Yubico Forum

Drupal yubikey plugin conflicts with other login plugins
Page 1 of 1

Author:  tsokura [ Wed Dec 05, 2012 8:09 pm ]
Post subject:  Drupal yubikey plugin conflicts with other login plugins

I just noticed that the Drupal 6 Yubikey plugin (version 6.x-2.0) conflicts with other plugins used to modify the login procedure. One problem seems to be in how the Yubikey plugin overrides all other validation plugins with its own list of plugins:
$form['#validate'] = yubikey_login_default_validators();
function yubikey_login_default_validators() {
  return array('yubikey_login_otp_validate', 'user_login_name_validate', 'yubikey_login_authenticate_validate', 'yubikey_login_final_validate');

The above breaks for example LoginToboggan's functionality that lets users login using their email address. If I have the Yubikey module enabled, logging in with an email address doesn't work, probably because LoginToboggan's validation/translation routine is not in the validation chain. If I disable the Yubikey authentication module, logging in with an email address works just fine.

Anyway LoginToboggan (version 6.x-1.10) has a more civilized way of hooking into the validation chain by doing this:
        // Ensure a valid validate array.
        $form['#validate'] = is_array($form['#validate']) ? $form['#validate'] : array();
        // LT's validation function must run first.

So LoginToboggan just prepends its own validation function to the chain, leaving all the rest intact. Also duplicating Drupal user validation code in the Yubikey module functions makes maintenance of the code troublesome, for example user_login_final_validate() vs. yubikey_login_final_validate() seem to be almost the same, but aren't.

I'm not a Drupal coder so can't say how exactly this should be fixed, but something should be done to make the Yubikey module behave better.

Author:  Tom [ Thu Dec 06, 2012 8:33 am ]
Post subject:  Re: Drupal yubikey plugin conflicts with other login plugins

Hello Tsokura,

Thank you for your suggestion, but unfortunately we are not directly responsible for the Drupal plug-in. I suggest you forward your observation to http://drupal.org/project/yubikey since the Maintenance status: Actively maintained


Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group