A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human. The purpose of CAPTCHA is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can. The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.

The Masquerade module allows site administrators (or anyone with enough permissions) to switch users and surf the site as that user (no password required). That person can switch back to their own user account at any time.

This is helpful for site developers when trying to determine what a client, logged in as themselves, might see when logged into the site.

This module provides a way to enforce restrictions on user passwords by defining password policies.

Overview

A password policy can be defined with a set of constraints which must be met before a user password change will be accepted. Each constraint has a parameter allowing for the minimum number of valid conditions which must be met before the constraint is satisfied.

Description

The ExternalAuth module provides a generic service for logging in and registering users that are authenticated against an external site or service and storing the authentication details.
It is the Drupal 8/9 equivalent of user_external_login_register() and related functions, as well as the authmap table in Drupal 7 core.

Target audience

This is a helper module, intended to be used by Drupal module developers, as a dependency for their own custom / contrib modules. It provides no out-of-the-box UI or functionality for site builders.

Description:
This module allows you to grant access for specific user roles to view unpublished nodes of a specific type. Access control is quite granular in this regard.

Additionally, using this module does not require any modifications to your existing URL structure.

The Login Destination module allows you to customize the destination that a user is redirected to:

• after logging in,
• registering to the site,
• using a one-time login link,
• or logging out

The destination can be an internal page or an external URL.

It is possible to specify certain conditions like referring pages or user roles and make the destination depend upon them.

The LoginToboggan module offers several modifications of the Drupal login system in an external module by offering the following features and usability improvements:

The Override Node Options module allows permissions to be set to each field within the Authoring information and Publishing options field sets on the node form. It also allows selected field sets to be set as collapsed and / or collapsible.

To install:

1. Download, unpack and place in sites/all/modules/
2. Adjust access control in admin/user/permissions
3. Adjust Fieldset options in admin/settings/override_node_options

Note: Autocomplete "Authored by" field only works if user has "Access user profiles" permission.

By default, Drupal allows only users with the Administer menus and menu items permission to add, modify or delete menu items.

Menu Admin per Menu allows to give roles per menu admin permissions without giving them full admin permission.

For instance, you may let certain users manage the items of the Main or Navigation menus but not those of the Management menu.

Try out a demonstration
Watch a screencast

This module provide single sign-on capability for your Drupal site by implementing the CAS protocol. When using this module, local Drupal user accounts are still used, but the authentication process is not handled by Drupal's standard login form. Instead, users are redirected to your institution's CAS server to collect credentials. Your Drupal site just receives the username (and optionally some other attributes) from the CAS server after a successful authentication.

Overview

The Lightweight Directory Access Protocol (LDAP) project provides integration with LDAP for authentication, user provisioning, authorization, feeds, and views. It also provides apis and building blocks (query and server configuration storage) for other modules.

Drupal 9

Please see the README.md for further information and INSTALL.md for setting up your site.

Redirect the HTTP 403 error page to the Drupal /user/login page with an optional message that reads:

"Access denied! You must login to view this page."

Also, the desired page is appended in the url query string so that, once login is successful, the user is taken directly where they were originally trying to go.

Google reCAPTCHA v3 returns a score for each request without user friction. The score is based on interactions with your site and enables you to take an appropriate action for your site.

This module enables you to easily configure reCAPTCHA v3 and a fallback challenge (captcha/recaptcha v2 e.g). In case user fails reCAPTCHA v3, he can be prompted with an additional challenge to prove. This is an ideal way to maximize security without any user friction.

This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to manage other users based on the target user\'s role.

The module defines new permissions to control access to edit/delete users - more specific than Drupal Core\'s all-or-nothing 'administer users'. It also provides and enforces a 'create users' permission.

The 8.x-3.x version adds fine-grained control of assigning roles and viewing users, with an optional simple configuration mode.

The ACL module, short for Access Control Lists, is an API for other modules to create lists of users and give them access to nodes. It has no UI of its own and will not do anything by itself; install this module only if some other module tells you to.

