Adding anonymous user tracking to Entityforms submissions so that anonymous users can edit their submissions.
This will probably be done in an Entityforms Anonymous submodule.
I welcome feedback and suggestions. I will be starting on this very soon as it is sponsored development so let me know soon.
Here's what it will look like so far:
Entityform Types
- New Anonymous Tracking settings section. Anonymous tracking will be optional.
- 2 types of tracking. Allow via browsers session or allow via unique link(or both).
Browser Sessions
Browser sessions would obviously have security implications. It will be up to site admins to deal with this through other modules or sessions timeouts.
Unique Links
This will allow unique anonymous links for each entityform submission.
Submit link: eform/submit/[id]/[random_key] - this would allow access to a submission that is in the draft state.
Edit link: entityform/[id]/edit/[random_key] - edit previous submission
View link: entityform/id/view/[random_key] - view previous submission
Obviously these links would be very powerful. Anyone who has access to the links to could access the submissions.
The permissions for anonymous users would respected for these links.
The links would available as tokens on the entityform submission entity. This would allow them to be shown in different places such as the confirmation page, like:
Copy this link to edit your submission later
It could also be sent in Emails(if an email is collected on the form) that would allow a user to come back and edit the form.
Developer Notes
The submodule will add a unique key field to the entityform table. It will just store random key for the submission so that the links and session cookies would be hard to spoof. I thought about using the UUID module for this but it seems very heavy for the solution.
hook_menu?
Not sure if I will actually need to implement hook_menu(as detailed above). Could just use regular entityform links and use hook_entityform_access to determine access. In this case hook_entityform_access could be used to determine access.
If not using hook_menu then be need to pass random key via query string like so: entityform/[id]/edit?key=[key]
Comment | File | Size | Author |
---|---|---|---|
#32 | 2018-01-26_1527.png | 17.06 KB | skadu |
#12 | entityform_anonymous-alter_local_menu_tasks-2181691-12.patch | 1.85 KB | skadu |
Comments
Comment #1
joachim CreditAttribution: joachim commentedYou should look at how Flag module handles anonymous flaggings -- it uses the Session API module.
Comment #2
DamienMcKennaIf you do this you might want to add something to the README.txt and hook_requirements staging it is only advisable to use the submodule on a secure site, otherwise the cookie / link could be sniffed. There might also be implications for using reverse proxy caches, e.g. Varnish.
Comment #3
tedbowBecause of concerns like state in #2, maybe this would be something that would better in separate module(sandbox?).
Then the caveats could be better explained. I don't know if anyone is going to read a README.txt on a submodule.
Comment #4
tedbowRe #1
Yeah I was looking at session_api as used in Flag. Might want to use this but it looks like Flag just uses the session id from session_api_get_sid to associate the flag. That will just be sequential integer I think so that would be easier to guess when replacing in the link.
Comment #5
tedbowI think 1 thing that Flag does that this should do eventually would be to convert the anonymous submission for the user to be owned by the user if they register after being anonymous.
But I will probably not add right now to keep it simplier.
Comment #6
joachim CreditAttribution: joachim commentedThe SID isn't visible: the unflag link, for example, looks like flag/unflag/test_2154251_active/7?destination=node&token=19b1b1f1ff1f500d0df95111e2fd05aa&has_js=1
The 7 is the node ID.
Comment #7
tedbow@joachim ok thanks. I see how flag_get_token does this now. It makes sense.
Comment #8
tedbowSo guess I could use something like entityform/[id]?token=19b1b1f1ff1f500d0df95111e2fd05aa
for the external link.
Then just store the sid on the entityform table. No need for a random key to be stored?
Comment #9
tedbowOk I have created a new branch for this: http://drupalcode.org/project/entityform.git/shortlog/refs/heads/7.x-2.x...
It's rough now but any feedback would be appreciated.
Currently it only deals with providing access via links with the tokens. Nothing is stored in the browser sessions.
There is a settings area called Anonymous Tracking on the Entityform Type edit form
The links are provided as tokens.
I have just made Rule locally to display on links when viewing an Entityform Submission. One way to use the tokens on a site maybe to display them on the confirmation page of a form.
The links are View, Edit, Submit.
Submit works with the resubmit setting of the form and if the submission has been saved as a draft.
I have made a new hook in entityform, hook_entityform_previous_submission_alter . This allows a module to explicitly which Entityform submission is used as the Previous submission for an Entityform Type. This works for determining which draft submission to use and the re-submit action.
i can see other uses for hook_entityform_previous_submission_alter.
