Page tree
Skip to end of metadata
Go to start of metadata

Magnolia Public User Registration (PUR) module allows users of a public Magnolia site to register and access restricted content. You can use the module to register users for the Commenting module and other custom modules that support personalization and user-specific handling. For example, collect e-mail addresses of subscribers to a newsletter and allow them to manage subscription details after login.

See Setting up PUR on a website for a step-by-step tutorial on using the module.

 

Installing

Maven is the easiest way to install the module. Add the following dependency to your bundle:

<dependency>
  <groupId>info.magnolia</groupId>
  <artifactId>magnolia-module-public-user-registration</artifactId>
  <version>2.6.1</version>
</dependency>

Pre-built jars are also available for download. See Installing a module for help.

User management

Public users are stored and managed in the Security app on the public instance. The system registers the account automatically when a user registers. Whether the user can use the account immediately or not depends on the configured registration strategy.

The PUR Module uses HierarchicalUserManager  to create user accounts. In the JCR, the account is stored in a folder hierarchy according to the realmName and the first two letters of the username.

The user account is only created on the public instance. Make sure to backup this data when using several public instances, the instances or at least the users workspace needs to be clustered in order to share accounts between different instances. Another option is to implement observation based synchronization in order to replicate user accounts across instances.

Prerequisites

The PUR module relies on other modules and system settings. Understanding the module requires a working knowledge of:

  • Form module: Many of the PUR components are configurable forms.
  • Mail module: The module uses the Mail module to send emails. You need to configure SMTP to send mail to registering users. If you don't do this, a public user profile is created when a user registers, but an email to verify the account cannot be sent.

Configuration

PUR configuration is in /modules/public-user-registration/config/configurations.

Example: Provided default configuration.

Node name

Value

 public-user-registration

 

 config

 

 configurations

 

 default

 

 defaultRoles

 

 defaultGroups

 

 registrationStrategy

 

 passwordRetrievalStrategy

 

 userProfileConfiguration

 

 realmName

public

 travel

 

 sportstation

 

Nodes and properties:

config

required

Module configuration folder.

configurations

required

Configurations node.

<configuration name>

required

Configuration name. Must match the site name configured in the site definition or the default configuration will be used.

EE Pro users can create different configurations for each site. Use extends to make site-specific changes to an existing configuration.

defaultRoles

required

Roles managed by the module.

defaultGroups

required

Groups managed by the module.

registrationStrategy

required

Strategy for user registration.

passwordRetrievalStrategy

required

Strategy for password retrieval.

userProfileConfiguration

required

User profile configuration.

realmName

required

Realm name.

configurationResolver

required

Configuration resolver node.

class

required

Resolves the configuration to use.

DefaultConfigurationResolver finds the correct configuration based on the request URI. For example, /travel/members-area/register.html resolves to travel.

Default roles and groups

Only users defined in defaultRoles and defaultGroups nodes are managed by the module. Default roles and groups are configured in the same way.

 Example:  travel default roles and groups configurations. 

Node name

Value

 configurations

 

 default

 

 travel

 

 defaultRoles

 

 anonymous

anonymous

 extends

override

 defaultGroups

 

 pur

travel-demo-pur

Properties

<configuration name>

required

Name of PUR configuration.

defaultRoles/defaultGroups

required

Default roles/groups node.

<role/group name>

required

Role/Group name.

Property name is arbitrary. Value must match role or group set up in the Security app.

Users in the travel-demo-pur group as assigned the travel-demo-pur role (among others) that provides these Web access permissions. protected is a page that contains content that can only be viewed by registered users, and profile-update contains the User Profile Update form. 

PermissionPath
Get & Post/travel/members/protected*
Get & Post<travel>/members/protected*
Get & Post/travel/members/profile-update*
Get & Post<travel>/members/profile-update*

On registration, a new user is automatically assigned the travel-demo-pur role and can access restricted content. The location of the restricted content can be set in the Login component dialog.

