobile-friendliness.

Major Issues while upgrading from Drupal 6 or Drupal 7 to Drupal 8

Migrate, Drupal module, comes with the Drupal 8 core which gives a flexible framework for migrating content. But there are certain issues that creep in during migration that needs to be managed.

The trials and tribulations for a website in production has to be pondered over while migrating from Drupal 6 or Drupal 7 to Drupal 8.


What are the major hurdles that have to be taken care of during migration? The primary considerations that have to be handled are listed below:

1. SEO migration

Site migration can lead to a temporary loss of traffic as the search engines would need time to update its index accordingly. Thus, even if some SEO tags or URLs are missing after migration, it can lead to negative impact on website’s SEO rankings. 

2. Content migration

Challenges may be faced during content migration. For instance, duplication of content might happen or you might notice some missing content. Moreover, in case, content is using some of the fields created using custom modules, field type will have to be created so that migration is successful.

3. View

One of the major issues that transpires while migrating is the unsuccessful translation of a Drupal core module called Views. It requires an upgrade path for any views that are defined in a Drupal 6 or 7 site and you need to manually create views in Drupal 8 after migration.

Views are entity-based in Drupal 8 and have an entirely different architecture. Most of the functionalities are same but there have been major improvements done related to cache and security.

4. Custom module

Custom modules would have to be rebuilt post migration.  Modules in Drupal 6 and Drupal 7 were based on APIs, hook and helper function provided by Drupal core but in Drupal 8 all the modules are based on Symfony. Most of the hooks and helper functions have been replaced with services and development is mostly based on OOPS principles. There isn’t any sort of backward compatibility in modules and that is why they have to be rebuilt in Drupal 8.

5. Contributed modules

In case, contributed modules provide an upgrade path, data stored by Drupal 7 version of that module is also migrated to Drupal 8. If the Drupal 8 port is not available, then a functionality has to be built or the module has to be ported to Drupal 8.

6. Themes

PHPTemplate has been replaced by Twig as the default templating engine in Drupal 8. So, themes would have to be rewritten after migration.

All the PHPTemplate files have to be replaced with the Twig files which means that developers can no longer write custom PHP code in templating files. Preprocess have to be written to modify the rendered output.

7. Node translation

Challenges can be faced during migration of a multilingual site to Drupal 8. Translations in Drupal 8 are stored in completely different way than in Drupal 7 and Drupal 6. Even the Drupal community is working actively on resolving issues in translation migration. To be on the safer side, one should be ready to migrate translation manually or add content again.

8. Specific websites factor

There will be issues with specific websites whose underlying built is not available for Drupal 8. For instance, ecommerce websites that are built on Drupal distribution Commerce Kickstart, which is not on Drupal 8, won’t be able to upgrade. On the contrary, a social intranet developed using Drupal distribution Open Social, which is available on Drupal 8, will be able to upgrade.

This is how we check Drupal 7 to Drupal 8 compatibility!
We have designed a Drupal 7 to Drupal 8 estimation tool that minimises manual audit effort to a great extent. All you need to do is to install our module called Drupal 8 upgrade estimate and get a quick report to better understand what you want.

Technical Issues

There are some more technical issues that are specific to Drupal 6 to Drupal 8 migration and Drupal 7 to Drupal 8 migration. What are they?

Migrating from Drupal 6 to Drupal 8
  • Aggregator categories would not be required to be migrated.
  • Changing the variable "filter_allowed_protocols" would require entering it into services.yml file.
  • Taxonomy term reference field settings have to be manually edited
  • Fields may not be visible on the edit form and the node view after the migration.
  • A web page may only load a few times which will seem like a broken theme
  • The menu_primary_links_source and menu_secondary_links_source variables are not migrated.
  • New modules and themes in addition to admin theme (if there is one set) must be enabled before proceeding with the migration.
  • Revisions of translated nodes are still not migrated.
  • Fields grouped by the Profile module in Drupal 6 won’t be grouped in Drupal 8.
  • The combination of selected user values and the current allowed values will comprise the “allowed values” setting of the resulting field in Drupal 8.
  • Drupal 8 core does not support PHP filter
  • A date could be interpreted differently due to time zones issue
  • URL aliases won’t work until language on new Drupal 8 site is enabled
Migrating from Drupal 7 to Drupal 8
  • Taxonomy term reference field settings have to be manually edited.
  • Migration of id column from Drupal 7’s ban_ip not successful
  • Issues with comment types can be seen.
  • Drupal 8 core does not support PHP filter
  • Issues with plain text fields can be observed
Case Studies

An actual Drupal upgrade case study would depict the challenges occurred and the measures taken to tackle them.

Drupal 6 to Drupal 8

The Anxiety and Depression Association of America (ADAA) is an international non-profit organisation. Their website was built on Drupal 6 which was in dire need of an upgrade.

The ADAA organisation wanted to incorporate a rich and modern user experience, better security and a brand image modernisation. So, in 2015, they opted for a brave decision as to choose Drupal 8, which was on the cusp of its official release, over Drupal 7.


The efficaciousness of Drupal

Drupal 8 was selected for its extensive support towards accessibility standards. It was more suited to meet their intricate requirements in comparison to other content management systems like WordPress and Joomla.

Project challenges and countermeasures

After the migration was performed, the new website encountered two issues for the word-go. First and foremost, the cornucopia of legacy content that was required to be imported and re-cast in the new, restructured format was a herculean task. 

Although the existing import module at the time worked for most of the content that it supported, some key areas created issues while manipulating media files. Thus, the module was extended with custom methods that allowed to enable the export process to be performed with an absolute efficacy.

