Part of a series of reforms for the login system, this patch would ideally provide a login form on Access Denied pages for anonymous users, a feature that has previously been provided by the LoginToboggan module.

The login functionality applies to all Drupal installs, and this usability feature seems to me to be applicable to all Drupal installs and therefore the 6.x-dev core.

NOTE: I have no coding skills whatsoever, however, I hope I can contribute my ideas and hopes to Drupal.

Comments

jjeff’s picture

jjeff commented

+1 on this. The only possible problem is that the user may still be denied upon log in. Also, if a sidebar login block is displayed, the page can end up with two login/password fields being displayed.

That being said, I don't think there are any reasons this couldn't be a site setting. This may be the easiest one to implement of this group of Logintoboggan-to-core issues.

birdmanx35’s picture

birdmanx35 commented

Well, one of my pre-Drupal design rules was:

Redundancy is good!

pasqualle’s picture

pasqualle
Location 🇭🇺 Budapest
commented
Version: 6.x-dev » 7.x-dev
cafuego’s picture

cafuego commented
Version: 7.x-dev » 8.x-dev

Moved to 8.x. Is it really necessary to move this functionality into core, rather than simply use logintoboggan?

spidersilk’s picture

spidersilk commented

I would love to have it in core. LoginToboggan alters the login system in a variety of ways, and not every site may want all of them. Also, the more additional modules are enabled for a given site, the more memory is needed, so if all someone wants is the user login block to be able to show up on 403 error pages, it would be nice not to have to install a contrib module that also does a dozen other things you don't want or need.

matt.rad’s picture

matt.rad commented
Issue summary: View changes

I agree with #5. I have used Logintoboggan in the past and it created more problems than it solved, being incompatible with a bunch of other things I wanted during login. Besides, having to install that whole module just to achieve this one, simple thing (that IMHO should be part of the core UX anyway) seems like overkill.

For now, using Redirect 403 to User Login https://www.drupal.org/project/r4032login

Version: 8.0.x-dev » 8.1.x-dev

Drupal 8.0.6 was released on April 6 and is the final bugfix release for the Drupal 8.0.x series. Drupal 8.0.x will not receive any further development aside from security fixes. Drupal 8.1.0-rc1 is now available and sites should prepare to update to 8.1.0.

Bug reports should be targeted against the 8.1.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.2.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.9 was released on September 7 and is the final bugfix release for the Drupal 8.1.x series. Drupal 8.1.x will not receive any further development aside from security fixes. Drupal 8.2.0-rc1 is now available and sites should prepare to upgrade to 8.2.0.

Bug reports should be targeted against the 8.2.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.2.x-dev » 8.3.x-dev

Drupal 8.2.6 was released on February 1, 2017 and is the final full bugfix release for the Drupal 8.2.x series. Drupal 8.2.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.3.0 on April 5, 2017. (Drupal 8.3.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.3.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.4.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.3.x-dev » 8.4.x-dev

Drupal 8.3.6 was released on August 2, 2017 and is the final full bugfix release for the Drupal 8.3.x series. Drupal 8.3.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.4.0 on October 4, 2017. (Drupal 8.4.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.4.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

dqd’s picture

dqd
Location London | N.Y.C | Paris | Hamburg | Berlin
commented

Additionally to the fact that this issue is quite old and maybe obsolete, I would like to point to the option in core to use 403 redirect settings in admin/config/system/site-information to redirect to the user/login path for any who humbles over this issue here. The only drawback covered here #2916746: Redirect subrequest via Basic site settings do not incoorporate correct theme rendering, suggestions and overrides for target path. : ...

It sadly makes the login page unstylable from top (like commonly used by many themes), since the redirect does not add the common login-form class to the HTML body tag.

Version: 8.4.x-dev » 8.5.x-dev

Drupal 8.4.4 was released on January 3, 2018 and is the final full bugfix release for the Drupal 8.4.x series. Drupal 8.4.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.5.0 on March 7, 2018. (Drupal 8.5.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.5.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.6 was released on August 1, 2018 and is the final bugfix release for the Drupal 8.5.x series. Drupal 8.5.x will not receive any further development aside from security fixes. Sites should prepare to update to 8.6.0 on September 5, 2018. (Drupal 8.6.0-rc1 is available for testing.)

Bug reports should be targeted against the 8.6.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

redzeuf’s picture

redzeuf
he/him
Primary language French
Location Geneva
commented
Status: Active » Needs review

For Drupal 8 there is differents solutions depends on your needed behaviour.

You can go to admin/config/system/site-information and set "Default 403 (access denied) page" to "/user/login"
You can use the module Anonymous Login

Action to do for the review

The issue is very old I think it's a good idea to decide to postpone if we have the intention to include it in the core otherwise to Closed it as outdated and keep it like this.

It seems not to have a lot of people declaring here that they want the feature in the core. I think it's a good idea to include this feature in the core because the majority of Drupal websites today have authenticated pages.

phjou’s picture

phjou
he/him
Location Vancouver 🇨🇦 🇪🇺
commented

The core already provides a Login Block. Why not implementing a Block Condition based on the HTTP Response Code? Then you can place your block based on that code.

I have found a module that seems to do that but I have not tested it: http_client_error_status

Version: 8.6.x-dev » 8.8.x-dev

Drupal 8.6.x will not receive any further development aside from security fixes. Bug reports should be targeted against the 8.8.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.9.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.7 was released on June 3, 2020 and is the final full bugfix release for the Drupal 8.8.x series. Drupal 8.8.x will not receive any further development aside from security fixes. Sites should prepare to update to Drupal 8.9.0 or Drupal 9.0.0 for ongoing support.

Bug reports should be targeted against the 8.9.x-dev branch from now on, and new development or disruptive changes should be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.2.x-dev

Drupal 8 is end-of-life as of November 17, 2021. There will not be further changes made to Drupal 8. Bugfixes are now made to the 9.3.x and higher branches only. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.15 was released on June 1st, 2022 and is the final full bugfix release for the Drupal 9.3.x series. Drupal 9.3.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.4.x-dev branch from now on, and new development or disruptive changes should be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

gagarine’s picture

gagarine commented
Status: Needs review » Closed (outdated)

This issue is outdated. At this point it's certainly better to close it and opening a new one if necessary.

Two custom modules that do the job:

You can do your own custom module following: https://www.getlucius.com/en/blog/drupal/drupal-how-redirect-anonymous-u...

nessunluogo’s picture

nessunluogo commented

1 year after followup, but I think this can help the community.

Another nice solution I suggest is using the HTTP Client Error Status Block Condition module with the default Login block, a contributed alternative or a custom one.

Just place the block in a region of your choice and select the 403 (forbidden) HTTP status in the visibility tabs.

It's D10 compatible, pretty easy to use and very versatile. Plus you don't need to redirect that is more coherent with the OP and the D7 Logintoboggan feature.

While writing I missed the phjou comment #15 about the same module.