Convert failed login settings to new configuration system [#1777490]

Comment	File	Size	Author
#29	1777490-29-convert-user-failed-login-settings.patch	8.15 KB	kim.pepper

#25	1777490-25-convert-user-failed-login-settings.patch	7.86 KB	kim.pepper

#23	1777490-23-convert-user-failed-login-settings.patch	8.1 KB	kim.pepper

#18	1777490-18-convert-user-failed-login-settings.patch	8.11 KB	kim.pepper

#16	1777490-16-convert-user-failed-login-settings.patch	8.12 KB	kim.pepper

#12	1777490-12-convert-user-failed-login-settings.patch	8.14 KB	kim.pepper

#10	1777490-10-convert-user-failed-login-settings.patch	8.25 KB	kim.pepper

#7	1777490-7-convert-user-failed-login-settings.patch	7.43 KB	kim.pepper

#5	1777490-5-convert-user-failed-login-settings.patch	7.27 KB	kim.pepper

#1	1777490-convert-user-failed-login-settings.patch	1.14 KB	kim.pepper

Comment #1

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 7 September 2012 at 07:49

Status:

Active

» Needs review

File	Size
1777490-convert-user-failed-login-settings.patch	1.14 KB

First variable is user_failed_login_identifier_uid_only

Log in or register to post comments

Comment #2

aspilicious CreditAttribution: aspilicious commented 7 September 2012 at 10:27

Can you explain what these variables do?
It's possible we need to find better names for them.

Log in or register to post comments

Comment #3

larowlan

🇦🇺🏝.au GMT+10

CreditAttribution: larowlan commented 7 September 2012 at 10:50

I think these are the flood settings for failed logins to prevent brute force password attempts.
There is no UI on core, but one is available in contrib.
There are a few bug reports regarding the lack of UI.

Log in or register to post comments

Comment #4

aspilicious CreditAttribution: aspilicious commented 7 September 2012 at 11:00

What about this than:

failed_login:
  uid_only
  ip_limit
  ip_window
  user_limit
  user_window

I'm not 100% happy with this it's missing a flood reference. Maybe we need a user.flood.yml to save this settings?

So second proposal: user.flood.yml

uid_only
ip_limit
ip_window
user_limit
user_window

Log in or register to post comments

Comment #5

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 7 September 2012 at 21:37

File	Size
1777490-5-convert-user-failed-login-settings.patch	7.27 KB

Thanks for the review aspilicious. I agree with your 2nd approach and have attached a patch that moves these to user.flood.yml and converted the rest of the settings.

Kim

Log in or register to post comments

Comment #6

7 September 2012 at 21:59

Status:

Needs review

» Needs work

The last submitted patch, 1777490-5-convert-user-failed-login-settings.patch, failed testing.

Log in or register to post comments

Comment #7

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 7 September 2012 at 22:19

File	Size
1777490-7-convert-user-failed-login-settings.patch	7.43 KB

Forgot to save config

Log in or register to post comments

Comment #8

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 7 September 2012 at 22:23

Status:

Needs work

» Needs review

Log in or register to post comments

Comment #9

7 September 2012 at 22:48

Status:

Needs review

» Needs work

The last submitted patch, 1777490-7-convert-user-failed-login-settings.patch, failed testing.

Log in or register to post comments

Comment #10

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 10 September 2012 at 00:04

Status:

Needs work

» Needs review

File	Size
1777490-10-convert-user-failed-login-settings.patch	8.25 KB

Added hook_update_N() for converting variables to config.

Log in or register to post comments

Comment #11

larowlan

🇦🇺🏝.au GMT+10

CreditAttribution: larowlan commented 10 September 2012 at 01:07

Status:

Needs review

» Needs work

Looks good, just some minor whitespace issues.

+++ b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.phpundefined
@@ -25,11 +25,13 @@ class UserLoginTest extends WebTestBase {
+    $flood_config->save();
+    ¶

whitespace

+    $flood_config->set('user_limit', 3);
+    $flood_config->save();
+    ¶
     $user1 = $this->drupalCreateUser(array());
     $incorrect_user1 = clone $user1;
     $incorrect_user1->pass_raw .= 'incorrect';
@@ -139,7 +143,7 @@ class UserLoginTest extends WebTestBase {

whitespace

+
+/**
+ * Moves login flood settings from variable to config.
+ *
+ * @ingroup config_upgrade
+ */
+function user_update_8006() {
+  update_variables_to_config('user.flood', array(
+    'user_failed_login_identifier_uid_only' => 'identifier_uid_only',
+    'user_failed_login_ip_limit' => 'ip_limit',
+    'user_failed_login_ip_window' => 'ip_window',
+    'user_failed_login_user_limit' => 'user_limit',
+    'user_failed_login_user_window' => 'user_window',
+  )); ¶
+}
+  ¶

