The PasswordFieldDefinition renders two text boxes for entry and verification of passwords. 

The input text is masked in the field but the value is stored as clear text in the JCR.

If you want to store hashed password values, you can:

  • Use the password field to collect the value of the password entered by user and delegate the storage of the password and hashing to an underlying user manager. The user manager may be an internal Magnolia User Manager or an external user manager. See the Security app for an example of this approach.

  • Configure BCryptTransformer on the password field by specifying a transformerClass property in the field definition: 

    transformerClass = info.magnolia.ui.form.field.transformer.basic.BCryptTransformer

(warning) If you store a hashed value, you can no longer decode it to clear text. This is suitable when you want to authenticate against the password and only compare the stored hash against the hash of the password provided when logging in.

If you want to store passwords in plain text so that they can be used to access other systems requiring authentication (where Magnolia enters passwords on behalf of users), we recommend you use the Password Manager module.

classinfo.magnolia.ui.form.field.definition.PasswordFieldDefinition

Password field properties

Simple password definition:

form:
  tabs:
    - name: tabUser
      label: User
      fields:
        - name: password
          class: info.magnolia.ui.form.field.definition.PasswordFieldDefinition
          label: Password

Node name

Value

 form


 tabs


 tabUser


 fields


 password


 class

info.magnolia.ui.form.field.definition.PasswordFieldDefinition

 label

Password




You can use  common field properties  and the following properties in a password field definition:

Properties:

<field name>

required

Name of field

encode

optional, default is true

Encodes the password and visually masks the characters.

verification

optional, default is true

Verifies that the contents of the two boxes match. When set to false the verification (second) box is not rendered.

verificationMessage

optional, default is field.password.verificationMessage

Text displayed above the field. Displays as "Please verify your entry", retrieved from a message bundle.

verificationErrorMessage

optional, default is field.password.verificationErrorMessage

Text displayed when passwords don't match. Displays as "Passwords do not match", retrieved from a message bundle.

transformerClass

optional, default is info.magnolia.ui.form.field.transformer.basic.BasicTransformer

Property transformer class. Defines how the values are stored in the repository.

Add validators to define your own password policy such as minimum length and character types.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels