In-Webo Technologies provides a Strong Authentication as a Service solution

The idea behind this module is to provide a strong and multifactor authentication method for Drupal sites, based on the validation of One-Time Passwords on our highly secured servers.

The solution is made of 3 parts

  • The In-Webo servers hosting the InWebo SaaS authentication platform where administrators configure their websites to secure and create the users of these websites (users on InWebo are mapped on Drupal users, might be new users that will automatically added to the Drupal site at first successful authentication - self provisioning)
  • The InWebo application installed on user desktops. It proposes browser extensions and acts as an OTP generator. Listing the secured sites as bookmarks, the extension submits the credential in the login form of the selected secured site
  • The Drupal module that retrieves the posted credentials and sends them to our servers via a web service call and processes the answer (authenticates the user or not)

Communication between the Drupal site and our servers require a PEM (.crt) certificate that is generated on the InWebo platform.

The module administration panel allows to switch between Drupal standard or InWebo authentication methods.
User "admin" remains based on Drupal standard authentication.

Sandbox: http://drupal.org/sandbox/Emmanuel_N/1577980
Project page & doc : http://developer.inwebo.com/en/node/12
Drupal target version: 7.x

CommentFileSizeAuthor
#2 drupalcs-result.txt20.82 KBtargoo

Comments

Emmanuel_N’s picture

Emmanuel_N commented
Title: InWebo Strong Authentication module » InWebo Strong Authentication
targoo’s picture

targoo commented
StatusFileSize
new drupalcs-result.txt20.82 KB

Hi

There are still files other than README.txt in the master branch, make sure to remove them. See also step 5 in http://drupal.org/node/1127732
Review of the 7.x-1.x branch:

  • README.txt is missing, see the guidelines for in-project documentation.
  • Remove "version" from the info file, it will be added by drupal.org packaging automatically.
  • The "?>" PHP delimiter at the end of files is discouraged, see http://drupal.org/node/318#phptags
    ./includes/authenticate.php
./includes/authenticateWithIp.php
./includes/authenticateResponse.php
./includes/AuthenticationService.php
./includes/authenticateWithIpResponse.php
  • Bad line endings were found, always use unix style terminators. See http://drupal.org/coding-standards#indenting
    ./lisezmoi.txt:                            UTF-8 Unicode Pascal program text, with CRLF line terminators
./readme.txt:                              ASCII Pascal program text, with CRLF line terminators
includes/Authentication.wsdl
inwebo.admin.inc
inwebo.install
lisezmoi.txt
readme.txt
  • Drupal Code Sniffer has found some issues with your code (please check the Drupal coding standards). See attachment.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. Get a review bonus and we will come back to your application sooner.

targoo’s picture

targoo commented
Status: Needs review » Needs work

1) Could you rename readme.txt by README.TXT (Do you need the \r ?)
2) In your .info you can remove the 'files[] = ' (as well as the version)
For info only list files in the info file that contain classes or interfaces
3) Do you need an empty index.html file ?
4) inwebo.module
include_once() and require_once() are statements, not functions.
check http://drupal.org/coding-standards#includes
5) inwebo.module
"'access arguments' => array('administer inwebo'),": where does that permission come from?
6) inwebo.module
BAD : Implementation of hook_init().
GOOD : Implements hook_init(). Same issue elsewhere ;-)

We do really need more hands in the application queue and highly recommend to get a review bonus so we will(/can) come back to your application sooner ;-)

Cheers,

Emmanuel_N’s picture

Emmanuel_N commented
Assigned: Unassigned » Emmanuel_N
Status: Needs work » Needs review

Hi,
I made a number of corrections according to your remarks and the results provided by the Drupal Code Sniffer. Most issues are solved and recommendations followed, yet some may persist.

About point 5), i changed 'access arguments' => array('administer inwebo'),
by a more generic access callback: 'access arguments' => array('access administration pages'),

Does it make sense?

Thanks a lot for your time
I'll try to participate and contribute to the review of applications in queue asap!

Cheers

Emmanuel_N’s picture

Emmanuel_N commented
Assigned: Emmanuel_N » Unassigned
FranciscoLuz’s picture

FranciscoLuz commented
Status: Needs review » Needs work

Hi,

I did a manual review of your code. Here are some notes:

  • The master branch still has a file in it. Master branch should be left empty.
  • You should remove the LISEZMOI.txt ( copyright terms ). Drupal will add it automatically once the full project module is published.
  • There are still a few code standard issues that can be fixed. See http://ventral.org/pareview/httpgitdrupalorgsandboxemmanueln1577980git
  • This statement seems to be unnecessary:
        else {
      // Do nothing, Drupal will handle the errors.
    }
  • The proper way of documenting your functions is like this:
    /**
 * Authenticate the user against In-Webo serves via Web Services call.
 *
 * @param Datatyep $name
 *   Information about this parameter here.
 * @param Datatype $pass
 *   Information about this parameter here.
 *
 * @return Datatype
 *   The description here.
 */
function _inwebo_auth($name, $pass) {
klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
commented
Status: Needs work » Closed (won't fix)

Closing due to lack of activity. Feel free to reopen if you are still working on this application.

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
commented
Issue summary: View changes

Added sandbox link, project page and drupal core targeted version