Cristhian Amaya
Put a Latch on your Umbraco backoffice
2016 Dec 08TL;DR
Watch the video at the bottom of this post.
What is Latch?
Some time this year, I found Latch which is a very cool service that allows you to protect your online identities by closing or opening them. The way it works is very simple yet powerful. For instance, let's take my Twitter account as an example.
By default, If someone knew my credentials they could impersonate me and send tweets on my behalf. To prevent that I could install the Latch application on my mobile phone and create a Latch for my Twitter account. A Latch has 2 states: open or closed. If it is open I'm able to enter and use my account normally, but if it is closed I can't enter to my account, even if the credentials are correct. Additionally, the Latch mobile application sends me a notification if someone tries to access to my account with the correct credentials.
As we can see, Latch works as a second factor authentication, 2FA for short. This is not new and there are multiple implementations of 2FA mechanisms, being a SMS code the most common one. Some of the advantages of using Latch for this purpose are:
-
It gives you privacy, meaning that you don't have to share personal information with your service provider. For instance, if you use the SMS as 2FA, you must tell your phone number to the service provider.
-
If you don't have access to your phone for any reason (you lost it, someone stole it, etc.), you can just sign in to your Latch account from another device and you're good to go.
-
You get a non invasive notification if someone tries to access to your online identity with the correct credentials.
This is the primary use for Latch, but definitely not the only one. It can also be used as an authorisation mechanism. For example I could create a Latch to allow or disallow money transfers on my bank account.
To wrap up, a Latch is nothing more than something you can open or close to allow or disallow an operation and what you can protect with it depends on the provider implementation.
If you want to know more about Latch, go to their official website.
So, where is Umbraco involved here?
Since I discovered the service, I thought that it would be cool and, most important, useful to make a package for Umbraco. Also, there was a contest held by Eleven Paths to create a latch plugin. This is how Umbraco Latch was born.
Umbraco Latch is a package that allows the administrator to protect different operations within the backoffice by using Latch. The administrator part is key because not every user can configure Latch in their Umbraco account, but it is only the administrator who configures and manages the Latch operations.
The things you can protect with this package are:
- The access to the backoffice
- The delete, publish an unpublish operations on any content node.
- The delete operation on media items.
- The delete operation on dictionary items.
Furthermore, it gives you great flexibility by allowing you to pick if a Latch applies to all the CMS users or only to a segment of them. In the content operations, it allows you to pick which nodes you want to apply the operation.
A couple of use cases could be:
- Allow access to the backoffice only at certain times of the day.
- Disallow the publish or unpublish operation on some critical nodes.
All the information about the package can be found on the official documentation page at: https://umbracolatch.readme.io/docs.
The Umbraco package can be found at: https://our.umbraco.org/projects/backoffice-extensions/umbraco-latch.
The source code is open sourced under the LGPL 2.1 license and you can find it on Github at: https://github.com/camaya/umbraco-latch.
Video
Here's a video where you can see a demo of the package.
I would love to know how you use this or any thought you have about it. As always, you can reach me out on Twitter @_camaya.
Are you still here? Go and Latch your backoffice!
Cheers.