- Issue created by @zcht
- Status changed to Fixed
over 1 year ago 8:43pm 7 July 2023 - 🇩🇪Germany zcht
CrawlerDetect as a large library already works very well. After internal testing it was found that not all crawlers/bots are covered. Especially users working with Microsoft Office 365 and therefore Outlook noticed very often that login is not possible. Upon closer analysis, it was found that the MS/Bing crawlers are particularly persistent and repeatedly call the reset links, regardless of server configuration or the like. For this reason, a text field was implemented in the backend via the Drupal State API, in which selected user agents (always one per line) can be entered. These are checked by 'Shy One Time', in case of a hit a redirect to the LogIn form with a 302 status code occurs, the reset link is not invalidated.
Furthermore, logging has been implemented in dblog, which logs ALL user agents coming via the route 'user.reset'. So it can be tracked exactly which crawler is causing problems and this can be taken over into the custom user agent configuration. This way the evaluation of the server logs is not necessary, but can be used additionally for verification.
The additional support for the 'passwordless' module has been removed. From now on a generic solution is followed via the internal route 'user.reset', so supports all modules that access this route.
---
After installing the module in version 2.x, the configuration interface can be reached via the link/admin/config/system/shy_one_time. User agents that are unwanted and should be blocked are entered in the text field. Only ONE user agent may be inserted per line. For more information, see the README.md.
--- Automatically closed - issue fixed for 2 weeks with no activity.