Posted by sime on January 1, 2011 at 1:32am
47 followers
| Project: | Secure Site |
| Version: | 7.x-2.x-dev |
| Component: | Code |
| Category: | task |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
Starting a discussion about a Drupal 7 version.
Are any blockers here? The last commit on this project was over a year ago so I assume it's just low priority for the maintainers.
Comments
#1
I'd love to see this for D7. Super useful.
Thanks
#2
This has been a low priority for me because I haven’t been able to use it on any of my projects. However, I am interested in turning this into an alternative to using cookies for authentication.
#3
Would you accept a straight D7 patch first?
#4
Commit access also welcome, with the understanding I'd just be working on the D7 branch for a week or so.
#5
A Drupal 7 patch would be welcome. I was just talking about what I was interested in working on. For some reason I thought you already had commit access. I’ll be happy to give it to you.
#6
sime is now a maintainer.
#7
Thanks Darren!
#8
DRUPAL-7--2 branch created.
Coding standards, spaces around concatenation
http://drupal.org/cvs?commit=477542
http://drupal.org/cvs?commit=477544
#9
Coding standards, spaces around concatenation
http://drupal.org/cvs?commit=477554
#10
Here's the first pass at it. It's not stable, just posting my current changes here because I might not get a chance for a couple of days. I decided not to commit what I'd done straight away as it isn't in a usable state.
Note, the patch doesn't include the rename of
securesite-user-login.tpl.phptosecuresite-user-login-form.tpl.phpdue to a namespace collision at the form level (hook_user_login conflicts).Anyway, last thing I was working on was the login form.
#11
I've made a dev release for drush/etc convenience.
#12
Oh damn CVS. Commit without a message after I didn't abort properly :(
http://drupal.org/cvs?commit=478242
Here's what the message was *supposed* to be...
Made the first pass of changes to securesite. The outcome was to get the tests running (387 passes, 134 fails).
* Updated .info file for D7
* Updated queries for DTNG
* Updated calls to drupal_set_header to drupal_add_http_header
* Split hook_user into hook_user_HOOKs
* New function _securesite_user_digest_cleanup() to support hook_user_insert hook_user_update user_insert_load
* Changed links to logout to user/logout
* Initial modification to _securesite_digest_validate() to return a name => value array for compatibility with drupal_add_http_header()
* Move hook_perm to hook_permissions()
* Move 'admin/settings/securesite' to 'admin/config/securesite'
* Add module_load_include() to securesite.test before every _securesite_parse_directives() as it isn't being included for whatever reason.
* Move form_clean_id() to drupal_clean_css_identifier()
* Use user_role_grant_permissions() and user_role_revoke_permissions() instead of hitting perm tables directly in securesite.test
* Fix path 'admin/settings/error-reporting' to 'admin/config/development/logging'
* Call user_cancel() instead of user_delete in securesite.test
#13
sime - Thanks for getting this ball rolling. Is the current dev in CVS usable yet, or does it still need work?
#14
hi @cwrstl - it installs but doesn't work properly. The job is half finished basically.
Eg. I get a popup password window in Firefox but not in Safari. And the theming code of the login form isn't quite right. A lot of things are identified in the test results.
I've been sick the last week and this threw out my schedule, so I don't know when I will be able to get back to this. But it's definitely closer to being finished.
#15
I get nothing. Not in Firefox, not even in Chrome.
I get a white screen with a grey rectangle with rounded corners.
#16
subscribe
#17
subscribe
#18
subscribarino
#19
subscribe
#20
subscribe
#21
subscribe
#22
subscribe
#23
so much fun, subscribe
#24
Subscribe
#25
subscribe
#26
subscribing
#27
SUbscribing
#28
It's pretty laughable that there was never a function made that allows us to just subscribe to a post, rather than having to fill it with 'subscribe' tags...
#29
#28: note the ChipIn http://drupal.org/project/project.
#30
subscribe
#31
sub..
#32
Subscribe
#33
sub
#34
+1
#35
sub
#36
subscribing
#37
Okay. Subscribing.
This has been open for the last 6 months. Any idea if there is time in the near future to put a 7.x-dev git branch up? At least, if someone is interested in contributing patches to speed things up, it would make things a lot easier.
#38
subscribing
#39
sub
#40
Subscribe
#41
Subscribe
#42
subscribe to chip-in reply :)
Note to self : secure site d7.
#43
Subscribing.
#44
subscribing
#45
There is a 7.x branch in there (Last update Feb 25, 2011) http://drupal.org/node/21470/release
I tested and it seemed to be quite buggy and crashed my site.
#46
Did you report any of the errors? Could you run it through Coder?
#47
Adding HTTP headers has changed in D7 (see http://api.drupal.org/api/drupal/includes--bootstrap.inc/function/drupal...). Attached is a patch that correctly triggers browser HTTP Auth dialog in Safari, Chrome and Firefox (other browsers not tested).
#48
For those looking for something in D7 there is also http://drupal.org/project/shield as of a few days ago that seems is much simpler, but does not use user credentials.
#49
Newbie here...is this module usable with the patches installed?
just tried it without and it seemed like a successful install from the admin menu, changed various settings, etc. then logged out and got a grey rounded rectangle on a mac and PC in Safari and Chrome. switched to IE on the PC and was able to get a username/password prompt, but user1 credentials were not accepted into the popup.
had to manually delete the mod using ftp to get back into the site.
#50
Does this last patch need to be added to make a 7 development release?
This is a great module and the best solution for making sites private during the staging phase. Based on the amount of downloads I am surprised this isn't done for 7 yet.
@boombatower
Thanks for the Shield suggestion. I will use it for now but would prefer Secure Site as it provides a few more features.
#51
The patch is #47 was made from a couple directories up. Rerolling...
#52
With the patch in #51, the module doesn't seem to work in Chrome for Mac. It blocks the site with a user/pass popup but does not provide access once the creds are correctly entered.
#53
I think the issue is that user_authenticate_finalize() is being called but it's D6 only (not in D7).
http://api.drupal.org/api/drupal/modules--user--user.module/function/use...
#54
Check out: http://drupal.org/project/shield
#55
Subscribe, yo...
#56
All i get is the gray box with HTML login form and for HTML Basic it never recognizes valid user credentials. This is for Drupal 7. I've attempted to apply the patch manually by vi the file, but it seems to break it. Can someone provide better instructions on editing that file? There must be a solution for Drupal 7 that provides a login form of some sort before granting access to the site (like with http basic auth). Without this, anonymous users have too much access, including views of menu links with many themes. Shield does not work for this issue. Does anyone have a working example, including a securesite.inc they can post?