Feature #7913

Add configurable setting to disable login

Added by Dan Gillean over 7 years ago. Updated about 2 years ago.

Status:VerifiedStart date:02/02/2015
Priority:MediumDue date:
Assignee:-% Done:

100%

Category:Administration / settings
Target version:Release 2.2.0
Google Code Legacy ID: Tested version:2.1.1
Sponsored:No Requires documentation:

Description

Many users have asked in the user forum how they can hide the login button from the application, to avoid confusing users, discourage unauthorized login attempts, etc. Many Artefactual clients have requested this as well. We have dealt with this on a case-by-case basis, which has made the maintenance of these customizations burdensome.

Since many users seem to want this feature, this ticket proposes that a configurable setting be added to Admin > Settings to allow the user to hide the login button if desired. The default will be to display it. When the login button is hidden, users wishing to login will manually navigate to /user/login to enter their credentials.

Note: once logged in, the button should be visible so an authenticated user has easy access to their own profile, and an easy means of logging out (e.g. without having to manually navigate to user/logout).

Assigning to Jesus for triage

config-apps-yml.png (65.9 KB) Dan Gillean, 03/05/2015 03:28 PM

History

#2 Updated by Jesús García Crespo over 7 years ago

Keep this setting out of the db so it doesn't affect users replicating between two sites.

#3 Updated by José Raddaoui Marín over 7 years ago

  • Assignee changed from Jesús García Crespo to José Raddaoui Marín

#4 Updated by Jesús García Crespo over 7 years ago

Ok so we agreed that it's best to have this setting out of the database.

Radda and I talked about it and we decided to have a mechanism that reads both from env vars and app.yml, e.g. ATOM_READ_ONLY would be the env var, read_only would be the name of the setting in app.yml, exposed in sfConfig as 'app_read_only'.

In Ansible, env vars have precedence over anything configured internally. I think that's a good idea and we should do exactly the same thing! See: http://docs.ansible.com/intro_configuration.html#environmental-configuration

#5 Updated by Dan Gillean over 7 years ago

  • Tracker changed from Bug to Feature
  • Requires documentation set to Yes

Documentation:

In the 2.2 docs, should add notes in the following equivalent places:

#6 Updated by José Raddaoui Marín over 7 years ago

  • Status changed from New to Code Review
  • Assignee changed from José Raddaoui Marín to Jesús García Crespo
  • % Done changed from 0 to 100

Created PR: 109

#7 Updated by Jesús García Crespo over 7 years ago

  • Status changed from Code Review to Feedback
  • Assignee changed from Jesús García Crespo to José Raddaoui Marín

#8 Updated by José Raddaoui Marín about 7 years ago

  • Status changed from Feedback to Code Review
  • Assignee changed from José Raddaoui Marín to Jesús García Crespo

#9 Updated by Nick Wilkinson about 7 years ago

  • Assignee changed from Jesús García Crespo to Mike Gale

Passing this to Mike G for code review. Please assign to Dan for QA once code review is complete.

#10 Updated by José Raddaoui Marín about 7 years ago

Hi Dan and Mike,

I forgot to mention that Sevein and I decided to not allow the login either navigating to the login page.

#11 Updated by David Juhasz about 7 years ago

  • Subject changed from Add configurable setting to allow admin users to hide login button to Add configurable setting to disable login

Updated subject to reflect new functionality better.

#12 Updated by Mike Gale about 7 years ago

  • Assignee changed from Mike Gale to José Raddaoui Marín

Looks great Radda.

One tiny thing I'd add is a break after: https://github.com/artefactual/atom/commit/1ece098c2f88edea928ee7b0111eef8b2715f58a#diff-af2ad506a28a813d7841e472e7624132R51

I know it doesn't really matter since there's only one case, but I could just imagine someone adding to this code later and forgetting to notice there isn't a break. :)

#13 Updated by José Raddaoui Marín about 7 years ago

  • Status changed from Code Review to QA/Review
  • Assignee changed from José Raddaoui Marín to David Juhasz

Merged in qa/2.2.x. Not sure who should test it.

If everything is fine after testing I'll cherry-pick the commit for the two clients (that I know) waiting this feature.

#14 Updated by David Juhasz about 7 years ago

  • Assignee changed from David Juhasz to Dan Gillean

Dan can you test please? I (or any of the AtoM devs probably) can help you with setting the configuration variable in you local test environment to activate the feature.

#15 Updated by Dan Gillean about 7 years ago

  • File config-apps-yml.png added
  • Status changed from QA/Review to Feedback
  • Assignee changed from Dan Gillean to David Juhasz

Hmmm, I might need some clarification on how to test - or, this feature isn't working for me.

Steps to test
  • In local dev environment, pull in all recent changes (git pull --rebase), then clear cache, restart services, repopulate search etc.
  • cd to config and nano app.yml
  • change read_only from "false" to "true", exit and save
  • cd back up and re-clear cache, restart services, re-pop index etc (just to be sure)
  • Navigate to AtoM in web browser - login button visible on home-page
  • Navigate to /user/login - login page visible
  • Try logging in - success.

Was I doing something wrong? See attached screenshot.

#16 Updated by Dan Gillean about 7 years ago

  • Assignee changed from David Juhasz to José Raddaoui Marín

ok, tried this again and still no success. Additional steps:

Did a tools:purge to make sure there's nothing weird in my DB. Did a git reset --hard to make sure all local changes are gone. Did a rev-parse HEAD to make sure I am in fact on the most recent commit, and did another pull --rebase to make sure. Verified that I can see that the commits for this are in fact in qa/2.2.x (https://github.com/artefactual/atom/commit/5097fcc383e0812a79979944eddf000e8ce79e2e). Cleared out my browser cache and restarted.

Then I repeated all the steps listed above. Same effect: still see login button; still can access login page via /user/login, and can still actually log in. Sending back to radda for clarification, or for fixes if needed.

#17 Updated by Dan Gillean about 7 years ago

  • Status changed from Feedback to Verified

Spoke to Radda and have this figured out. It turns out that there in an environment variable in /etc/php5/fpm/pool.d/atom.conf that overrides the one in config/app.yml. I tested it without setting the one in the app.yml file this time, and it seems to work fine - unable to even get to a login page.

To enable
  • cd /etc/php5/fpm/pool.d/
  • nano atom.conf
  • scroll down and change env[ATOM_READ_ONLY]="off" to env[ATOM_READ_ONLY]="on"
  • Save and exit
  • Navigate back to AtoM's root directory
  • Clear cache, restart php5-fpm

#19 Updated by Dan Gillean about 2 years ago

  • Assignee deleted (José Raddaoui Marín)
  • Requires documentation deleted (Yes)

Also available in: Atom PDF