New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login form has no hooks #2436

Closed
dgw opened this Issue Sep 15, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@dgw
Collaborator

dgw commented Sep 15, 2018

I spent a little time looking around to see how one might go about implementing a plugin to provide multi-factor authentication (as requested in #2434) or OpenID login (I have a WordPress plugin that consumes OpenID), for example. In the process, I could not find any way for plugins to add fields on the login form.

Perhaps YOURLS doesn't need quite as many hooks as WordPress has, but I do think at least one injection point (below username & password, but above the submit button) would be useful. A plugin implementing two-factor auth would add a field there asking for the TOTP code (for example); a plugin implementing OpenID as a consumer would add, say, "or" and a field for the user's OpenID URL.

Per usual, before I actually get into any code, I'd like to flesh out exactly what hooks are appropriate. We can copy WordPress's hook name login_form for the one at the bottom of the login form. It's also trivial to add a login_head hook in case plugins need to add tags in the header for CSS/JS that's needed only on the login page. Putting a login_footer hook might not be as useful…

Left to my own devices, I'd implement the first two (login_head and login_form) as a start.

@dgw dgw added the admin panel label Sep 15, 2018

@dgw dgw added this to the 1.8 milestone Sep 15, 2018

@dgw dgw self-assigned this Sep 15, 2018

@ozh

This comment has been minimized.

Show comment
Hide comment
@ozh

ozh Sep 16, 2018

Member

Completely open to add as many hooks as needed, if needed, anywhere. Regarding the login form, yourls_login_screen() calls yourls_html_head( 'login' ); so you can inject anything in the head using the first parameter of yourls_html_head(), but having specific pre_login_form and post_login_form wrapping the login form itself cannot hurt.

Member

ozh commented Sep 16, 2018

Completely open to add as many hooks as needed, if needed, anywhere. Regarding the login form, yourls_login_screen() calls yourls_html_head( 'login' ); so you can inject anything in the head using the first parameter of yourls_html_head(), but having specific pre_login_form and post_login_form wrapping the login form itself cannot hurt.

dgw added a commit to dgw/YOURLS that referenced this issue Sep 17, 2018

Add top, bottom, and end hooks to the login form
Plugins can use these to add extra fields, for OpenID login, accepting
two-factor authentication codes, etc.

Fixes YOURLS#2436.

@ozh ozh closed this in #2439 Sep 18, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment