Whatever happened to the "log in" link?

Tuesday, November 16, 2021
by Kevin Paxman

Introduction

WCMS 3 doesn't have a log in link in the footer. Most WCMS 2 sites did. It was a very convenient way for site maintainers to start working with content. So why did it get taken away?

There are actually a few reasons.

  1. It confuses site visitors.

    • Site visitors see a log in link and think they should log in, too; when they can't, they think the site is broken, and often call support.

  2. It provides an obvious attack vector.

    • A log in link is like a blinking sign that says "want to try to get into our site? start here!"; it's not like there aren't other vectors, but this removes the most prominent one.

  3. Its use was not consistent.

    • Sites with customized designs often removed the front-facing log in link.

So how do I log in now?

You log in by going to your site's home page, and then appending "/user" to the URL. Most users will have ADFS credentials, so click the "log in via ADFS" button and go from there. Additional details can be found in the how-to document "how to log in to WCMS 3".

Can you bring back the log in link?

We will not be bringing back the log in link.

However, if you feel comfortable adding plug-ins to your browser, there is a way to add your own. This will add a floating "log in" link to the top of all sites on uwaterloo.ca, pilots.uwaterloo.ca, and staging.uwaterloo.ca, whenever you are not logged in. Note that it will not work as expected on the home page or nested sites, and possibly in other conditions as well.

This method is not officially supported, and so there is no assistance or troubleshooting provided for this option. Do not install on public-facing computers. Use at your own risk.

  1. Add the Greasemonkey extension to your browser.
  2. Add a new user script.
  3. Paste in the following, replacing any existing text:

    // ==UserScript==
    // @name     UW WCMS log in link (only works properly on "single level deep" sites)
    // @version  1
    // @grant    none
    // ==/UserScript==

    if (window.location.host == 'staging.uwaterloo.ca' || window.location.host == 'pilots.uwaterloo.ca' || window.location.host == 'uwaterloo.ca') {
      body = document.getElementsByTagName('body')[0];

      // Only show when not logged in
      if (!body.classList.contains('logged-in')) {
        urlparts = window.location.pathname.split('/');
        // Detect WCMS 2 by looking for a class that doesn't exist in WCMS 3
        if (body.classList.contains('i18n-en')) {
          sso_link = 'cas';
        } else {
          sso_link = 'saml_login';    
        }
        userurl = 'https://' + window.location.host + '/' + urlparts[1] + '/' + sso_link + '/?destination=';
        urlparts.splice(0,2);
        userurl += urlparts.join('/');
        body.insertAdjacentHTML('beforeend', '<div style="position: fixed; top: 5px; right: 5px; padding: 5px; background: black; z-index:50;"><a href="' + userurl + '" style="color: white">log in</a></div>');
      }
    }

  4. Save and close the script.

  5. Ensure that Greasemonkey is active before going to your site (or refresh the page if you are already there).

You can disable the log in button by disabling the script in Greasemonkey, or by disabling Greasemonkey itself.

That's it!

Is there any other topic you'd like to see covered in a blog post? Please let us know!