Secondly, delivering an administrative interface, that could enable structured content to be edited logically, was a formidable task. This led to significant investment in new tools and difficulties in adapting to the new Drupal 8 framework. The hurdle was overcome successfully and new modern features could be delivered rapidly and effectively.

Drupal 7 to Drupal 8

SUNY Oneonta, member of the State University of New York, had public-facing site which was operated on the base of a Drupal 7 installation. The site did not adhere to best practices or standards in coding, theming or the architecture.

Interruptions in the services, downtimes, and the difficulties while migrating key pages into the responsive Drupal environment proved troublesome in the college’s recruitment efforts.


Taking a plunge into Drupal

Previous website neither had a stable environment nor addressed the underlying architectural drawbacks. Being Drupal savvy, SUNY Oneonta were eager to migrate from their existing setup in Drupal 7 to Drupal 8.

Project objectives

The most important objective was to revamp their public-facing website and leverage the capabilities of Drupal 8.

  • Retain the existing Drupal 7 website design and upgrade to a functional responsive design
  • Retain most of the Drupal 7 navigation structure
  • Ensure that there is very less or no downtime in addition to flexibility for future enhancements
  • Betterments in the workflow, underlying architecture, user experience, translatability and accessibility
  • Launch the website at the stipulated time frame of 5 months

Project outcome

The results were staggering with faster performing site, on-point informative content and much better search results. In addition to this,

  • Adhered to the project budget with the retention of current brand and general site design.
  • Reduction in the count of content types from 21 to 10 in addition to the number of nodes from 3000 to less than 1100.
  • Usage of views and other such standard Drupal implementation methods for the listicles involving items and featured content.
  • Reduction in the redundancy of template file functionality
  • Enhanced flexibility for permitting future alterations to the website content and structure.
  • Test content and some published content purged
  • Site was built on the basis of accessibility standards set by Federal Section 508 Standards and New York State Policy NYS-P08- 005 in addition to being fully responsive across screens.
How will the upgrade from Drupal 8 to Drupal 9 happen?

Drupal community is working on the upgrade from Drupal 8 to Drupal 9. How will that transpire exactly? Old systems will be deprecated instead of being removed by encouraging the module maintainers to update to the new systems. That is, the modules and custom code will stay in working condition. More innovation will lead to more deprecated code in Drupal 8.

Over time, maintenance of backwards compatibility would become more intricate. Thus, point will be reached when too much of deprecated code is there in Drupal 8. At that time, deprecated systems will be removed and released as Drupal 9.

So, Drupal 9.0 should be almost similar to the last release of Drupal 8 excluding the deprecated code. Upgrading from Drupal’s latest version to Drupal 9.0.0 should be as streamlined as the upgrading of minor versions of Drupal 8 (eg. Drupal 8.5 to Drupal 8.6). Therefore, Drupal 9 offers a clean slate to innovate more swiftly.

Conclusion

Upscaling the digital business involves continuous improvement of online presence. One of the significant business decisions comes with the upgrading of website from the existing content management platform to its latest and improved version.

Drupal 6 or Drupal 7 to Drupal 8 migration is a worthy choice. Nonetheless it is challenging and involves migration issues that would require a lot of developmental effort. Businesses looking for a great future can benefit a lot by this brave decision which may look troublesome at the start but is essentially meritorious.

We provide upgrade assistance and help in understanding whether or not to migrate a business site to Drupal 8 or not. Contact at hello@opensenselabs.com to migrate to Drupal 8.

blog banner blog image Drupal migration Drupal Drupal 8 Drupal 9 Drupal 7 Drupal 7 to 8 Drupal 6 Drupal 6 to 8 SEO Migration Content migration Drupal Upgrade Drupal Migrate Drupal upgrade estimation Drupal module Drupal theme Blog Type Articles Is it a good read ? On

OPTASY: Drupal Project Management: Specific Challenges and Approaches

9 godzin 29 minutes ago
Drupal Project Management: Specific Challenges and Approaches admin Tue, 08/21/2018 - 10:54

Let me guess: you're a Drupal developer (temporarily) turned into a... Drupal project manager! Or maybe a PM new to Drupal, facing the challenge of your first Drupal project management assignment?

Have I guessed it?

Now the questions roaming in your head right now must be:
 

Affinity Bridge: Pros and Cons of Docker

1 dzień 4 godziny ago
Pros and Cons of Docker 08/20/2018 - 09:00 Docker planet drupal Mark

Docker is gaining traction in the software development industry at such a phenomenal rate that more and more teams are adopting it into their processes. Keeping everyone on the same page with technology stacks has become increasingly difficult as the technology itself becomes more complex. There are countless technical articles on Medium extolling the virtues of Docker and how it can help mitigate these types of problems. Now that I have been using Docker as a local development environment for over a year, I’d like to talk about the pros and cons of making the switch.

  Pros

Docker on Mac and Windows are better than ever.

Docker is getting more and more mature by the day, especially as more developers are turning to it for the development and production environments. Docker for Mac and Docker for Windows reduces much of the complexity of leveraging Docker on non-Linux environments through abstraction. It now works as simply as any other application in your environment -- install it in the same fashion as your other tools like your text editor and browser -- and you are off to the races.

 

Docker gives you consistency across your team.

Another aspect of Docker that I love is the reliability that you have the same setup as your team. This is great for a couple reasons: there is so much value in being able to run with the assumption that your entire team is using the same setup, and it enables you to run scripts and processes that will empower your entire development team to perform common operations with a simple command.

 

Docker eases the pain of debugging environments.

