Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
Magnolia Public User Registration (PUR) module allows users of a public Magnolia site to register and access restricted content. You can use the module to register users for the Commenting module and other custom modules that support personalization and user-specific handling. For example, collect e-mail addresses of subscribers to a newsletter and allow them to manage subscription details after login.
See Setting up PUR on a website for a step-by-step tutorial on using the module.
Installing
Maven is the easiest way to install the module. Add the following to your bundle:
Pre-built JARs are also available for download. See Installing a module for help.
Compatibility and legacy modules
With Magnolia 5.6 we've begun removing the old Content API from our modules. With Magnolia 5.5 we already had removed usage of the old old admininterface. If you have custom code which relies on code from the old admininterface or from the old Content API, then you must do one of two things:
- Update your code for the new version of the public user registration module.
- Or you can use the
magnolia-module-public-user-registration-legacytogether withmagnolia-module-legacy-admininterfacemodule.
User management
Public users are stored and managed in the Security app on the public instance. The system registers the account automatically when a user registers. Whether the user can use the account immediately or not depends on the configured registration strategy.
The user account is only created on the public instance. Make sure to backup this data when using several public instances, the instances or at least the users workspace needs to be clustered in order to share accounts between different instances. Another option is to implement observation based synchronization in order to replicate user accounts across instances.
Prerequisites
The PUR module relies on other modules and system settings. Understanding the module requires a working knowledge of:
- Form module: Many of the PUR components are configurable forms.
- Mail module: The module uses the Mail module to send emails. You need to configure SMTP to send mail to registering users. If you don't do this, a public user profile is created when a user registers, but an email to verify the account cannot be sent.
Configuration
PUR configuration is in /modules/public-user-registration/config/configurations.
Example: Provided default configuration.
Node name | Value |
|---|---|
| public | |
Nodes and properties:
config | required Module configuration folder. |
| required Configurations node. |
| required Configuration name. Must match the site name configured in the site definition or the EE Pro users can create different configurations for each site. Use extends to make site-specific changes to an existing configuration. |
| required Roles managed by the module. |
| required Groups managed by the module. |
| required Strategy for user registration. |
| required Strategy for password retrieval. |
| required User profile configuration. |
| required Realm name. |
| required Configuration resolver node. |
| required Resolves the configuration to use. DefaultConfigurationResolver finds the correct configuration based on the request URI. For example, |
Default roles and groups
Only users defined in defaultRoles and defaultGroups nodes are managed by the module. Default roles and groups are configured in the same way.
Example: travel default roles and groups configurations.
Node name | Value |
|---|---|
| anonymous | |
| override | |
| travel-demo-pur |
Properties
<configuration name> | required Name of PUR configuration. |
| required Default roles/groups node. |
| required Role/Group name. Property name is arbitrary. Value must match role or group set up in the Security app. |
Users in the travel-demo-pur group as assigned the travel-demo-pur role (among others) that provides these Web access permissions. protected is a page that contains content that can only be viewed by registered users, and profile-update contains the User Profile Update form.
| Permission | Path |
| Get & Post | /travel/members/protected* |
| Get & Post | <travel>/members/protected* |
| Get & Post | /travel/members/profile-update* |
| Get & Post |
<travel>/members/profile-update*
|
On registration, a new user is automatically assigned the travel-demo-pur role and can access restricted content. The location of the restricted content can be set in the Login component dialog.
Here's what non-registered and registered users see.
Registration strategies
Registration strategies define how users are registered. Magnolia provides three options:
- Registration after mail verification.
- Immediate registration.
- Admin-supervised registration.
Example: travel registration strategy.
Node name | Value |
|---|---|
| info.magnolia.module.publicuserregistration.strategy.Always |
Properties:
<configuration name> | required Name of PUR configuration. |
| required Registration strategy node. |
| required Registration class:
|
| optional Any properties supported by the used registration class. Only |
Mail registration strategy
The mail registration strategy sends the user an email containing a verification link after signing up. The link directs to a page containing the Enable User Form component. When the user submits the form the system enables the user's account.
