Drupal 8

How to define a local task in Drupal 8

By Ronald van Belzen | June 2, 2018

A local task in Drupal is a callback displayed as a tab. A local task must have a parent item in order for the tab to be rendered.

A well-known example that is part of Drupal core are the local taks for comments with the menu titles "Published comments" and "Unapproved comments". To demonstrate I am going to add an extra local task to those of comments. Let's say I made a new view that will display spam comments and in the advanced settings I have given that view the machine name "page_comment_spam".

The first step would be to create the routing to that view. In the routing the machine name of the view is given to the defaults _view parameter.

# mycomment.routing.yml

mycomment.admin_comment_spam:
  path: /admin/content/comment/spam
  defaults: 
    _title: 'Comment spam'
    _view: page_comment_spam
  requirements:
    _permission: 'administer comments'

This routing defines the callback I will need to define the local task. Instead of a view, I could also have define a controller function (with a defaults _controller parameter) or a form (with a defaults _form parameter), which is used more often. For this example it does not really make a difference.

The definition for the local task is as follows.

# mycomment.links.tasks.yml

mycomment.admin_comment_spam:
  title: 'Spam comments'
  route_name: mycomment.admin_comment_spam
  class: Drupal\mycomment\Plugin\Menu\LocalTask\SpamComments
  parent_id: comment.admin
  weight: 10

I hope that the fact that I named the routing name and the task name the same, does not confuse you in thinking that it needs to be the same name. It does not need to be.

Special in the above is that a class is being defined. This class definition is optional. I included it here to demonstrate how you can dynamically change the title of the tab with the help of a local task plugin.

What is important is that I defined the parent_id the same as the existing local tasks for comments, and that I defined the route_name to be used for the callback of the tab. I added some weight to the definition to make sure the tab is displayed to the right of the existing local tasks.

The plugin definition I adapted from the one being used in the (core) comments module. It adds a count to the tab link equal to the number of comments that will be displayed in the view.

Reporting spammers to SFS

By Ronald van Belzen | May 17, 2018

The next step is reporting spam to stopforumspam.com. This will be an action initiated by a maintainer who has spotted spam, preferably by one click on a button. This action will need to be handled by the software by sending the report to stopforumspam.com. We we look at the latter first and adding buttons to start the report after that.

As an example we concentrate on comments. The function that needs to be called (commentReport()) first checks whether there is a token (or api key) defined. It also checks whether the user is anonymous. You cannot report an anonymous comment, since stopforumspam.com requires you to fill in name, e-mail address and ip address to report spam and for an anonymous comment post you only have the ip address.

Blocking spammers with SFS

By Ronald van Belzen | May 13, 2018

Let's focus our attention on nodes. Core functionality does not save the IP address of the user together with the node when it is created, so we need to introduce that to our module. The most straightforward approach would be to save the IP address in our own database table. For that I need to introduce a database table (sfs_hostname) by defining a new entity called SfsHostname.

<?php
/* /src/Entity/SfsHostname.php */

namespace Drupal\sfs\Entity;

use Drupal\Core\Entity\ContentEntityBase;
use Drupal\Core\Entity\ContentEntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Field\BaseFieldDefinition;

/**
 * Defines the sfs hostname entity.
 *
 * @ContentEntityType(
 *   id = "sfs_hostname",
 *   label = @Translation("SFS Hostname"),
 *   base_table = "sfs_hostname",
 *   entity_keys = {
 *     "id" = "id",
 *     "uuid" = "uuid",
 *     "label" = "hostname",
 *   },
 *   handlers = {
 *     "storage_schema" = "Drupal\sfs\SfsHostnameStorageSchema",
 *   },
 *   admin_permission = "administer sfs",
 * )
 */
class SfsHostname extends ContentEntityBase implements ContentEntityInterface {

  /**
   * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
   *
   * @return array|\Drupal\Core\Field\FieldDefinitionInterface[]|mixed
   */
  public static function baseFieldDefinitions(EntityTypeInterface $entity_type) {