Our processes used to consist of having to track down pages and pages of documentation, only to find that this documentation is out of date and needs to be updated, so where do I end up? Spending days pouring over posts on Stack Overflow trying to find out how to update the services I’ve been using on my machine, which are probably different than everyone else’s on my team. So each developer needs to do that exploration independently because each solution will be slightly different. With Docker, you can easily isolate and eliminate environment issues across your team without needing to know how someone’s machine is setup.

 

Interesting avenues of automation open up with Docker.

As someone who is fascinated with automation, I’ve always tried to find shortcuts to doing the boring, repetitive jobs that take too much time to do manually. Have to update the database on the development server? Ok, great, you just need to look up the password for the development server (which could be any of 4 different places, depending on the project) and once that’s done, you realize you also don’t have the password for the live or staging environment, so you have to wait 3 days for the call from the IT firm that manages that server to give you credentials. With a Docker infrastructure, you can easily transfer the environment (with some small utility changes) to the CI system of choice. Most of the prominent CI solutions available today integrate well with Docker.

 

Docker speeds up the provisioning process.

You can avoid wild goose chases by providing all you need from within the docker container, potentially using a set of shared ssh keys, or requiring users to use personal keys on an identity service (best case scenario, but impractical for some teams).

 

Docker for Mac and Windows is more stable than ever before.

Even with its rapid development cycle, the team working on Docker for Mac have done an exceptional job keeping the platform as stable as possible. This is important because the app auto-updates. Despite the fact that I am on the Edge version of the platform (which seems to update weekly), I have only had one issue that caused me to have to rollback. I ended up losing a day of development time to this bug, but after I found a way to rollback gracefully, the following day there was a bugfix released to remedy the issue. Despite this one small glitch, I still stand by Docker because I had more conflicts when I was relying on Homebrew or compiling binaries for services manually.

 

The Docker community is huge and resources are plentiful.

There are a huge number of images (last count on Docker Hub has it at 100,000+) to pull from for free from Docker Hub. These images are blueprints to creating your containers which will house all of your services for your application. You will find varying success on the level of documentation each of these images provide, but for the most part they are ready to plug into your application.

  Cons

Despite all of these good things, everything is not sunshine and rainbows with Docker, though. There are many things about Docker that can be tricky to grok with and it helps to have someone on your team familiar with the technology.

Docker has some gaps in documentation.

Docker is moving at a fast pace and it is very hard to keep up with the latest advances and changes. While there is some fantastic documentation, there seem to be some gaps specifically within the docs for the abstraction layers (Docker for Mac, Docker for Windows).

 

Docker has performance problems on non-native environments.

Despite Mac being based on the native Unix layer, Docker still requires the actual Linux kernel (usually Ubuntu) in order to perform its operations. What Docker for Mac provides for you is an abstracted VM containing the kernel, which you never interact with directly. You will interact with the containers within that VM, but they are networked together with your host in a way that you will rarely need any information about the VM itself.

 

Using Docker (or any VM-based architecture) locally has one drawback which can be significant based on your stack and your team’s needs. The disk mounting / volume shares Docker for Mac provides are getting better with every release, but I have seen some pretty substantial drop offs of performance when doing intensive database operations.

 

Docker for Mac performance: A Test Case

My test case was using Docker for Mac and installing a web application framework (in my case, Drupal). On natively-compiled services (ie Homebrew), I could install Drupal in 45 seconds. Originally, with settings out of the box, Docker for Mac clocked in at 20 minutes and 32 seconds. I knew this couldn’t be reality, so I ended up twisting some knobs and flipping some switches (probably worth a follow-up article at some point) and got it down to 6 minutes, 47 seconds. While this is a significant improvement over the factory settings, it still leaves a lot to be desired in terms of performance.

 

There can be a significant learning curve to migrating to Docker.

Learning Docker is a significant time sink. There are a lot of concepts that are just different enough from a Virtual Machine infrastructure to cause confusion and make unlearning concepts from other areas a bit more of a challenge, even for experienced developers.

 

Is Docker right for me?

Identify your pain points.

Determining whether Docker is right for you is really up to your team. If you find yourself using a fairly reliable stack and on consistent development platforms, perhaps Docker is an unnecessary abstraction to add to your team’s workflow. However, if your team struggles with developer support on a platform level, Docker just might be the thing that makes the difference.

 

Docker can involve a large paradigm shift on a team.

Having a Mac on a local, sandboxed workstation can be beneficial— and many development teams stop here. However, should your use case and expertise on the team allow for it, it is also possible to have Docker as a deployment target on your servers. You will find this best suited for when you have supporting architecture to aid in your CI/CD processes. As expected, most of these components require a specific level of expertise. If you have an infrastructure based on VMs or even bare metal, this approach will come with a significant effort to build up the stack and train the developers/DevOps on how to use it.

 

Reliable, but at a cost.

Ultimately, I find Docker to be extremely reliable and use it in my projects which require cross-platform support. In many open source projects, for example, it is great to meet people where they are at and allow them to bring whatever they have access to. Docker can be extremely beneficial in this cases.

 

Let us know how you are using Docker.

Please reach out and let us know how Docker has been working for your team and leave a short pros/cons list of your own for the edification of others!

 

(Whale image courtesy of Max Pixel)

Hook 42: Drupal 8 Interviews: Spotlight on Andrew Dunkle from Go Overseas

1 dzień 7 godzin ago

Andrew Dunkle is the CTO of Go Overseas. Go Overseas is a platform that strives to help people find meaningful travel experiences abroad. They often describe themselves as the Yelp or Airbnb of study abroad programs. Volunteers, recent high school graduates, or anyone who is looking to travel in a more impactful way can use the site to find opportunities. Andrew and his business partner Mitch co-founded the company in 2008, while teaching together in Taiwan. They recognized the need for a platform to provide information and encouragement about taking the opportunity to go overseas and give back at the same time.