whitespace

+++ b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.phpundefined
@@ -61,11 +63,13 @@ class UserLoginTest extends WebTestBase {
+    ¶

whitespace

+++ b/core/modules/user/user.installundefined
@@ -525,6 +525,22 @@ function user_update_8005() {
+    'user_failed_login_user_window' => 'user_window',
+  )); ¶
+}
+  ¶

whitespace

+++ b/core/modules/user/user.installundefined
@@ -525,6 +525,22 @@ function user_update_8005() {
+  ¶

whitespace

Log in or register to post comments

Comment #12

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 10 September 2012 at 02:08

File	Size
1777490-12-convert-user-failed-login-settings.patch	8.14 KB

Fixed whitespace issues

Log in or register to post comments

Comment #13

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 10 September 2012 at 02:09

Status:

Needs work

» Needs review

Log in or register to post comments

Comment #14

aspilicious CreditAttribution: aspilicious commented 10 September 2012 at 06:16

identifier_uid_only sounds a bit verbose what is wrong with uid_only?

Log in or register to post comments

Comment #15

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 10 September 2012 at 06:39

I was struggling with the right amount of verbosity in order to convey enough detail. I agree that identifier_uid_only could be changed to uid_only.

I wonder if we should change the settings file from user.flood.yml to user.login-flood.yml to give it more meaning?

Kim

Log in or register to post comments

Comment #16

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 10 September 2012 at 22:44

File	Size
1777490-16-convert-user-failed-login-settings.patch	8.12 KB

Renamed identifier_uid_only to uid_only

Log in or register to post comments

Comment #17

larowlan

🇦🇺🏝.au GMT+10

CreditAttribution: larowlan commented 12 September 2012 at 05:23

Status:

Needs review

» Needs work

+++ b/core/modules/user/user.installundefined
@@ -525,6 +525,22 @@ function user_update_8005() {
+    'user_failed_login_identifier_uid_only' => 'identifier_uid_only',

should be uid_only

Log in or register to post comments

Comment #18

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 12 September 2012 at 05:26

Status:

Needs work

» Needs review

File	Size
1777490-18-convert-user-failed-login-settings.patch	8.11 KB

Fixed missing rename of uid_only in update_hook

Log in or register to post comments

Comment #19

12 September 2012 at 05:49

Status:

Needs review

» Needs work

The last submitted patch, 1777490-18-convert-user-failed-login-settings.patch, failed testing.

Log in or register to post comments

Comment #20

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 12 September 2012 at 22:18

Status:

Needs work

» Needs review

#18: 1777490-18-convert-user-failed-login-settings.patch queued for re-testing.

Log in or register to post comments

Comment #21

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 21 September 2012 at 00:42

Issue tags:

+Configuration system

Tagging as configuration system

Log in or register to post comments

Comment #22

Anonymous (not verified) CreditAttribution: Anonymous commented 21 September 2012 at 00:54

Status:	Needs review	» Needs work
Issue tags:	-Configuration system

looks good. only nitpick is code like this:

+    $flood_config = config('user.flood');
     // Set the global login limit.
-    variable_set('user_failed_login_ip_limit', 10);
+    $flood_config->set('ip_limit', 10);
     // Set a high per-user limit out so that it is not relevant in the test.
-    variable_set('user_failed_login_user_limit', 4000);
+    $flood_config->set('user_limit', 4000);
+    $flood_config->save();

should probably be:

  config('user.flood')
    ->set('user_failed_login_ip_limit', 10)
    ->set('user_limit', 4000)
    ...
    ->save();

Log in or register to post comments

Comment #23

kim.pepper

English

🏄‍♂️🇦🇺Sydney, Australia

CreditAttribution: kim.pepper commented 21 September 2012 at 01:11

Status:

Needs work

» Needs review

File	Size
1777490-23-convert-user-failed-login-settings.patch	8.1 KB

I think the inline comments are important there, so that's why they are in expanded format. Is there a better way to put those comments around the config->set() calls?

I've re-rolled against 8.x.

Log in or register to post comments

Comment #24

Anonymous (not verified) CreditAttribution: Anonymous commented 22 September 2012 at 03:10

php allows code like this:

  config('user.flood')
    ->set('user_failed_login_ip_limit', 10)
    // Useful comment about why we do something.
    ->set('user_limit', 4000)
    ->save();

but, meh, it's mainly a style thing, so i don't think it should hold up the patch.

on the comments, "// Set the global login limit." is unnecessary and can go. the other comment seems useful because it has some 'why' in it.