    $fields['id'] = BaseFieldDefinition::create('integer')
    ->setLabel(t('ID'))
      ->setReadOnly(TRUE);

    $fields['uuid'] = BaseFieldDefinition::create('uuid')
    ->setLabel(t('UUID'))
      ->setReadOnly(TRUE);

    $fields['hostname'] = BaseFieldDefinition::create('string')
      ->setLabel(t('Host name'));
	  
    $fields['uid'] = BaseFieldDefinition::create('integer')
    ->setLabel(t('User ID')); //index

    $fields['entity_id'] = BaseFieldDefinition::create('integer')
    ->setLabel(t('Entity ID'));

    $fields['entity_type'] = BaseFieldDefinition::create('string')
    ->setLabel(t('Entity type'));

    $fields['created'] = BaseFieldDefinition::create('created')
    ->setLabel(t('Creation date'));

    return $fields;
  }
}

Just in case in the future we might be interested in saving IP addresses for other entity types than nodes, I included the field "entity_type" to make that possible. I also included indexes to speed up the lookup of IP addresses. These are defined in the storage handler SfsHostnameStorageSchema to wich is reffered in the annotation of SfsHostname.

Writing the client for the Stop Forum Spam API

By Ronald van Belzen | May 10, 2018

Reading the description of the Stop Forum Spam api usage made me decide to use what is called "Multiple queries", which means checking the existence of a username, e-mail address and the IP address of a potential spammer in their database in a single call.

The number of response formats is large enough when it contains json. So I will use json and since I will use https over http when there is a choice, I picked https.

In the response I will concentrate on the "success", "appears" and "frequency" values and ignore the "confidence" score for now. It seems to me that just as many low as high confidence spammer are knocking at my door lately. So, it needs some more investigating before I can use that value in discriminating spammers from IP addresses formerly owned by spammers

The Client itself will be implemented as a service, allowing me to let Drupal do the heavy lifting with dependency injections. I will also add the modules very own cache bin with the name "sfs", because I plan to cache the api calls to www.stopforumspam.com. For this purpose I added the configuration parameter "sfs_cache_duration" to the module to allow administrators to set the cache time to their needs.

# sfs.services.yml
services:
  sfs.detect.spam:
    class: Drupal\sfs\SfsRequest
    arguments: ['@config.factory', '@current_user', '@logger.factory', '@http_client', '@database', '@cache.sfs']
  cache.sfs:
    class: Drupal\Core\Cache\CacheBackendInterface
    tags:
      - { name: cache.bin }
    factory: cache_factory:get
    arguments: [sfs]

The heart of the service will be the isSpammer() method that will the determination whether a user is a spammer or not.

Making a contributing module for fighting spam

By Ronald van Belzen | May 9, 2018

Making a new module starts with an idea for the module. In this case it was trying to make a module that can replace Mollow to some extend (see previous blog post).

Finding a name for your module can be a challenge, but whatever name you pick, be sure that the machine name of your module is available. Try whether the project exist by visiting https://www.drupal.org/project/{my_module_name}. A page not found (404) response is a good enough indicator to confirm that your module name is still available.

Next step is to read the documentation. The best starting point seems to be Contribute to development. To gather all the information you need to follow half a dozen links, but as far as I can tell all the information is there.

I had a look at the Mods & Plugins that make use of the service provided by Stop Forum Spam, and the concensus seems to be to name the mod after the service it makes use of. So I went for the name Stop Forum Spam Client. Don't go there before I finish this series of articles. I will release a fully functional and tested version soon after that.

# sfs.info.yml
name: 'Stop Forum Spam Client'
type: module
description: 'Client that makes use of the www.StopForumSpam.com api services for blocking spam, spammers and spambots.'
configure: sfs.settings_form
package: 'Spam control'
version: '1.0'
core: '8.x'

As you can see in the above info file the module has no dependencies, while the module may depend on the presence of some modules, but must be able to be installed in their absence. The configuration setting form will imediately show a way to solve this dilemma. And what these modules are will become clear when looking at the configuration install parameters.