Mass.gov Digital Services: Custom dashboards: Surfacing data where Mass.gov authors need it

1 dzień 9 godzin ago
Helping content creators make data-driven decisions with custom data dashboards

Our analytics dashboards help Mass.gov content authors make data-driven decisions to improve their content. All content has a purpose, and these tools helps make sure each page on Mass.gov fulfills its purpose.

Before the dashboards were developed, performance data was scattered among multiple tools and databases, including Google Analytics, Siteimprove, and Superset. These required additional logins, permissions, and advanced understanding of how to interpret what you were seeing. Our dashboards take all of this data and compile it into something that’s focused and easy to understand.

We made the decision to embed dashboards directly into our content management system (CMS), so authors can simply click a tab when they’re editing content.

GIF showing how a content author navigates to the analytics dashboard in the Mass.gov CMS.How we got here

The content performance team spent more than 8 months diving into web data and analytics to develop and test data-driven indicators. Over the testing period, we looked at a dozen different indicators, from pageviews and exit rates to scroll-depth and reading grade levels. We tested as many potential indicators as we could to see what was most useful. Fortunately, our data team helped us content folks through the process and provided valuable insight.

Love data? Check out our 2017 data and machine learning recap.

We chose a sample set of more than 100 of the most visited pages on Mass.gov. We made predictions about what certain indicators said about performance, and then made content changes to see how it impacted data related to each indicator.

We reached out to 5 partner agencies to help us validate the indicators we thought would be effective. These partners worked to implement our suggestions and we monitored how these changes affected the indicators. This led us to discover the nuances of creating a custom, yet scalable, scoring system.

Line chart showing test results validating user feedback data as a performance indicator.

For example, we learned that a number of indicators we were testing behaved differently depending on the type of page we were analyzing. It’s easy to tell if somebody completed the desired action on a transactional page by tracking their click to an off-site application. It’s much more difficult to know if a user got the information they were looking for when there’s no action to take. This is why we’re planning to continually explore, iterate on, and test indicators until we find the right recipe.

How the dashboards work

Using the strategies developed with our partners, we watched, and over time, saw the metrics move. At that point, we knew we had a formula that would work.

We rolled indicators up into 4 simple categories:

  • Findability — Is it easy for users to find a page?
  • Outcomes — If the page is transactional, are users taking the intended action? If the page is focused on directing users to other pages, are they following the right links?
  • Content quality — Does the page have any broken links? Is the content written at an appropriate reading level?
  • User satisfaction — How many people didn’t find what they were looking for?
Screenshot of dashboard results as they appear in the Mass.gov CMS.

Each category receives a score on a scale of 0–4. These scores are then averaged to produce an overall score. Scoring a 4 means a page is checking all the boxes and performing as expected, while a 0 means there are some improvements to be made to increase the page’s overall performance.

All dashboards include general recommendations on how authors can improve pages by category. If these suggestions aren’t enough to produce the boost they were looking for, authors can meet with a content strategist from Digital Services to dive deeper into their content and create a more nuanced strategy.

GIF showing how a user navigates to the “Improve Your Content” tab in a Mass.gov analytics dashboard.Looking ahead

We realize we can’t totally measure everything through quantitative data, so these scores aren’t the be-all, end-all when it comes to measuring content performance. We’re a long way off from automating the work a good editor or content strategist can do.

Also, it’s important to note these dashboards are still in the beta phase. We’re fortunate to work with partner organizations who understand the bumps in the proverbial development road. There are bugs to work out and usability enhancements to make. As we learn more, we’ll continue to refine them. We plan to add dashboards to more content types each quarter, eventually offering a dashboard and specific recommendations for the 20+ content types in our CMS.

Interested in a career in civic tech? Find job openings at Digital Services.

Custom dashboards: Surfacing data where Mass.gov authors need it was originally published in MA Digital Services on Medium, where people are continuing the conversation by highlighting and responding to this story.

OpenSense Labs: Preventing Brute Force Attacks with Drupal Login Security Module

1 dzień 11 godzin ago
Preventing Brute Force Attacks with Drupal Login Security Module Raman Mon, 08/20/2018 - 14:50

The internet is a wild place. You never know who’s on the hunt for vulnerabilities of your site. In fact, the moment you deploy your application on the web, you are inviting all sorts of requests on your server. Apart from genuine users, these could potentially be automated scripts (mostly harmless), bots or crawlers, ethical/non-ethical hackers or some curious geeks (like me).

One of the key areas of interest for them is to exploit the authentication or login system of an application. Compromising the security of your users’ accounts can lead to severe consequences such as the leak of their personal information, misuse of their identity (or your platform), and can even cause financial losses. 

It is of utmost importance to ensure that healthy security standards are implemented. These include enforcing strong Password Policies, employing salted password hashing, adopting HTTPS, preventing brute force attacks, utilizing two-factor authentication and so on.

Securing a Drupal site is a vast topic in itself, but in this article, we will focus on understanding the default flood control mechanism and then later explore the usage of Login Security, a contributed module, to enhance the security.

Default Flood Control Mechanism of Drupal

In Drupal, User, a core module, is responsible for providing the features related to user account management such as authentication, logging in/out, password management, registration, roles, and permissions. It also does a basic yet effective prevention against brute force attacks using its flood control mechanism.

