Skip to content
Snippets Groups Projects
Commit c7f4caaf authored by Andreas's avatar Andreas
Browse files

Issue #3292681: Documentation updated in README.md

parent 84e4a6b7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 54 additions and 11 deletions
README.md
+ 54
11
View file @ c7f4caaf
......@@ -2,38 +2,81 @@ CONTENTS OF THIS FILE
---------------------
* Introduction
* Note
* Requirements
* Installation
* Configuration
* Further information on the problem
* Maintainers
# INTRODUCTION
One-Time Logins links are often invalidated by Outlook, Bing and Google Mail
(possibly other services). The reason for this is that the link is crawled in
advance by security tools before it is delivered via email.
When requesting a one-time login link (**request new password** or **password
forgotten** function), it often comes to the fact that the link arrives
invalidated/invalid via e-mail. This can be observed especially with
applications from Microsoft, e.g. Outlook or Bing, but also with Gmail (possibly
other services). The reason for this is that the link is crawled in advance by
security tools before it is delivered via email. Malicious bots, crawlers or
spiders can cause this problem in the same way.
The result is the following message, which is certainly familiar to some:
`You have tried to use a one-time login link that has either been used or is
no longer valid. Please request a new one using the form below.`
> `You have tried to use a one-time login link that has either been used or is
> no longer valid. Please request a new one using the form below.`
This module prevents the crawling of the One-Time Login link, no separate
configuration for the module is necessary. All add-on modules that access
the One-Time Login logic of Drupal are supported.
configuration for the module is necessary. All add-on modules that access the
One-Time Login logic of Drupal are supported.
> This module uses 'CrawlerDetect', a PHP class for detecting
> bots/crawlers/spiders via the `user agent` and `http_from` header. Currently
> able to detect 1,000's of bots/spiders/crawlers,
> [further information](https://crawlerdetect.io).
## Note
It especially affects modules that offer login by email only, e.g.:
> * [Passwordless](https://www.drupal.org/project/passwordless)
> * [Login with Email only](https://www.drupal.org/project/login_onlyemail)
If these modules are used, a single valid login link is sent, this can be
invalidated and thus a login into the system is not possible.
In a pure Drupal installation without additional modules that do not change the
behavior of the login, `Shy One-Time` is to be used only if necessary.
## Requirements
This module requires no modules outside of Drupal core, if the installation is
performed via Composer.
# INSTALLATION
Install the `Shy One-Time` module as you would normally install a contributed
Drupal module.
Drupal module via Composer,
[further information](https://www.drupal.org/node/1897420).
### Enable module
Activate the module via the Drupal backend UI or alternatively with Drush:
```
drush en shy_one_time -y
```
* Visit for [further information](https://www.drupal.org/node/1897420).
## Configuration
There is no UI to configure module out of the box.
### Further information on the problem
* (d.o issue) [Bingpreview invalidates one time login links](https://www.drupal.org/project/drupal/issues/2828034)
* [Safe Links in Microsoft Defender for Office 365](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links?view=o365-worldwide#do-not-rewrite-the-following-urls-lists-in-safe-links-policies)
MAINTAINERS
-----------
Supporting organization:
* TRENDKRAFT
* https://www.drupal.org/trendkraft
* [TRENDKRAFT](https://www.drupal.org/trendkraft)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment