[D7] Email Auto Login

You need to set the status to "needs review" if you want to get a review, see http://drupal.org/node/532400

There are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxchrism26712065751git

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Please read the Drupal coding standards: https://drupal.org/coding-standards
It will help you writing better code ;)

Read comment #1 and its attached link.
Fix the problems listed on the automated review.
Do NOT use globals!

I filed #2065939: Use a variable for token expiration - default it to 24 hours before this issue existed. I see that as an important security related issue to fix before the application can be approved. The general principle is that the module cannot make a site less secure unless the site builder explicitly chooses the option that makes it that way.

Can you please explain why hook_cron has taken time difference of 30 * 24 * 60 * 60.
Isn't it something that depends on admin configurations?

Manual review of the master branch (please see this automated review as well)

General suggestions

- Rather than storing the creation time, I think storing the expiring time would be better because you will not need to run cron handlers before validating the given login token. Also, the cron handler will then work as a garbage cleaner rather than playing a major role to maintain tokens.
- A button to clear current login tokens from the admin settings form would be nice.
- Once installed, module will add login tokens to all emails sent by Drupal no matter what.
say, for example, we block user (uid = 15) because of spamming, and he gets an email somehow. This module will add a login token so he will get access to the site which can be considered a security issue.
- A token-based solution will work in this case. You can expose a global user token ([user:email-auto-login] for example), which Token module makes available in almost any email templates. Admins can then add the token only in templates that he needs.
- A non-database based solution would be great (just like the Drupal core password reset) but I think it would be a lot of effort to make that change.

email_auto_login.install

- It's not necessary to uninstall a schema using hook_uninstall. Database schema defined in hook_schema will get removed automatically during module uninstallation (since Drupal 7).
- email_auto_login_expiration_time variable need to be removed using variable_del() in the hook_uninstall.

email_auto_login.module

- This is just a feature request - Can we use a select list with default values such as "1 day, 2 days, 3 days, 5 days, 1 week, 2 weeks, 1 month" with the options' key being the relevant seconds ?
- http_build_url() function is similar to Drupal core's url() function.

Cool, Chris!
Sorry my comment above contained more of suggestions but it would be good to go when we fix the application blocking level fixes such as the explicit schema uninstallation in the .install file.

When you are confident about the code so far, the quickest way to get the application reviewed by a user with git admin permission is to take part in the review bonus program. (I'm not one of them but I'll do whatever help I can do in the mean time).

Chris, help with other reviews, 3 at least, and add yourself a review bonus tag so your module will be reviewed.

Some other developers like you (and myself ;-) https://drupal.org/node/2083831) are waiting for reviews too.

Thank you.

1. _email_auto_login_generate_token()

drupal_hmac_base64() function should have two arguments. I recommend to use drupal_get_token() instead.

2. email_auto_login_menu()

You should declare $items array at top of function.

function email_auto_login_menu() {
  $items = array();
  //..
}

3. email_auto_login_settings_form()

3.1 You should declare $form array at top of function.

function email_auto_login_settings_form() {
  $form = array();
  //..
}

3.2 Move #prefix to separates form item:

  $form['status'] = array(
    '#prefix' => '<p>',
    '#suffix' => '</p>',
    '#markup' => t('There are %token_count tokens in the database', array('%token_count' => _email_auto_login_token_count()))
  );

  $form['clear_tokens'] = array(
    '#type' => 'submit',
    '#value' => t('Clear Tokens'),
    '#submit' => array('_email_auto_login_token_flush'),
  );

4. _email_auto_login_token_count()

Change query to abstraction layer:

function _email_auto_login_token_count() {
  return db_select('email_auto_login_tokens')->countQuery()->execute()->fetchField();
}

5. email_auto_login_init()

Replace "$user->uid == 0" to user_is_anonymous()

Closing due to lack of activity. Feel free to reopen if you are still working on this application (see also the project application workflow).

I'm a robot and this is an automated message from Project Applications Scraper.