Flood Control of Drupal in Action

Whenever a user authentication fails, it is considered as a flood event and its entry is made in the “flood” schema storing the event type, user identifier, timestamp, and expiration of this flood event. There are two ways (flood event types) in which Drupal keeps a track of login failures – IP address based, and user account based. 

Flood database table

By default, a user account gets blocked if there have been 5 login failures for that user account within a span of 6 hours, and an IP address gets blocked if there have been 50 login failures from that IP address within an hour. Thus, preventing an attacker to run through a series of passwords until the correct one is obtained.

However, there are mainly three limitations of this default mechanism. 

  • There is no user interface for site administrators to configure the allowed number of login attempts and blocking time period.
  • Anyone can abuse this behavior and get a user’s (including admin’s) account blocked on purpose. There should be a way to unblock the users through admin UI (Flood Unblock module can also be used for this purpose) or preventing this abuse by not revealing the error messages to the attacker.
  • There should be some way to alert the site admin or the user whose account is being exploited.

Now, let us explore how we can use Login Security to overcome these limitations.

Downloading and Installing Login Security Module

The only prerequisite of the module is the core Ban module. Once you’ve made sure, it is enabled, you may proceed with installation of the Login Security module using any of the below methods.

$ drush dl login_security && drush en -y login_security

or

$ drupal module:download login_security && drupal module:install login_security

or

$ composer require 'drupal/login_security:^1.5'

After downloading the module using composer, enable it from the admin UI available at admin/modules.

Enabling Login Security module using admin UIHow does the Login Security module work?

The module works by implementing hook_validate(), thereby overriding the default login form flow. It maintains its own schema, login_security_track, to keep a track of failed login attempts. It can detect an ongoing attack using the configured threshold value within a set time window and can also alert the site administrator through email or logs.

Login Security Track database table

It offers two types of protection against the attacks – Soft and Hard. The soft protection is similar to the default flood mechanism, that is, it temporarily blocks the user from submitting the login form. The hard protection, however, permanently bans the host IP address and changes the status of the user account to blocked. 

If needed, the site administrator can unban the IP addresses from the admin UI available at admin/config/people/ban and unblock the users from admin/people. Additionally, it can also be configured to display the last access and last login timestamp to the users to further comfort them of their security.

 A Drupal message shows the last access and login timestamp to users after successful LoginConfiguring Login Security

The module provides a configuration form under admin/config/people/login_security. So, navigate to Manage → Configuration → People → Login Security.

You may configure the following options as per your security needs and then hit “Save configuration” to apply the changes.

Configuring the Login Security module

Configuration

Default Value

Description

Track time

1

The time window for which the login failures are considered. Soft protections expire after this time

User

0

Max. number of login failures after which a user account will be permanently blocked

Soft host

0

Max. number of login failures after which an IP address will be temporarily blocked from submitting the login form

Hard host

0

Max. number of login failures after which an IP address will be completely banned using the core ban module

Attack detection

0

Max. number of login failures after which an ongoing attack is detected and a warning is logged

Disable login failure error message

False

Display the core login error messages

Notify user about remaining login attempts

False

Display the number of attempts remaining before the user account will get temporarily blocked

Display last login timestamp

False

Display a Drupal message with the last login timestamp of the user

Display last access timestamp

False

Display a Drupal message with the last activity timestamp of the user

Along with these configurations, the text within the Drupal messages on the events (failed login attempt, hard/soft IP address ban, and blocking of the users), and the email fields (address, subject, and body) can also be configured. You may use the provided tokens to send a dynamic data in the alert/message.

Configuring the alert settings of the module

Conclusion

The Login Security module adds another measure of security to a Drupal website. In particular, it allows greater control on dealing with a situation of a brute force attack. At the end of the day, however, ensuring security is not just limited to configuring the modules but also lies in the hands of people who administer and deploy the websites.

In case of any queries or suggestions, feel free to drop down a comment.

blog banner blog image Blog Type Tech Is it a good read ? On

Debug Academy: ReactJS is coming to core. Learn "React for Drupal" at Drupal Europe w/affordable hands-on training!

3 dni 14 godzin ago
Author: Shadia Mansour

JavaScript Frameworks have been taking the web by storm for years and ReactJS has become a clear frontrunner. With React, you can implement fast, slick, interactive web components without excessive complexity.

Additionally, ReactJS is the perfect fit for Drupal - the JavaScript initiative team is already working on building a ReactJS app for Drupal Core. Wouldn't it be cool to join their initiative and help them modernize Drupal's administrator UI with React? We can show you how.

Key Benefits of React w/Drupal Include:

  • Faster rendering when responding to user interactions
  • Easier development for more complex apps
  • Friendlier JS syntax (similar to SASS for CSS)
  • Fewer clicks
  • Fewer page reloads
  • and more!

Interested in learning more? At Drupal Europe, Debug Academy will be hosting a training, Elevate your Drupal 8 application with ReactJS, on Monday, September 10th. This training is an updated version of the most popular training which sold out at DrupalCon Nashville 2018, and profit from the training will be used to help support the volunteer-run Drupal Europe!

Attendees who will gain the most from this training are Drupal developers looking to gain hands-on experience with decoupled development and developers looking to learn how to use the popular JS Framework, ReactJS. Must Know JS or PHP to participate. Code & Training formatted to be accessible to developers, not exclusively for JS developers.

The first 8 people who register will receive a significantly discounted registration price of €250.00 + VAT tax (normally €400.00+).

Register for this training at Drupal Europe below!

This training is an updated version of the most popular training at DrupalCon Nashville 2018. It sold out there, so we encourage you to secure your spot soon! The first 8 people who register will receive a significantly discounted registration price of €250.00 + VAT tax (normally €400.00+).