I know there is an issue with the Confirm page right now for resubmitting a form view the link.
Comment #10
tedbowI pushed changes to this branch which add the anonymous session tracking.
@joachim, thanks for tip to look at Flag.
Comment #11
tedbowI have pushed merged Entityform Anonymous into 7.x-2.x
It obviously will need more testing.
I put warnings on the Entityform Type settings section for this.
I have created a readme file.
I am not sure what warnings to put in here. If anyone has suggestions that would be great.
Comment #12
skaduHi tedbow,
This module looks pretty nice, and I really like where it's heading. Just wanted to mention something I noticed.
When viewing a submission using a link, the anonymous user is shown the local tabs (View and Edit in my case). These tabs however, do not contain the token, and if clicked lead to an access denied page. For my purposes I wanted to have those tabs work for the anonymous users and allow them to edit their submission right from the view link they clicked.
I went about this by adding a hook_menu_local_tasks_alter to the entityforms_anonymous module. I am not sure if this is something you want to occur by default or not, but I figured I would send along the work I did.
I have attached a diff that I hope is helpful, but pasted below is the function I added:
A couple of things still to do:
Hope this helps, let me know if you need anything else from me, and keep up the good work.
~ Skadu
Comment #14
tedbowHmm I am not sure. It seems like the patch would assume anonymous should have the right to edit their submissions. This might not be the case. Have you tried turning on both anonymous options. I think then it should work. But then that there is probably a problem with entityform_access.
Comment #15
skaduHi tedbow,
Thanks for taking a look, a couple of things:
Both Anonymous Options
I tried turning on both anonymous options and the tabs (without a token) do not allow view/edit access. This is because in the codebase I have:
The function _entityform_anonymous_user_submitted_form, which is called by the access_alter hook only supports the query string token, it doesn't do any checking for session based access:
Is there another codebase somewhere that checks on the session based setting? If so I would happily test and report back.
Permissions Assumption
I was under the impression (and could certainly be wrong) that permissions were handled elsewhere. In my instance, users are not allowed to delete their own entries and the delete tab does not appear on screen, even though it is available during the local_task_alter hook.
I believe this is because of the access_alter function being fired off by entityform_anonymous that checks for user access based on the current operation:
I just ran a quick test where I removed edit permissions, and the tab does not appear to the user. I also tried that with delete permissions being turned on and my delete link appeared, but the edit link did not. I will admit I did not take a look at entityform_access, just the access_alter being used by entityform_anonymous.
I can certainly modify the patch to first check if the user has the correct permissions before modifying the links. It seems like double work to me if the other access check is already going to ensure that the tabs are not visible to those without the correct permissions.
Happy to help debugging further. Did the patch fail to test because I'm coming from the beta version, not 2.x?
Thanks again.
~ Skadu
Comment #17
Michael G CreditAttribution: Michael G commentedHello...
Not sure this is the right place, but this is my input:
I used Rules, Tokens and an email submitted in the entityform to send an anonymous user,
links to view and edit his entityform submission.
The email received, contained full links, but when clicked on, produced:
"Access denied
You are not authorized to access this page."
Any ideas / leads?
Thank you,
Michael.
Comment #18
skaduHi Michael,
The flow you describe is exactly what I'm doing which works perfectly. Are you sure that the entityform configuration has "Provide Anonymous Links" checked?
Also, was it actually an anonymous individual who submitted the entityform? I've found that if an admin (or anyone signed in actually) fills out a form, the anonymous links are indeed generated, but they don't work for an anonymous user, instead I get the access denied message.
~ skadu
Comment #19
Michael G CreditAttribution: Michael G commentedThank you skadu..
- Yes, the entityform configuration has "Provide Anonymous Links" checked,
otherwise, no links are sent..
- Yes it was an anonymous individual who submitted the entityform, on a different computer,
without any authenticated user or admin logged on from that computer..
Michael.
Comment #20
skaduMichael, have you actually given anonymous users the right permissions? It's not enough to just install the module. You need to give view/edit/delete (whichever ones you want) to the anonymous role on the permission page at:
Can you double check those permissions and let me know what you find?
~ Skadu
Comment #21
Michael G CreditAttribution: Michael G commentedYou are a genius! It is working !!!
Thank you so much...
If you ever come to Israel, you have a tour to The Dead sea credit...
Michael.
Comment #22
skaduGlad to you got it working! I'd love to take a tour if I ever find my way to Israel. Is that what your company does?
~ Skady
Comment #23
Michael G CreditAttribution: Michael G commentedYes...It is caled "In Low Gear" 4x4 tours of Israel..
By the way, I am not sure it is related, but if I use the HTML Mail module instead of the Mime Mail module, I keep getting the
"Access denied
You are not authorized to access this page." message..
Thank you again,
Michael.
Comment #24
skaduWhat pages (or what action) are you trying to access that's related to the mail modules? The entityforms? Those two things shouldn't have anything to do with each other from a permissions standpoint.
Comment #25
Michael G CreditAttribution: Michael G commentedThe same one that did work finally with your advice:
I have a rule that sends an email with an "viewlink" to an anonymous entity form submitter.
email message:
test
[entityform:anonymous_submission_view_link]
If I set the system mail
Site-wide default MailSystemInterface class
to
DefaultMailSystem
rather than to
HtmlMailSystem
the email is received correctly (as I reported already), but without HTML features..
Michael.
Comment #26
skaduDealing with HTML formatting of emails is outside the scope of the entityform_anonymous module. I know that the DefaultMailSystem is plain text. So you have to take additional steps to add HTML.
It sounded like you were telling me that the link stops working if sent in plain text though? is that right? If so, it could be an encoding issue, but that's going to be real hard for me to figure out without digging into by hand, and I'm just not sure I can do that right now.
Comment #27
Michael G CreditAttribution: Michael G commentedThe plain text is working excelent (thanks to you).
But don't worry about the HTML Mail module. I will keep trying myself..
Thank you, Skadu..
And my offer for Israel is an "open date" (:
Michael.
Comment #28
toddwoof CreditAttribution: toddwoof commentedI see these two tokens as available:
[entityform:anonymous_submission_submit_link]
[entityform:anonymous_submission_token]
I was expecting that they would both create the same random key, but they create different keys for the same submission. Is this the expected behavior?
Comment #29
skadu@toddwoof - Can you confirm that the settings for the entityform in question have the resubmit action set to edit the old submission?
From the module:
Comment #30
toddwoof CreditAttribution: toddwoof commentedI didn't. I'll test again. Thanks!
Comment #31
museumboy CreditAttribution: museumboy commentedI don't understand how this module does anything useful.
The link I get from [entity:anonymous_submission_view_link] is http://myurl.com/entityform/2253?token=e8f7e9df9ff8e9d675af29b3618f317f&...
Great, but if I delete everything after 2253 I get the same page and in order for it to work I have to open up read access to all of my entity forms.
What's to stop someone from going through my entityform submissions? I would have no problem with allowing read access to forms if the token was required but it's not. The root http://myurl.com/entityform/2253 url is still valid. How to make the token required?
Comment #32
skaduIt sounds like you have granted permission for anyone to view any entityform submission. I'm using this module to handle form submissions, and the token is required to access the form submission as well as edit the form submission. Can you confirm your permissions for entityforms look something like this:
Comment #33
museumboy CreditAttribution: museumboy commentedMy apologies! I read the instructions on #20 but did not see specific directions on the correct permissions. This works! Thanks
Comment #34
museumboy CreditAttribution: museumboy commentedAuthenticated users are also contributing form submissions. The anon links for these submissions don't work because of permission issues. Is there any way around this? I'd like to allow anon access to these forms regardless of which users submit them.
Thanks
Comment #35
museumboy CreditAttribution: museumboy commentedI found this line in entityform_anonymous.module
(line 108)
if (!$access && isset($entityform->uid) && $account->uid == 0 && $entityform->uid == 0) {
change to:
if (!$access && isset($entityform->uid)) {
If I delete the 2nd && of the statement I can view authenticated submissions with the anon link. As far as I can tell I don't have any other access to submissions without a valid token.
Does this open me up in an unexpected way?
Comment #36
skaduIf you submit an entityform while authenticated, that entityform cannot be accessed using anonymous links. The owner of that entityform is automatically assigned to the user account that created it.
I am not the author of this module nor do I claim to fully understand the security impacts of your change....
However, it seems that change will sort of open you up. It will indeed grant you access to the form created by an authenticated user if you are using the anonymous access link which it sounds like is the desired impact for you.
It means that an anonymous visitor could access the entityform of the authenticated user, which feels wrong to me.
Although, I guess it is really no different than if someone else ever gained access to any other anonymous link.