Here's what non-registered and registered users see. 

  

Registration strategies

Registration strategies define how users are registered. Magnolia provides three options:

  • Registration after mail verification.
  • Immediate registration.
  • Admin-supervised registration.

Example: travel registration strategy. 

Node name

Value

 configurations

 

 default

 

 travel

 

 registrationStrategy

 

 class

info.magnolia.module.publicuserregistration.strategy.Always

Properties:

<configuration name>

required

Name of PUR configuration.

registrationStrategy

required

Registration strategy node.

class

required

Registration class:

  • Mail : Sends the user an email containing a verification link after signup. The link directs to a page containing the Enable User Form component.
  • Always : Enables the registered user immediately. No verification is required.
  • Never : Registers, but does not enable the user. An admin needs to enable the user manually in the Security app

<strategy-specific properties>

 optional

Any properties supported by the used registration class. Only Mail supports additional properties.

Mail registration strategy

The mail registration strategy sends the user an email containing a verification link after signing up. The link directs to a page containing the Enable User Form component. When the user submits the form the system enables the user's account. 

Example: sportstation email registration strategy.

Node name

Value

 configurations

 

 sportstation

 

 registrationStrategy

 

 class

info.magnolia.module.publicuserregistration.strategy.Mail

 emailTemplate

/public-user-registration/templates/mail/user-confirmation-email.ftl

 fromEmail

your@email.com

 fromName

Site Registration

 i18nBasename

info.magnolia.module.publicuserregistration.messages 

 pagePath

/sportstation/members/registration/enable-user.html

 subject

Please verify your registration

 extends

../travel

Properties:

 registrationStrategy

required

Registration strategy node.

emailTemplate

required

Relative path to template used for the email message.

fromEmail

required

Sender email address.

fromName

optional

Sender name .

pagePath

required

Relative path to the page containing the Enable User Form component.

subject

optional

Message subject.

 user-confirmation-email.ftl (Git) (referenced in the emailTemplate property) is a simple script that defines the verification link mailed to the user.

 
<html>
    <body>
        <p>Dear ${user.name!},</p>
        <p>Please follow <a href="${pagePath!}">this link</a> in order to validate your account.</p>
        <p>Thank you !</p>
    </body>
</html>

Mail registration class adds the userid UUID and regStamp parameters to the URL to verify identity. The verification link looks something like this:


http://localhost:8080/magnoliaPublic/sportstation/members/registration/enable-user.html?userId=7dcf398a-793f-48d0-8dbb-a4be08b1101c&amp;regstamp=1452610248796

Password retrieval strategies

Password retrieval strategies define how users retrieve lost or forgotten passwords. Magnolia provides two options:

  • Mail password retrieval: An email with a link to the Password Change form is sent to the user. This is common practice and secure because the mail does not contain a password.
  • A strategy class that does nothing: You can code your own strategy in the Confirmation Email tab of the Forgotten Password dialog. 

Examplesportstation mail password retrieval strategy.

Node name

Value

 configurations

 

 sportstation

 

 passwordRetrievalStrategy

 

 class

info.magnolia.module.publicuserregistration.password.MailChangePasswordLinkStrategy

 emailTemplate

/public-user-registration/templates/mail/password-reset-email.ftl

 fromEmail

your@email.com

 fromName

Your Site

 subject

Password change request

 targetPagePath

/sportstation/members/forgotten-password/password-change

 tokenExpirationTime

60

Properties:

passwordRetrievalStrategy

required

Password retrieval strategy node.

class

required

Password retrieval strategy class:

  • MailChangePasswordLinkStrategy : This strategy sends the user a link to the page containing the Password Change component.
  • NOPStrategy : This strategy does nothing. You have the option to code your own strategy in the Confirmation Email tab of the Forgotten Password dialog instead.

emailTemplate

required

Relative path to the template used for the email message.

fromEmail

required

Sender's email.

fromName

optional

Sender's name.

subject

optional

Message subject.

targetPagePath

required

Relative path to the page containing the Password Change component.

tokenExpirationTime

optional, default in 30

Duration (in minutes) that the password change link remains valid.

password-reset-email.ftl (Git) (referenced in the emailTemplate property) is a simple script that sets the link to the password change form.

