-
Notifications
You must be signed in to change notification settings - Fork 0
/
username_enumeration_prevention.install
43 lines (39 loc) · 1.43 KB
/
username_enumeration_prevention.install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<?php
/**
* @file
* Install file for the Username Enumeration Prevention module.
*
* Checks if the requirements are met when enabling the module.
*/
use Drupal\Core\Url;
/**
* Implements hook_requirements().
*/
function username_enumeration_prevention_requirements($phase) {
$requirements = [];
if ($phase === 'runtime') {
$username_enumeration_prevention_roles = user_roles(FALSE, 'access user profiles');
if (isset($username_enumeration_prevention_roles['anonymous'])) {
$value = t('WARNING! Anonymous users have permission to access user profiles.');
$severity = REQUIREMENT_WARNING;
}
else {
$value = t('Anonymous users do not have permission to access user profiles.');
$severity = REQUIREMENT_OK;
}
$url = Url::fromUri('http:https://drupal.org/project/username_enumeration_prevention');
$requirements['username_enumeration_prevention_via_permissions'] = [
'title' => t('Username enumeration prevention'),
'value' => $value,
'description' => t('Granting anonymous users permission to access user
profiles poses a security risk because it allows users who are not logged
into the site to obtain usernames. More information is available in the
module README or on the <a href=":url">@link_text</a>', [
':url' => $url->toString(),
'@link_text' => 'project page',
]),
'severity' => $severity,
];
}
return $requirements;
}