  • Training date: Monday, September 10 from 9AM to 5PM
  • Training location: Drupal Europe in Darmstadt, Germany 

Learning Objectives: 

  • Learn to create a React Web App
  • Learn to set up Headless Drupal using Drupal 8
  • Create a React web app which communicates with a Drupal 8 task management website

Syllabus/Agenda: 

  • Learn when & why to use decoupled Drupal 8, and why React is a great choice
  • (initial set up) Install pre-built Drupal 8 website
  • Modify Drupal 8 website to prepare it for headless integration 
  • Note: Website will not be 'fully' decoupled, will only decouple one content type
  • Create React App
  • Integrate React App with Drupal 8 website (displaying data)
  • Post data to Drupal 8 website from React App

Who Will Gain the Most From This Training?: 

  • Drupal developers looking to gain experience with Decoupled development
  • Developers looking to learn how to use the popular JS Framework, ReactJS
  • Note: Must know JS or PHP to participate. Code & Training formatted to be accessible to developers, not exclusively for JS developers.

Hook 42: BADCamp 2018 Trainings

4 dni 3 godziny ago

We’re excited to be offering two training sessions at BADCamp this year! Both of them focus on widening the reach of the internet and Drupal. Accessibility and contribution are close to our hearts at Hook 42 as they both are great tools for making the web a more diverse and inclusive place. The best thing about both subjects? You don’t have to know everything to dive in and get started - starting where you are is a great way to move things forward.

OPTASY: Bringing Gutenberg to Drupal: A Modern Admin UI, a Better Editing Experience in Drupal 8

4 dni 10 godzin ago
Bringing Gutenberg to Drupal: A Modern Admin UI, a Better Editing Experience in Drupal 8 adriana.cacoveanu Fri, 08/17/2018 - 09:35

It's a robust, flexible and admin feature-packed CMS, there's no point in denying it. And yet: Drupal (still) lacks a modern UI that would make building rich web content —  such as landing pages — a breeze. But there is hope: the Gutenberg editor has been ported over, promising a better editing experience in Drupal 8.

The team behind this daring project? Frontkom, a Norwegian digital services agency that:
 

AddWeb Solution: Let’s Decode The ‘Decoupled Drupal’ Together!

4 dni 13 godzin ago

‘Coexistence is the key to our survival’, they say about humanity. The same law applies to and therefore is adapted by the technological world too. ‘Decoupled Drupal’ is the outcome of the same law, coming from the field of web architecture. After years of following the traditional web architecture, Drupal came up with something that was not ‘monolithic’ - something that we call as ‘Decoupled Drupal’ today. Let us explore and decode in detail the web architecture that ‘Decoupled Drupal’ is!

Understanding, Decoupled Drupal

, ,

Freeing the front-end from the control of the content management system and focusing on the just back-end development. The presentation layer, themes, templates - everything front-end is taken care by the adopted front-end framework. This also implies that Drupal has chosen to do what it does the best - building and bettering the content part. The decoupled Drupal exposes the content to other systems such as native applications, JavaScript application, core REST API, IoT devices, et al, which clearly states the fact that every system can easily consume content from Drupal.
 

Decoupled Drupal, also known as Headless Drupal, in simpler words is about not letting go the core and robustness of Drupal by having the control over all the core content management related responsibilities. And yet opening up the door for the productive change on the part of content appearance. Decouple Drupal is a promise of omnichannel delivery for the marketers and publishers.
 

Pick your approach!

, ,

1) Coupled Drupal

This is the most appropriate approach to be adopted for a site that does not demand much rendering and state management from the client’s end. Drupal’s built-in twig templating system is used instead of the huge and heavy JavaScript framework. The help of JQuery can also be taken if needed. Since this approach doesn’t block content marketers by the front-end developers, extra marketing expense could be cut down.

 

2) Progressively Decoupled Drupal

A website that requires client-side interaction, Progressively Decoupled Drupal is being used. Under this approach the core strength of Drupal - its HTML generation is not eliminated and yet the benefits of the Javascript framework is adapted. The best of both the frameworks raises the quality of interactive experience plus a robust back-end. Usage of JavaScript enables the content marketers to freely gather the experience and benefit from it, without much of the developer’s support.

 

3) Fully Decoupled Drupal

The entire structure here is separated in terms of the content and the presentation, where the former one is taken care by Drupal and the later one is prominently undertaken by JavaScript frameworks. With both the advantages and disadvantages attached to this approach, it is not a highly recommended one. Independence on the underlying CMS and usage of the richness of JavaScript and its community, is one of the major advantages of the fully decoupled Drupal, while the addition of complexity to the technology stack is one of the major disadvantages.

Why should you be adapting Decoupled Drupal?
 

, ,

The popularity of the Decoupled Drupal is a reason enough to confirm how beneficial it has proven to be, so far. Let us share some prominent reasons why adopting the decoupled Drupal will prove to be advantageous for you:

 

1) Intact Security

Security - the key benefit of using Drupal is kept intact since the content management and back-end is taken care of by Drupal itself. The administrative CMS is kept far from the public eye is also something that helps in keeping the security level high.

 

2) Elevated Team Performance

Drupal CMS development requires more technical expertise as compared to that of some other front-end framework. So, when an expert of Drupal has more time and scope to focus on the segment that he has an expertise upon, the outcome would naturally be of that stature. In addition, the front-end developer will also have the freedom to work on his expertise and hence would be able to give better justice to your website with an overall elevation in the team’s performance.

 

3) Broader Approach

Drupal has always been broad with its approach, be it any website or organisation. In addition, Drupal now also has the publishing functionality that streamlines the experience for content creation. Under this architecture, it’s easier to push and manage the content to other places. This widens the possibility of the same content being spread and published on multiple channels.

 

4) Flexibility

Decoupled Drupal enables and accelerates the scope flexibility, whenever the website is in need of some change or upgradation. The independence to work and focus upon one single aspect, the developers and designers are granted the flexibility to dedicate their time to their respective jobs. The elimination of dependency of the back-end developers/tools from the front-end developers/system is what lifts up the scope of flexibility.
 

Already thinking of adapting the highly-trending and powerful architecture - Decoupled Drupal? Well, our Drupal-expert team might help you get a detailed and better understanding of the same. A customized viewpoint of Decoupled Drupal for your website surely makes a huge difference. Let our Drupal developers make that difference for you!

I hope this blog helps you to expand your Decoupled Drupal knowledge …Thanks! If you need more assistance regarding Drupal Development Services, feel free to contact us now.

PreviousNext: Introducing the Element Class Formatter module for Drupal 8

4 dni 15 godzin ago

Allow sitebuilders to easily add classes onto field elements with the new element_class_formatter module.

by Rikki Bochow / 17 August 2018

Adding classes onto a field element (for example a link or image tag - as opposed to the wrapper div) isn't always the easiest thing to do in Drupal. It requires preprocessing into the elements render array, using special Url::setOptions functions, or drilling down a combinations of objects and arrays in your Twig template.

The element_class_formatter module aims to make that process easier. At PreviousNext we love field formatters! We write custom ones where needed, and have been re-using a few generic ones for quite a while now. This module extends our generic ones into a complete set, to allow for full flexibility, sitebuilding efficiency and re-usability of code. 

To use this module, add and enable it just like any other, then visit one of your Manage Display screens. The most widely available formatter is the Wrapper (with class) one, but the others follow a similar naming convention; "Formatter name (with class)". The majority of these formatters extend a core formatter, so all the normal formatter options should still be available.

The manage display page with new (with class) field formatters selected

The field formatter settings, with all the default options

Use this module alongside Reusable style guide components with Twig embed, Display Suite with Layouts and some Bare templates to get optimum Drupal markup. Or just use it to learn how to write your own custom field formatters!

For feature requests or issues please see the modules Issue queue on Drupal.org

Tagged Field Formatters, Contrib Modules

Debug Academy: What’s so great about ReactJS? Watch ReactJS bring app-like features to a Drupal 8 site. Learn more by attending Drupal Europe!

5 dni 4 godziny ago
Author: Shadia Mansour

JavaScript Frameworks have been taking the web by storm for years and ReactJS has become a clear frontrunner with its ability to implement fast, slick, interactive web components without excessive complexity.

With ReactJS, you will be able to improve websites with app-like components that are better and faster than what Drupal could do on its own.

Check out a preview of a Drupal site benefiting from the addition of ReactJS!

Key Benefits of React w/Drupal Include:

  • Fewer clicks
  • Fewer page reloads
  • Faster rendering when responding to user interactions
  • Sleek
  • App-like
  • and more!

The JavaScript initiative team is working on building a ReactJS app for Drupal Core. Utilize the latest technology on your projects.

Interested in learning more? Drupal Europe is hosting a training, Elevate your Drupal 8 application with ReactJS (taught by Debug Academy) on Monday, September 10th from 9am-5pm in the Darmstadtium venue. For more information, click here. This training is an updated version of the most popular training that was sold out at DrupalCon Nashville 2018.

Attendees who will gain the most from this training are Drupal developers looking to gain experience with decoupled development and developers looking to learn how to use the popular JS Framework, ReactJS. Must Know JS or PHP to participate. Code & Training formatted to be accessible to developers, not exclusively for JS developers.

The regular training price is €400.00 + VAT tax, however, the first 15 people who register by midnight CEST on Saturday, August  18th, will receive the early bird registration price of €250.00 + VAT tax. Register @ https://debugacademy.com/course/drupal-europe-elevate-your-drupal-8-application-reactjs .

Tags: Drupal EuropeDrupalDrupal PlanetDrupal TrainingReactJS

Drupal.org blog: Developer Tools Initiative - Part 5: Announcing our Migration

5 dni 5 godzin ago

This is the fifth post in our series about integrating Drupal.org with a 3rd party developer tooling provider:

In this post we are announcing our migration to a new tooling provider, and outlining the phases of that migration process to take place over the next several months.

Announcing our partnership with GitLab

Wait, what?

Yes, in our four part series from December of last year it certainly looked like we were going in a different direction for the future of Drupal's developer stack.

So what changed?

Last year we laid out a model for integrating Drupal.org with a third party tooling provider, which we described as "Drupal Flow". This model was deliberately laid out to be agnostic to the provider we chose, so long as certain requirements were met. We worked with representatives from three potential providers at the time: GitHub, GitLab, and BitBucket, and each one had pros and cons. Once we had completed our evaluation, BitBucket was the only provider without hard blockers to the integration we wanted to build.

However, following our blog series, the GitLab team reached out directly to the Drupal Association team, and asked us to give them the chance to resolve the blockers and close the gaps in our integration.

At the same time, we saw an outpouring of feedback from our community asking us to see if we could find a way to make GitLab work.

And so we did.

The Agreement

For the past six months we've been working closely with Eliran Mesika, the Director of Partnerships at GitLab, in addition to CEO Sid Sijbrandij and members of GitLab's engineering team. They've escalated the internal priority of issues that blocked our adoption of GitLab, offered technical and financial support for the migration, and made a commitment to ongoing support for the Drupal project.

And so we're happy to announce that Drupal.org is going to be moving our code collaboration tools for our forty-five thousand projects to GitLab over the course of the coming months.

Three Phases to the Migration Phase 1: Replacing Drupal.org's Git backend

The first phase of the Drupal.org migration

  • Transparently replace Drupal’s current underlying Git infrastructure (for repository hosting, maintainer permissions, code viewing) with GitLab repositories, GitLab roles and permissions for maintainers, and the GitLab code viewing UI.
  • Enable inline code editing (only for maintainers for this phase).
  • During this phase, Drupal.org will remain the primary source of information.  SSH keys, new projects, etc. will be created on Drupal.org.

This first phase, while modest, will bring some concrete benefits to the project:

  • Maintainers will be able to begin familiarizing themselves with GitLab's code collaboration tools.
  • Code viewing will receive a significant upgrade from CGIT to GitLab's built-in code viewer.
  • And Drupal.org's old Git server will be phased out.
Phase 2: Enabling Merge Requests, Inline Code Editing, and Web-based Code Review
  • The timeline for Phase 2 is dependent on GitLab’s resolution of a diskspace deduplication issue, which they have committed to on our behalf: https://gitlab.com/gitlab-org/gitlab-ce/issues/23029
  • Enable GitLab Merge Requests, GitLab inline code editing in the web UI, and GitLab web-based code review.
  • During this phase, Drupal.org will handle any 'create branch/merge request' integrations from the Drupal.org Issue queues, and related call-backs from GitLab into the Drupal.org issue comment stream.

Phase 2 is where we realize some tremendous benefits to developer velocity and collaboration:

  • By adding merge requests, contributing to Drupal will become much more familiar to the broad audience of open source contributors who learned their skills in the post-patch era.
  • By adding inline editing and web-based code review, it will be much easier to make quick contributions. This not only lowers the barrier to contribution for people new to our community, it also saves significant effort for our existing community members, as they'll no longer need to clone work locally and generate patches.
  • Finally, by creating a tight integration between the Drupal.org issue queues and GitLab's development tools, we'll be able to transition to this new toolset without disrupting the community's existing way of collaborating.
Phase 3: Evaluating Additional Features

Phase 3 has no strict timeline, but will be dependent on feedback from the community as they get up to speed on using the new GitLab-based contribution workflow for Drupal.

  • Evaluate additional features such as:

    • Integrating or replacing DrupalCI with GitLab CI
    • Enabling GitLab issues for a sub-set of projects
    • Enabling GitLab confidential issues for specific use-cases (security releases)
    • Possible MatterMost integration, etc.

These additional features may allow us to further improve the velocity of the Drupal project, or realize additional cost savings for the association. For example, we may be able to use GitLab's test runner integration to orchestrate tests across a wider variety of cloud platforms, helping us find the best pricing. We may be able to entirely replace security.drupal.org with a private issue tracker, eliminating an entire sub-site for the Drupal.org team to maintain. We may even be able to enhance existing community services like SimplyTest.me by integrating features like GitLab's AutoDevops tools to automatically create review environments for issues or branches.

We won't really know what's possible within the scope of our resources until the first two phases are completed, but this helps to show that by hitching our toolset to a partner that specializes in collaboration, we may be able to realize even more benefits for our community.

Changes to Git Remotes
  • Git remote urls for pushes to full projects have changed:
    • If you have an established Git remote in the format
      <username>@git.drupal.org:project/<yourproject>.git
      the format should be changed to:
      git@git.drupal.org:project/<yourproject>.git

  • HTTPS clone urls for full projects are unchanged.
  • HTTPS clone urls and Git remote urls for sandbox projects have changed:
    • For remotes of the format:
      <username>@git.drupal.org:sandbox/<username>/<node-id>.git
      the format should be changed to:
      git@git.drupal.org:sandbox/<username>-<nodeid>.git
    • Clone urls will be changing from:
      https://git.drupal.org/sandbox/<username>/<nodeid>.git
      to the format:
      https://git.drupal.org/sandbox/<username>-<nodeid>.git

Important: If you have any automated systems which authenticate to Git, such as CI pipelines or repo mirroring, ensure they are updated as well.

For more detailed information about these changes, as well as instructions for changing your Git remotes or setting ssh keys, please consult these instructions: https://drupal.org/gitauth

How to follow our progress

Issues for the Drupal.org migration to GitLab will be opened in the Drupal.org Infrastructure queue and tagged 'GitLab'.

For questions or concerns, please create an issue at https://www.drupal.org/node/add/project-issue/infrastructure

Hook 42: Drupal GovCon 2018

5 dni 18 godzin ago

Next week we’ll be traveling to the nation's capital to participate in Drupal GovCon! While Aimee and Adam are veterans of GovCon, Lindsay is embarking on her first trip to the Washington, D.C. area. 

Hook 42 will be presenting on a variety of subjects, including project management, module development, and component based development. We’re excited that Adam will also be delivering the keynote Wednesday morning!

GovCon is Wednesday, August 22nd to Friday, August 24th at the National Institutes of Health in Bethesda, Maryland.

Ashday's Digital Ecosystem and Development Tips: What is Drupal?

6 dni 1 godzina ago

You may have heard of Drupal in passing, but you have not ever been given a straight answer on what it is and why you should care. The truth is that even if you have worked with Drupal, you might not actually know what to say when asked what it is. Looking around there doesn’t seem to be a lot of great answers to this question out there either. It would be difficult to tell if you need Drupal as a solution for your website if you aren’t even sure what it really is to begin with. 

Sprawdzone
3 godziny 8 minutes ago
Drupal.org - aggregated feeds in category Planet Drupal