LUYA Admin Version 3.0

Two-Factor Authentication with OTP (One-Time Password)

LUYA 2FA

You can now set up two-factor authentication for your account, rendering the need to send access tokens by email unnecessary. If secure login is set up, no access tokens will be sent to users with active two-factor authentication and OTP.

Remember Device

LUYA Devices

With version 3.0 it is now possible to remember devices: If the remember this device checkbox is ticked on login, you will be logged in automatically for a certain amount of days on this device without being asked for a password or access token. How does this work? LUYA will store a device-specific unique token in a cookie that will be retrieved when accessing the admin ui. If you are inactive for too long and the admin logs you out, the cookie with this information will be destroyed and the device will be removed from the list of remembered devices. So better don’t fall asleep while typing. :wink:

Updated Account View

LUYA Account overhaul

The account view received a small overhaul with accordions, an element widely used in the admin ui (it’s an AngularJS directive that you can use everywhere in your custom LUYA code: <collapse-container title="Advanced Settings">Content</collapse-container> ).

Improved Queue Errors

The integration with Yii Queue gets even deeper: Exceptions thrown while the queue is running are now logged for each retry. Even when a job is finished successfully in the end, all exceptions and errors thrown while processing the job are stored and visible. This makes it much easier to debug queue jobs!

“Forgot Your Password?”

Finally! A new button “Forgot Your Password?” is added to the login screen when enabled in the admin module configuration. By default it is disabled due to a small security risk. In order to enable the new option, set the LUYA admin module property $resetPassword to true.

By the way, if you would like to have a random image as a background of the login screen, simply install the login image extension https://luya.io/packages/nadar--luya-login-image.

Session Based Lockout Is Now IP Based Lockout

In the previous version of the LUYA admin we had integrated a session based lockout: If you failed to login a certain amount of tries, your session profile was locked out. As it is rather easy to clear session data, we have now implemented an IP based lockout. While it would still be possible to switch IPs, this method is preferred to session based lockout. In case of a brute-force attack and a breach of the email address, the email based lockout will take effect.

Please check the full Changelog and the Upgrading Guide where you will find a list of breaking changes.

February 2020, LUYA developer team

2 Likes

Is possible to customize graphical aspect of the admin?
For example change background color of the left vertical navbar, change fonts, add other CSS, ecc.?
Or develop a theme for the admin at all.
Thanks.

Hi @lbucche

Currently the admin does not have such customizing options, what you can always do ,is register your own assets into the admin area and therefore change things…

If there are very generic purposes like

  • change the background color
  • switch the login logo

we could add those functions to the admin module. But we always want to ensure that when you upgrade from a LUYA Admin version to another, everything still works. There are a lot of Admin UI’ you have to maintain in your application logic, not LUYA. It works best served from the vendor folder - therefore configure certain aspects could make sense, indeed! Override the whole css will maybe break everything and therefore your admin won’t receive new functions and bug fixes.

If you have very clear ideas of what should be customized, we might add those options, so you can just configure this in your config.php.

Does that help?

Ok it’s clear, I agree.
Have you never experienced situations, when you want to let your customer access the admin area, with very low privileges, just to add an image in the storage, or change some text in the site?
It would be nice if I could change at least the background color, or the text color, or the logo in the backend, to fit the ones in the frontend.
Just this, only a very very light tuning (not really important), to meet the customer’s brand colors.
I’m aware that is a delicacy, but for some people, images and colors are more important than code (unfortunately).
Bye.

Maybe we could add an option to define a custom logo on the login screen, do you think that would help? The problem with sidebar panel or admin ui colors is that it is usually not done with “just a background color”, how does the buttons look? what are the font col.ors? active button colors? etc