 <p>Dear ${user.name!},</p>
<p>Follow this link where you can set your new password: <a href=${pagePath!}>CLICK HERE</a></p>
<p>If you did not ask for password change, ignore this email.</p>

http://localhost:8080/magnoliaPublic/sportstation/members/forgotten-password/password-change?userId=80fc309e-4250-4203-b8be-33bbe1e7fbd2&amp;token=e4dca890d75ee54559bab07e75e457c562ec3c3e&amp;

You can test the password retrieval strategy on the public instance of the Travel demo. Sign up for an account and follow the link in the email to reset your password.

The user profile configuration defines the properties in a user's profile. By default, these are username, password, email and fullname.

Example: default user profile configuration

Node name

Value

 configurations

 

 default

 

 userProfileConfiguration

 

 userProfileClass

info.magnolia.module.publicuserregistration.UserProfile

Properties:

userProfileConfiguration

required

User profile configuration node.

class

required

User profile class.

UserProfile is a basic profile bean that supports the default usernamepasswordemail and fullName properties

Extending the user profile

You can extend UserProfile  and register a custom class in configuration if you need to store more information.

Example: Custom user profile class configuration with additional phoneNumber property.

Node name

Value

 configurations

 

 default

 

 myConfiguration

 

 userProfileConfiguration

 

 autopopulatedProperties

 

 phoneNumber

phoneNumber

 userProfileClass

info.magnolia.module.publicuserregistration.CustomUserProfile

 extends

../default

Properties:

userProfileConfiguration

required

User profile configuration node.

autopopulatedProperties

required

UserProfileConfiguration  supports adding custom user profile properties under this node

<custom properties>

optional

Your custom user profile properties, for example phoneNumber.

userProfileClass

required

Custom user profile class.

The default properties are always populated, but you need to write a custom class that extends UserProfile  to set the custom properties in the user profile. 

Example: Custom user profile class for handling a phone number.

CustomUserProfile.java
public class CustomUserProfile extends UserProfile {
    private String phoneNumber = "";
    public String getPhoneNumber() {
        return phoneNumber;
    }
    public void setPhoneNumber(String phoneNumber) {
        this.phoneNumber = phoneNumber;
    }
}

To test the new property:

  1. Add a new field named after the custom property in the registration form, for example phoneNumber.
  2. Publish the form page to the public instance.
  3. Register a new user.
  4. In the Exporter subappexport the user profile to XML (Set Repository=users, Base path=/public) .
  5. Check that the new property is in the exported XML.

PUR components

The module includes all necessary components to implement user registration and related tasks on your site. 

You can view the PUR components in the Members area of the Travel demo .

Components are configured in /modules/public-user-registration/templates/components.

Node name

 templates

 components

 login

 registration

 userUpdate

 forgottenPassword

 passwordChange

 enableUser

With the exception of login, the components are standard Magnolia forms. They extend the form component and override the standard form processors with custom form processors provided by the module. 

login
  • Displays Login Form component that has:
    • Preconfigured username and password fields.
    • Registration and Forgotten password links.
    • Login button.
  • In the dialog set:
    • Target page: Form can redirect to any page. Typically used to direct to protected content parent page, making content in this tree is only visible to logged-in users.
    • Registration page: Page containing the registration component.
    • Password retrieval page: Page containing the forgottenPassword component.
  • Rendered by login.ftl (Git)

registration
  • Displays User Registration form.
  • Add input fields named username, password, passwordConfirmation, fullName , and email, and a submit button field.
  • Uses RegistrationProcessor to register the user.