Fighting Spam

By Ronald van Belzen | May 7, 2018

I was a satisfied user of the Mollom module, but unfortunately nothing lasts forever, and about a year ago it was announced that the service would be discontinued. Not long ago the moment arrived and my site was hit by spam. It was time to look for an alternative for Mollom.

Jeff Geerling wrote quite a good article in which he found his replacement for Mollom: CleanTalk. It is not free, but relative cheap. According to Jeff it has some restrictions but it fulfills his requirements and works like a charm.

Personally, I have been a years long follower of the StopForumSpam site and did remember the existence of the SpamBot module for Drupal 7, that has been ported to Drupal 8 (and is still in beta, but it works). The only restriction of the SpamBot module is that it is designed to stop spammers from registering  and nothing more. The drupal 7 version can also report spammers (the port to Drupal 8 is missing the latter functionality), but it certainly is not a full replacement for Mollom. However, something is better than nothing, so I gave it a try.

Together with the Honeypot module and the Captcha module it is quite effective, so I cannot complain. But, as is so often the case, I want more. Like: being able to block spammers/spambots from posting content and comments (and the ability to report the spammers that get through to StopForumSpam). Maybe I can develop that myself. If I would manage to include blocking spam to Webform I think that would be a decent alternative for Mollom. Maybe it is not even that hard to do.

So, I decided to find out, and keep you posted of my progress.

Turn Drupal 8 into an Identity Provider (continued)

By Ronald van Belzen | December 13, 2017

In a previous blog post I described how to turn a Drupal 8 installation into a Identity Provider (IdP) by configuring SimpleSAMLphp. The configuration files where placed in a subdirectory of the vendor map, which is something you really should not do when you are using Composer to install and update your Drupal installation.

Move the configuration files

When you move these configuration files to another location SimpleSAMLphp should be told about it. For this purpose the environment variable SIMPLESAMLPHP_CONFIG_DIR exists. To my experience the best way to set this variable is in the Apache vhost.conf file. In my case I moved the configuration files to /var/www/drupalvm/drupal/web/sites/default/simplesamlphp:

<VirtualHost *:80>
  ServerName samlvm.dev
  ServerAlias www.samlvm.dev
  DocumentRoot "/var/www/drupalvm/drupal/web"
  Alias /simplesaml "/var/www/drupalvm/drupal/vendor/simplesamlphp/simplesamlphp/www"
  SetEnv SIMPLESAMLPHP_CONFIG_DIR "/var/www/drupalvm/drupal/web/sites/default/simplesamlphp"
  <Directory "/var/www/drupalvm/drupal/web">
    AllowOverride All
    Options -Indexes +FollowSymLinks
    Require all granted
  </Directory>
  <FilesMatch \.php$>
    SetHandler "proxy:fcgi://127.0.0.1:9000"
  </FilesMatch>
</VirtualHost>

The files 'config.php' and 'authsources.php' are placed in this subdirectory (not is a subdirectory ./config of this subdirectory).

In this subdirectory the subdirectories ./cert, ./metadata and ./modules are created. The ./cert subdirectory contains the certificates we created in the previous blog post. The ./metadata subdirectory contains the files 'saml20-idp-hosted.php' and 'saml20-sp-remote.php' that were also created in the previous blog post. The ./modules directory just contains the ./modules/drupalauth subdirectory with the empty file 'default-enable'.

Next we need to tell SimpleSAMLphp where to find the certificates and the metadata in the 'config.php':

Turn Drupal 8 into an Identity Provider with SimpleSAMLphp

By Ronald van Belzen | December 11, 2017

There is enough information available to help you turn a Drupal 7 installation into an Identity Provider (IdP) for Single Signon (SSO) and Single Logout (SLO). In fact that information will help you with accomplishing the same for Drupal 8. However, the amount of configuring that is involved to accomplish this might be too daunting for someone starting out on this venture.