We're aware of the following modules using ACL (let us know if you know of others):

• Content Access (optionally uses ACL to provide by-user access control)
• Flexi Access
• Forum Access

This module implements the OAuth 1.0 standard for use with Drupal and acts as a support module for other modules that wish to use OAuth.

For OAuth 2.0, install the Oauth 2.0 module instead of this one.

Remove "Request new password" link from block and user page.

This module is very useful for sandbox sites where test users can't change your own password and for third party authentication like LDAP.

Configuration

Once installed and enabled then configure the options at "admin/config/people/noreqnewpass" - you will get checkbox 'Disable Request new password link'. If checked, Request new password link will be disabled.

SUMMARY - Redirect After Login
=================================
A simple module providing a feature to redirect users according to an URL-defined
the parameter after logging in. Allows redirecting only the internal URL of the site.

Nodeaccess is a Drupal access control module which provides view, edit and delete access to nodes. Users with the 'grant node permissions' permission will have a grant tab on node pages which allows them to grant access to that node by user or role. Administrators can set default access controls per content type, and also define which roles are available to grant permissions to on the node grants tab.

Module description

Protected Pages modules allows the administrator to secure any page by password.

Visit module configuration page and add path + password. After that the added path will be password protected. This module also allows you to send the details of this protected page to multiple users by email.

Simple OAuth is an implementation of the OAuth 2.0 Authorization Framework RFC.

Allows adding to/editing terms of/removing terms from vocabularies per role.

You have set up some vocabularies (with some terms) like Color (Red, Green, Blue) and Shape (Toroid, Cube, Sphere). Maybe you even have a vocabulary that controls who can view a specific node (with terms) like Access control (Editors, Colleagues, World). Here comes trouble: your precious editors want to add more Colors, or reorder the terms of the Shape vocabulary (probably they want to see Sphere before Cube, who knows,) and you do NOT want to grant your editors the administer taxonomy permission, as it grants too much power (and that implies too much sharing of responsibility). Without this permission they were NOT able to do the mentioned tricks: adding terms to a vocabulary but not to another, reordering/editing terms of a vocabulary but not another's, etc.

These problem of yours is the past--just download and install vppr.module, and set it up at Administration >> Site configuration >> Vocabulary permissions.

The OpenID Connect module provides a pluggable client implementation for the OpenID Connect protocol.

The server implementation of the protocol is provided by Simple OAuth (OAuth2) & OpenID Connect or the OAuth2 Server modules.

What is OpenID Connect?

http://openid.net/connect:

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

What does the module do?

The module allows you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created.

Google for instance uses OpenID Connect to authenticate users across all of their services. Check out the OpenID Foundation's announcement of launching OpenID Connect.

What Is Username Enumeration Prevention

By default Drupal is very secure (especially Drupal 7). However, there is a way to exploit the system by using a technique called username enumeration. Both Drupal 6 and 7 have this issue, but it is much worse for people using Drupal 6. This is because Drupal 6 does not have any built in brute force prevention. When an attacker knows a username they can start a brute force attack to gain access with that user. To help prevent this, it is best if usernames on the system are not easy to find out.

Attackers can easily find usernames that exist by using the forgot password form and a technique called “username enumeration”. The attacker can enter a username that does not exist and they will get a response from Drupal saying so. All the attacker needs to do is keep trying usernames on this form until they find a valid user.

This module will stop this from happening. When the module is enabled, the error message will be replaced for the same message as a valid user and they will be redirected back to the login form. If the user does not exist, no password reset email will be sent, but the attacker will not know this is the case.

Workbench Access creates editorial access controls based on hierarchies. It is an extensible system that supports structures created by other Drupal modules.

When creating and editing content, users will be asked to place the content in an editorial section. Other users within that section or its parents will be able to edit the content.

A user may be granted editorial rights to a section specific to their account or by their assigned role on the site. Content may only be placed in sections that the user has rights to.

Workbench Access requires that users have the ability to create, edit, or delete content as appropriate. Workbench Access does not grant editorial privileges; it merely restricts the content that a user may act on.

Note that the module only controls access to content editing. It does not provide any content filtering of access restrictions for users trying to view that content.