Refactor 2FA from FOF to Joomla Core #11553
Conversation
…tor_2FA_to_Joomla_core
…youts' into Refactor_2FA_to_Joomla_core # Conflicts: # plugins/twofactorauth/totp/totp.php
cleaned phpcs errors
| // Stop output buffering and get the form contents | ||
| $html = @ob_get_clean(); | ||
| $layout = new JLayoutFile('plugins.twofactorauth.yubikey.form'); | ||
| $data = ['new_totp' => $new_totp]; |
There was a problem hiding this comment.
This is >= PHP 5.4 only?
moved files up a level because there are no namespaces yet cleaned up xml files simplified array extraction
|
@izharaazmi thanks for pointing out, I changed the syntax. |
|
IMO, the plugin default layouts should be placed inside the plugin itself. Same for the language files though. But since this plugin is part of core, I am not sure if this applies here. I also believe uninstall of the plugin should remove all its elements. Certainly, except the library classes it depends on. |
|
@izharaazmi The language files can stay where they are I believe because all other core plugins have their language files in the admin language folder. As for removing the library classes, that is a more difficult question because you cannot delete them when you uninstall 1 plugin because the other needs it nor can you uninstall it when you delete the 2nd plugin because theoretically you could install another authentication plugin that requires it. So I would say we can leave it as-is. |
|
@roland-d I said except...
I meant to say – when uninstalling the plugin remove the default layouts too alongwith any plugin only files . And keep the library classes and any layout overrides which is obvious anyway. You too are saying the same.
IMO, |
|
@izharaazmi Using the /layouts folder, we already have a layout there for the user profile plugin, so I believe it is the correct place. As for the uninstallation, if I uninstall the profile plugin the layout is going to stay as well. The question should rather be should all Joomla core be rewritten to be fully uninstallable, perhaps but that is out-of-scope for this pull request. |
|
Yeah, agreed on that. We'll talk over it some other day 👍 |
libraries/joomla/encrypt/Base32.php
Outdated
| * | ||
| * @since 1.0 | ||
| */ | ||
| class Base32 |
There was a problem hiding this comment.
This class and file name are incorrect.
Just because that has been done already does not make it correct or even set precedent. The voting plugin and page navigation plugins both use |
|
I am sure if we put it in the tmpl/ folder the comment would have been why we don't put it in the layouts folder :/ |
|
Well right now the plugin makes use of a |
|
This is a large b/c break - we have a JPlugin helper method (https://github.com/joomla/joomla-cms/blob/staging/libraries/cms/plugin/helper.php#L38) that will keep b/c with the FOF layouts and whichever way we go with that extension specific layouts should 100% go in the extension directory and NOT the global layout directory. As Michael says see how roberto did the stats plugin |
|
Imho, as long as 3rd parties can't install stuff into the layouts folder without custom installation scripts, our core extensions shouldn't do it as well. Or we make a move and let 3rd parties install their JLayouts into eg /layouts/com_foo/bar.php (similar to the media folder). |
|
@Bakual 👍 |
|
Cant say I am a fan of having a file called Totp.php and another called totp.php |
refactored from FOF override path to use core functions
|
First of all thanks everyone for your input, in the recent changes I got the autoloading to work like some of you mentioned. Due to your B/C concerns I reverted the changes to the templating but removed and replaced the FOF part that handles the custom template path |
|
I have tested this item ✅ successfully on 4bed2e5 This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11553. |
|
Added small test instruction for custom templates. |
plugins/twofactorauth/totp/totp.php
Outdated
|
|
||
| // Include the form.php from a template override. If none is found use the default. | ||
| $path = FOFPlatform::getInstance()->getTemplateOverridePath('plg_twofactorauth_totp', true); | ||
| $path = JPATH_THEMES . "/" . JFactory::getApplication()->getTemplate() . "/html/plg_twofactorauth_totp"; |
There was a problem hiding this comment.
Use JPluginHelper::getLayoutPath(). It'll also eliminate the need for the if/else include, you just include the return from that method. Same for the other plugin.
Fixed xml files
| { | ||
| include_once __DIR__ . '/tmpl/form.php'; | ||
| } | ||
| include_once JPluginHelper::getLayoutPath('twofactorauth', 'yubikey', "form"); |
There was a problem hiding this comment.
I think layouts should not be include_once'd. Please verify this and amend if needed.
There was a problem hiding this comment.
@izharaazmi Why would we need include here? The form is not going to change during runtime is it?
There was a problem hiding this comment.
- In this specific case, it may not apply but it is a general practice to 'require' a layout file. An 'include' may also be preferred sometimes.
- If we call this plugin twice in a request cycle, 2nd will output nothing. Again for this case this may not be an issue, but *_once are costly anyway.
There was a problem hiding this comment.
It has always been a require_once as you can see in the old code and hasn't given a problem so far.
There was a problem hiding this comment.
... hasn't given a problem so far.
is not a good reason to keep doing something. To me *_once should be used only when any attempt to include the file for a second time may cause an issue such as for class definitions or function declarations etc.
Any other code should be able to load as many time as needed. See the various Joomla modules for example:
mod_footer would normally never be called twice but modules/mod_footer/mod_footer.php:37 still calls it using require. For me it is the correct approach. No need to pose an unnecessary job to check against included_files to the interpreter.
|
if the intention is to remove fof in joomla 4.0 this should be rebased to 4.0 branch |
|
Why? this could already be done in J3 fine. |
|
Is this still being worked on? |
|
If this PR get no Response, it will be closed at 22th June 2017. |
|
I guess the students have given up on this. @icampus any idea? |
|
I kind of fail to see what is left to be done here, is it about the |
|
@faynt0 At least the PR needs to be updated so it is in-sync with the staging branch. |
|
@roland-d can you please have a Look at Status of this PR? This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/11553. |
|
@franz-wohlkoenig As far as I can see this needs testing as @faynt0 already updated it with the staging branch. |
|
thanks @roland-d |
|
@brianteeman can you please test again? |
|
We need to update the Encrypt code with the latest version. change the branch to be against J4 and I promise I will get this merged! |
|
OK i've ported this in #17687 |
8 participants
Summary of Changes
Refactored 2FA templates to JLayoutsReverted back for B/C, removed the FOF part that resolves the template paths and used JPluginHelper instead.Testing Instructions
To test that custom templates still work create a "form.php" in "templates/protostar//html/plg_twofactorauth_totp" (Google Auth) with an echo() or similar and
go to Frontend -> Edit User profile , select Google Autheticator and your form's content should be shown.