Personally the following links helped me on the way:

The latter delivers a Drupal 7 module and a SimpleSAMLphp module written for Drupal 7 and instructions on how to configure these. They are the same modules used by the author of the blog post in the first link.

Brad Jones has programmed a module inspired by the work done by Steve Moitozo for Drupal 7 (Drupalauth module): saml_idp. This blog describes how to use saml_idp to turn your Drupal 8 installation into an IdP.

Preparation

The saml_idp module that will be installed with Composer depends on openid/php-openid, which in turn requires the PHP extension GMP to be installed. Most standard PHP installations do not include this extension. You may need to install it first. In my situation I used the Linux shell command:

sudo apt-get install php7.1-gmp

After restarting the webserver the module can be installed using Composer:

composer require drupal/saml_idp

The installation description for saml_idp advises you to run the post installation script. You can do this with Drush from the web root with the command:

drush ev 'Drupal\saml_idp\Install::postInstall()'

What this post installation script does is create the subdirectory /vendor/simplesamlphp/simplesamlphp/modules/drupalauth and in that subdirectory create an empty file with the name 'default_enable'.

Upload an Image File using REST API in Drupal 8

By Ronald van Belzen | December 8, 2017

Currently there is no support to directly upload images using REST in Drupal 8 (https://www.drupal.org/node/1927648). The work-around that I describe here uses Base64 encoded images to accomplish the upload of an image using REST.

For a decoupled Drupal 8 installation I needed to upload an avatar image for a user. Since I started with a minimal installation of Drupal 8, I first had to enable the image and field_ui modules and added an image field to the user entity that I named 'avatar' (with the machine name 'field_avatar'). I also created three new image styles specifically to be used for this image style (machine names: 'avatar_large', 'avatar_medium' and 'avatar_small').

Next, I installed the restui module and enabled the modules basic_auth, rest, restui and serialization before starting on my own module. The info file 'web/modules/custom/mymodule/mymodule.info.yml':

name: MyModule REST Services
type: module
description: "MyModule REST Service Resources"
package: Web services
dependencies:
  - rest
core: '8.x'

The helper class that I created to handle most of the functionality is displayed in full below, but will be explained as we make use of its functionality ('web/modules/custom/mymodule/src/Base64Image.php'):

Change the sorting of a view in Drupal 8

By Ronald van Belzen | February 10, 2017

The situation that required this solution was a view on nodes in which duplicate titles occurred frequently.

Instead of just sorting the list of nodes in the view by the title or the creation date, the sorting on title needed a secundary sorting field. For this I needed to implement the hook "hook_views_query_alter" in the file "mymodule.views_execution.inc" as shown below.

<?php

use Drupal\views\Plugin\views\query\QueryPluginBase;
use Drupal\views\ViewExecutable;

/**
 * Implements hook_views_query_alter().
 *
 * Order by title and created when order by title is requested.
 */
function mymodule_views_query_alter(ViewExecutable $view, QueryPluginBase $query) {
  if ($view->id() == 'my_view_id') {
    if ($query->orderby[0]['field'] == 'node_field_data.title') {
      $query->orderby[1]['field'] = 'node_field_data.created';
      $query->orderby[1]['direction'] = 'DESC';
    }
  }
}

I had some problems getting it to work. Fortunately, a test script made me realize that the hook function needed to placed in the above mentioned ".inc" file. And the test reminded me of the fact that the function parameters are not arrays, as would be the case in Drupal 7, but objects. For that reason you should not use '&$view' nor '&$query' as you would do in Drupal 7, which I did at first. After a cache rebuild the hook does its work by adding the second sorting criteria on the created field when the title field was clicked for the view with id "my_view_id".