Example: sportstation email registration strategy.
Node name | Value |
|---|---|
| info.magnolia.module.publicuserregistration.strategy.Mail | |
| /public-user-registration/templates/mail/user-confirmation-email.ftl | |
| your@email.com | |
| Site Registration | |
| info.magnolia.module.publicuserregistration.messages | |
| /sportstation/members/registration/enable-user.html | |
| Please verify your registration | |
| ../travel |
Properties:
registrationStrategy | required Registration strategy node. |
| required Relative path to template used for the email message. |
| required Sender email address. |
| optional Sender name . |
| required Relative path to the page containing the Enable User Form component. |
| optional Message subject. |
user-confirmation-email.ftl
(Git) (referenced in the emailTemplate property) is a simple script that defines the verification link mailed to the user.
<html>
<body>
<p>Dear ${user.name!},</p>
<p>Please follow <a href="${pagePath!}">this link</a> in order to validate your account.</p>
<p>Thank you !</p>
</body>
</html>
Mail registration class adds the userid UUID and regStamp parameters to the URL to verify identity. The verification link looks something like this:http://localhost:8080/magnoliaPublic/sportstation/members/registration/enable-user.html?userId=7dcf398a-793f-48d0-8dbb-a4be08b1101c&regstamp=1452610248796
Password retrieval strategies
Password retrieval strategies define how users retrieve lost or forgotten passwords. Magnolia provides two options:
- Mail password retrieval: An email with a link to the Password Change form is sent to the user. This is common practice and secure because the mail does not contain a password.
- A strategy class that does nothing: You can code your own strategy in the Confirmation Email tab of the Forgotten Password dialog.
Example: sportstation mail password retrieval strategy.
Node name | Value |
|---|---|
info.magnolia.module.publicuserregistration.password.MailChangePasswordLinkStrategy | |
/public-user-registration/templates/mail/password-reset-email.ftl | |
your@email.com | |
Your Site | |
Password change request | |
/sportstation/members/forgotten-password/password-change | |
60 |
Properties:
passwordRetrievalStrategy
| required Password retrieval strategy node. |
| required Password retrieval strategy class:
|
| required Relative path to the template used for the email message. |
| required Sender's email. |
| optional Sender's name. |
| optional Message subject. |
| required Relative path to the page containing the Password Change component. |
| optional, default in Duration (in minutes) that the password change link remains valid. |
password-reset-email.ftl
(Git) (referenced in the emailTemplate property) is a simple script that sets the link to the password change form.
<p>Dear ${user.name!},</p>
<p>Follow this link where you can set your new password: <a href=${pagePath!}>CLICK HERE</a></p>
<p>If you did not ask for password change, ignore this email.</p>
MailChangePasswordLinkStrategy class adds userid UUID and token parameters to the URL to verify identity. The verification link looks something like this:
http://localhost:8080/magnoliaPublic/sportstation/members/forgotten-password/password-change?userId=80fc309e-4250-4203-b8be-33bbe1e7fbd2&token=e4dca890d75ee54559bab07e75e457c562ec3c3e&
You can test the password retrieval strategy on the public instance of the Travel demo. Sign up for an account and follow the link in the email to reset your password.
User profile
The user profile configuration defines the properties in a user's profile. By default, these are username, password, email and fullname.
Example: default user profile configuration
Node name | Value |
|---|---|
| info.magnolia.module.publicuserregistration.UserProfile |
Properties:
userProfileConfiguration | required User profile configuration node. |
| required User profile class. UserProfile is a basic profile bean that supports the default |
Extending the user profile
You can extend UserProfile and register a custom class in configuration if you need to store more information.
Example: Custom user profile class configuration with additional phoneNumber property.