 

userUpdate
  • Displays User Profile Update form.
  • Add input fields named username, fullName, and email, and a submit button field.
  • Uses UserFormModel to prefill the user's data
  • Uses UpdateProcessor to update the user's profile.

 

forgottenPassword
  • Displays Forgotten Password form.
  • Add input fields named username and email, and a submit button field.
  • Uses PasswordProcessor to verify the user's credentials and retrieve the password retrieval strategy.
  • Processor sends the user an email with a link to the passwordChange component page when MailChangePasswordLinkStrategy is configured as the password retrieval strategy .
passwordChange
  • Displays Password Change form.
  • Add input fields named password andpasswordConfirmation, and a submit button field.
  • Uses TokenPasswordProcessor that takes a token from the URL and checks if the token is valid. If it is, the user's password is changed.
enableUser
  • Displays Enable User form.
  • Add a submit button field.
  • Uses EnableUserByUuidProcessor to enable a user's account after retrieving it using the UUID parameter.
  • Use with mail registration strategy to confirm and enable user's account.

(warning) For PUR functionality to work, the input fields must be named exactly as specified in the table above. 

Adding components to templates

You can add the PUR components to any template. 

Example: Template definition with all PUR components in main area.

/my-module/templates/pages/myTemplate.yaml
templateScript: /my-module/templates/pages/my-script.ftl
renderType: freemarker
visible: true
title: My template
areas:
  main:
    availableComponents:
      login:
        id: public-user-registration:components/login
      registration:
         id: public-user-registration:components/registration
      userUpdate:
         id: public-user-registration:components/userUpdate
      forgottenPassword:
         id: public-user-registration:components/forgottenPassword
      passwordChange:
         id: public-user-registration:components/passwordChange
      enableUser:
         id: public-user-registration:components/enableUser
Node nameValue

 myTemplate

 

 areas

 

 main

 

 availableComponents

 

 login

 

 id

public-user-registration:components/login

 registration

 

 id

public-user-registration:components/registration

 userUpdate

 

 id

public-user-registration:components/userUpdate

 forgottenPassword

 

 id

public-user-registration:components/forgottenPassword

 passwordChange

 

 id

public-user-registration:components/passwordChange

 enableUser

 

 id

public-user-registration:components/enableUser

 templateScript

/my-module/templates/pages/my-script.ftl

 renderType

freemarker 

 visible

true

 title

My Template

PUR changes in 2.5.1+ 

The module and its configuration includes classes, resources and components that are deprecated in (warning) 2.5.1+ / 5.4.4+. These are maintained for backward compatibility and some are still used in configuration for this purpose. 

Mail registration strategy

The default configuration uses the mail registration strategy, but references a deprecated emailTemplate and pagePath. If you are implementing PUR for the first time and want to use or extend the default configuration, update these properties to:

emailTemplate/public-user-registration/templates/mail/user-confirmation-email.ftl
pagePathRelative path to the page containing the Enable User Form component.*

*pages are deprecated in 5.4.4

Password retrieval strategy

The default configuration uses MailChangePasswordLinkStrategy password retrieval strategy, but references a deprecated emailTemplate. If you are implementing PUR for the first time and want to use or extend the default configuration, update this property to:

emailTemplate/public-user-registration/templates/mail/password-reset-email.ftl

Default roles

The default configuration assigns registered public users the public-user-registration-base and anonymous roles. The base role provides permissions to /pages which are deprecated it 5.4.4. If you are implementing PUR for the first time, follow the pattern used in the Travel demo when setting up permissions.

PUR Components

A new set of components was introduced in 2.5.1. 

This table shows the 2.5.1 components and their equivalent earlier components.

(warning) 2.5.1 +< 2.5.1 (old)
loginuserLogin
registrationuserRegistration
userUpdateprofileUpdate
forgottenPasswordpasswordReminder
passwordChangepasswordChange
enableUser-