Continuing from my last week, this week I've been focussing on finishing the module and make it ready for distribution. The main component of the module is the authentication provider, which will validate any incoming requests for Hawk authentication and authenticate any respective users. Apart from the authentication provider itself, the module will provide UI for users to create their own Hawk credentials. Here's a summary of all I've done this week:
1) Authentication Provider
Implemented the main authentication provider. Ran into an issue with Page Cache but manage to resolve it, see previous blog posts of mine for more info:
After solving the above issue, the authentication provider is working smoothly. A basic flow of the authentication mechanism is as follows:
Of course this is a basic workflow, it doesn't account for other authentication providers, page cache checks, and other components that are in Drupal but the basic idea remains the same. Render page accounts for everything else that comes after the authentication.
2) Testing the authentication provider and the whole content negotiation caveat
All this required testing, so I built a simplified cURL request script example.php to simulate REST requests using Hawk. I could use one of the many REST clients available but Hawk authentication request are bound by timestamp which last for about 1 minute once generated, hence it's very painstaking to keep repeatedly generating the headers.
A very frustrating caveat which I ran into was that the content-negotiation schema was changed a few days ago (Drupal.org Reference). Content negotiation basically invokes a route/module based on the request parameters, previously Drupal used to take a look at the Accept header and if it was application/json it would invoke the REST module to take care of the request. All this changed a couple weeks ago to look into the URL parameter _format for content negotiation. As soon as I updated to Git HEAD my REST requests broke, after a few frustrated hours of combing through requests I found the issue and adapted to it.
3) Building the UI
The provider is useless if no one can create the credentials for it, so my next step after completing and testing the provider was to create the UI in order to manage the credentials. Here's a sample screenshot of the current UI:
Once done with the UI I added the permissions for the administrator to grant as well as the menu links, all of which were (mostly) a simplified affair. I took help from existing Drupal modules and a lot of Googling. Implementing permission checks properly took me a little time (see my module's hawk_auth.routing.yml to know how I've done it) because I got a bit stuck with implementing _entity_access and _entity_create_access checks since it wasn't able to identify an incoming hawk credential as an entity. Later I learned that I had to manually define it in the route (hawk_auth.routing.yml:31), but in the end I believe I got it in a proper mannar.
4) And the rest
Apart from the above which constituted towards finshing the module, I applied the module on drupal.org's project applications (reference) and in the process also cleaned up a lot of code caught by http://pareview.sh to be better compliant for Drupal's Coding guidelines. As always, my current code and progress can be seen in the module's sandbox page.
I will work towards building unit tests for the module and get it approved as a drupal project, that way it will have it's own permanent place on drupal.org.