Node name | Value |
|---|---|
| phoneNumber | |
| info.magnolia.module.publicuserregistration.CustomUserProfile | |
| ../default |
Properties:
userProfileConfiguration
| required User profile configuration node. |
| required UserProfileConfiguration supports adding custom user profile properties under this node |
| optional Your custom user profile properties, for example |
| required Custom user profile class. |
The default properties are always populated, but you need to write a custom class that extends UserProfile to set the custom properties in the user profile.
Example: Custom user profile class for handling a phone number.
CustomUserProfile.java
public class CustomUserProfile extends UserProfile {
private String phoneNumber = "";
public String getPhoneNumber() {
return phoneNumber;
}
public void setPhoneNumber(String phoneNumber) {
this.phoneNumber = phoneNumber;
}
}
To test the new property:
- Add a new field named after the custom property in the registration form, for example
phoneNumber. - Publish the form page to the public instance.
- Register a new user.
- In the Exporter subapp, export the user profile to XML (Set Repository=
users, Base path=/public) . - Check that the new property is in the exported XML.
PUR components
The module includes all necessary components to implement user registration and related tasks on your site.
You can view the PUR components in the Members area of the Travel demo .
Components are configured in /modules/public-user-registration/templates/components.
Node name |
|---|
With the exception of login, the components are standard Magnolia forms. They extend the form component and override the standard form processors with custom form processors provided by the module.
login |
|
|
registration |
|  |
userUpdate |
|  |
forgottenPassword |
|  |
passwordChange |
|  |
enableUser |
|  |
For PUR functionality to work, the input fields must be named exactly as specified in the table above.
Adding components to templates
You can add the PUR components to any template.
Example: Template definition with all PUR components in main area.
/my-module/templates/pages/myTemplate.yaml
templateScript: /my-module/templates/pages/my-script.ftl
renderType: freemarker
visible: true
title: My template
areas:
main:
availableComponents:
login:
id: public-user-registration:components/login
registration:
id: public-user-registration:components/registration
userUpdate:
id: public-user-registration:components/userUpdate
forgottenPassword:
id: public-user-registration:components/forgottenPassword
passwordChange:
id: public-user-registration:components/passwordChange
enableUser:
id: public-user-registration:components/enableUser
| Node name | Value |
|---|---|
| public-user-registration:components/login | |
| public-user-registration:components/registration | |
| public-user-registration:components/userUpdate | |
| public-user-registration:components/forgottenPassword | |
| public-user-registration:components/passwordChange | |
| public-user-registration:components/enableUser | |
| /my-module/templates/pages/my-script.ftl | |
| freemarker | |
| true | |
| My Template |
PUR changes in 2.5.1+
The module and its configuration includes classes, resources and components that are deprecated in 2.5.1+ / 5.4.4+. These are maintained for backward compatibility and some are still used in configuration for this purpose.
Mail registration strategy
The default configuration uses the mail registration strategy, but references a deprecated emailTemplate and pagePath. If you are implementing PUR for the first time and want to use or extend the default configuration, update these properties to:
emailTemplate
|
/public-user-registration/templates/mail/user-confirmation-email.ftl
|
pagePath
| Relative path to the page containing the Enable User Form component.* |
*pages are deprecated in 5.4.4
Password retrieval strategy
The default configuration uses MailChangePasswordLinkStrategy password retrieval strategy, but references a deprecated emailTemplate. If you are implementing PUR for the first time and want to use or extend the default configuration, update this property to:
emailTemplate | /public-user-registration/templates/mail/password-reset-email.ftl |
Default roles
The default configuration assigns registered public users the public-user-registration-base and anonymous roles. The base role provides permissions to /pages which are deprecated it 5.4.4. If you are implementing PUR for the first time, follow the pattern used in the Travel demo when setting up permissions.
PUR Components
A new set of components was introduced in 2.5.1.
