Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:10 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Wed Dec 05, 2012 8:09 pm 
Offline

Joined: Wed Dec 05, 2012 7:26 pm
Posts: 1
I just noticed that the Drupal 6 Yubikey plugin (version 6.x-2.0) conflicts with other plugins used to modify the login procedure. One problem seems to be in how the Yubikey plugin overrides all other validation plugins with its own list of plugins:
Code:
$form['#validate'] = yubikey_login_default_validators();
...
function yubikey_login_default_validators() {
  return array('yubikey_login_otp_validate', 'user_login_name_validate', 'yubikey_login_authenticate_validate', 'yubikey_login_final_validate');
}

The above breaks for example LoginToboggan's functionality that lets users login using their email address. If I have the Yubikey module enabled, logging in with an email address doesn't work, probably because LoginToboggan's validation/translation routine is not in the validation chain. If I disable the Yubikey authentication module, logging in with an email address works just fine.

Anyway LoginToboggan (version 6.x-1.10) has a more civilized way of hooking into the validation chain by doing this:
Code:
        // Ensure a valid validate array.
        $form['#validate'] = is_array($form['#validate']) ? $form['#validate'] : array();
        // LT's validation function must run first.
        array_unshift($form['#validate'],'logintoboggan_user_login_validate');

So LoginToboggan just prepends its own validation function to the chain, leaving all the rest intact. Also duplicating Drupal user validation code in the Yubikey module functions makes maintenance of the code troublesome, for example user_login_final_validate() vs. yubikey_login_final_validate() seem to be almost the same, but aren't.

I'm not a Drupal coder so can't say how exactly this should be fixed, but something should be done to make the Yubikey module behave better.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Dec 06, 2012 8:33 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hello Tsokura,

Thank you for your suggestion, but unfortunately we are not directly responsible for the Drupal plug-in. I suggest you forward your observation to http://drupal.org/project/yubikey since the Maintenance status: Actively maintained

Regards,
Tom.

_________________
-Tom


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group