This table shows the 2.5.1 components and their equivalent earlier components.
| 2.5.1 + | < 2.5.1 (old) |
login | userLogin |
registration | userRegistration |
userUpdate | profileUpdate |
forgottenPassword | passwordReminder |
passwordChange | passwordChange |
enableUser | - |
Overview
Content Tools
10 Comments
Dao Thi Thanh Huyen
Excuseme,
I want to allow public users to register with their Facebook accounts on my magnolia site, for registrations i am using Public User Registration module how can this be extended to allow users to register/login with facebook or any other social media logins, i.e facebook
Anything already available? If available how i can do that?
Richard Gange
Hello-
You need to create a custom login handler and configure it into the filter chain. You should have a look at the Basic and Form login handlers for inspiration. Combine that with this https://developers.facebook.com/docs/facebook-login article.
HTH
Dao Thi Thanh Huyen
Thanks, But i dont know to custem filter. . It means if it is the fisrt time user click "login with fb" system redirect to sign in with fb, if user sign in with fb, system redirect to page.
And i have one more question.
I use Blossom, i create template login-custom, but i don't know how to config to save data to Public user (I use public user module)
Thanks,
DTTHuyen1
Christoph Meier
@Dao Thi Thanh Huyen
Just because I am curious: What is your reason to use Blossom?
Concerning custom filter:
Have a look at https://documentation.magnolia-cms.com/display/DOCS56/Custom+filters
cheers,
Christoph
Dao Thi Thanh Huyen
I have learning spring mvc, i want to use cms and i search magnolia use java, and blossom = spring mvc + magnolia. So i use blossom.
Moreover, i have some functions which magnolia doesnot support, i thinks, i will develop them by spring.
Thanks,
HuyenDTT
Christoph Meier
That's what I have thought ;-)
Please note that using Blossom does not flatten the learning curve for Magnolia - the opposite is true!
And if you lack features which Magnolia does not provide out of the box - I am sure that they also can be implemented without Spring.
Keep in mind my comment which I have written for you on the Blossom page, see https://goo.gl/QrTtNY
For sure you can use Blossom - but I don't think you give yourself a favor in doing that. It will make your development more complex, you will find less support within the community (because the number of people using Blossom is not too big and decreasing), and last but not least there is a very high chance you that you will overlook or ignore some of the nowadays best practices for Magnolia.
Just my 2 cents
:shrug:
Dao Thi Thanh Huyen
thanks you for your support
But i must build recruitment portal website using Magnolia CMS it have a few features like like and share news in website and recommend content for user visit website.... Can i do that with Magnolia CMS without Spring
Christoph Meier
Simply said ... more or less you can do everything with Magnolia, since it is a very open platform.
But for sure the question is how much effort you must invest to "rebuild" features which Magnolia lacks and Spring does provide.
You will have to estimate what makes more sense in that context. Using Blossom with the advantage of Spring support but with an increased complexity and low community support (and using some ... hm ... a bit old-school techniques) ... or using pure Magnolia without Blossom where you may have to re-implement some missing features.
Note that we have a services department with highly skilled engineers with tons of experience concerning using Magnolias best breed for highly complex projects and integrating existing 3rd party systems and similar.
https://www.magnolia-cms.com/services.html
Do not hesitate to contact our srvices guys! :-)
Dao Thi Thanh Huyen
Okie, If i want to create new features and i have a troble, i will contact you.
Now, i don't understand how to custem filter. Maybe i am stupid?
Can you help me more detail?
Thanks,
DTTHuyen1
Christoph Meier
No.
- If you want consulting from the real experts - contact our services department https://www.magnolia-cms.com/services.html.
And you also can ask the community at forums.magnolia-cms.com
Have you tried to understand Custom filters? Should be pretty straightforward, if you generally understand servlet filters ... and with a basic understanding of Magnolia. The links gives an example how to implement a very simple filter. The custom logic for your use case - you have to implement yourself.