Magnolia Public User Registration (PUR) module allows users of a public Magnolia site to register and access restricted content. You can use the module to register users for the Commenting module and other custom modules that support personalization and user-specific handling. For example, collect e-mail addresses of subscribers to a newsletter and allow them to manage subscription details after login.

See Setting up PUR on a website for a step-by-step tutorial on using the module.

Installing

Maven is the easiest way to install the module. Add the following to your bundle:

<dependency>
  <groupId>info.magnolia.pur</groupId>
  <artifactId>magnolia-module-public-user-registration</artifactId>
  <version>2.7.6</version>
</dependency>

Pre-built JARs are also available for download. See Installing a module for help.

Compatibility and legacy modules

With Magnolia 5.6 we've begun removing the old Content API from our modules. With Magnolia 5.5 we already had removed usage of the old old admininterface. If you have custom code which relies on code from the old admininterface or from the old Content API, then you must do one of two things:

  • Update your code for the new version of the public user registration module.
  • Or you can use the magnolia-module-public-user-registration-legacy together with magnolia-module-legacy-admininterface module.

With maven:

Add the following snippet to you pom file:

<dependency>
  <groupId>info.magnolia.pur</groupId>
  <artifactId>magnolia-module-public-user-registration-legacy</artifactId>
  <version>2.7.6</version>
</dependency>

Manually:

Add these jar files to the WEB-INF/lib folder of your webapp:

User management

Public users are stored and managed in the Security app on the public instance. The system registers the account automatically when a user registers. Whether the user can use the account immediately or not depends on the configured registration strategy.

The user account is only created on the public instance. Make sure to backup this data when using several public instances, the instances or at least the users workspace needs to be clustered in order to share accounts between different instances. Another option is to implement observation based synchronization in order to replicate user accounts across instances.

Prerequisites

The PUR module relies on other modules and system settings. Understanding the module requires a working knowledge of:

  • Form module: Many of the PUR components are configurable forms.
  • Mail module: The module uses the Mail module to send emails. You need to configure SMTP to send mail to registering users. If you don't do this, a public user profile is created when a user registers, but an email to verify the account cannot be sent.

Configuration

PUR configuration is in /modules/public-user-registration/config/configurations.

Example: Provided default configuration.

Node name

Value

 public-user-registration


 config


 configurations


 default


 defaultRoles


 defaultGroups


 registrationStrategy


 passwordRetrievalStrategy


 userProfileConfiguration


 realmName

public

 travel


 sportstation


Nodes and properties:

config

required

Module configuration folder.

configurations

required

Configurations node.

<configuration name>

required

Configuration name. Must match the site name configured in the site definition or the default configuration will be used.

EE Pro users can create different configurations for each site. Use extends to make site-specific changes to an existing configuration.

defaultRoles

required

Roles managed by the module.

defaultGroups

required

Groups managed by the module.

registrationStrategy

required

Strategy for user registration.

passwordRetrievalStrategy

required

Strategy for password retrieval.

userProfileConfiguration

required

User profile configuration.

realmName

required

Realm name.

configurationResolver

required

Configuration resolver node.

class

required

Resolves the configuration to use.

DefaultConfigurationResolver finds the correct configuration based on the request URI. For example, /travel/members-area/register.html resolves to travel.

Default roles and groups

Only users defined in defaultRoles and defaultGroups nodes are managed by the module. Default roles and groups are configured in the same way.

 Example:  travel default roles and groups configurations. 

Node name

Value

 configurations


 default


 travel


 defaultRoles


 anonymous

anonymous

 extends

override

 defaultGroups


 pur

travel-demo-pur

Properties

<configuration name>

required

Name of PUR configuration.

defaultRoles/defaultGroups

required

Default roles/groups node.

<role/group name>

required

Role/Group name.

Property name is arbitrary. Value must match role or group set up in the Security app.

Users in the travel-demo-pur group as assigned the travel-demo-pur role (among others) that provides these Web access permissions. protected is a page that contains content that can only be viewed by registered users, and profile-update contains the User Profile Update form. 

PermissionPath
Get & Post/travel/members/protected*
Get & Post<travel>/members/protected*
Get & Post/travel/members/profile-update*
Get & Post <travel>/members/profile-update*

On registration, a new user is automatically assigned the travel-demo-pur role and can access restricted content. The location of the restricted content can be set in the Login component dialog.

Here's what non-registered and registered users see. 

  

Registration strategies

Registration strategies define how users are registered. Magnolia provides three options:

  • Registration after mail verification.
  • Immediate registration.
  • Admin-supervised registration.

Example: travel registration strategy. 

Node name

Value

 configurations


 default


 travel


 registrationStrategy


 class

info.magnolia.module.publicuserregistration.strategy.Always

Properties:

<configuration name>

required

Name of PUR configuration.

registrationStrategy

required

Registration strategy node.

class

required

Registration class:

  • Mail: Sends the user an email containing a verification link after signup. The link directs to a page containing the Enable User Form component.
  • Always: Enables the registered user immediately. No verification is required.
  • Never: Registers, but does not enable the user. An admin needs to enable the user manually in the Security app

<strategy-specific properties>

 optional

Any properties supported by the used registration class. Only Mail  supports additional properties.

Mail registration strategy

The mail registration strategy sends the user an email containing a verification link after signing up. The link directs to a page containing the Enable User Form component. When the user submits the form the system enables the user's account. 

Example: sportstation email registration strategy.

Node name

Value

 configurations


 sportstation


 registrationStrategy


 class

info.magnolia.module.publicuserregistration.strategy.Mail

 emailTemplate

/public-user-registration/templates/mail/user-confirmation-email.ftl

 fromEmail

your@email.com

 fromName

Site Registration

 i18nBasename

info.magnolia.module.publicuserregistration.messages 

 pagePath

/sportstation/members/registration/enable-user.html

 subject

Please verify your registration

 extends

../travel

Properties:

 registrationStrategy

required

Registration strategy node.

emailTemplate

required

Relative path to template used for the email message.

fromEmail

required

Sender email address.

fromName

optional

Sender name .

pagePath

required

Relative path to the page containing the Enable User Form component.

subject

optional

Message subject.

  user-confirmation-email.ftl (Git) (referenced in the emailTemplate property) is a simple script that defines the verification link mailed to the user. 

 
<html>
    <body>
        <p>Dear ${user.name!},</p>
        <p>Please follow <a href="${pagePath!}">this link</a> in order to validate your account.</p>
        <p>Thank you !</p>
    </body>
</html>
Mail registration class adds the userid UUID and regStamp parameters to the URL to verify identity. The verification link looks something like this:


http://localhost:8080/magnoliaPublic/sportstation/members/registration/enable-user.html?userId=7dcf398a-793f-48d0-8dbb-a4be08b1101c&amp;regstamp=1452610248796

Password retrieval strategies

Password retrieval strategies define how users retrieve lost or forgotten passwords. Magnolia provides two options:

  • Mail password retrieval: An email with a link to the Password Change form is sent to the user. This is common practice and secure because the mail does not contain a password.
  • A strategy class that does nothing: You can code your own strategy in the Confirmation Email tab of the Forgotten Password dialog. 

Examplesportstation mail password retrieval strategy.

Node name

Value

 configurations


 sportstation


 passwordRetrievalStrategy


 class

info.magnolia.module.publicuserregistration.password.MailChangePasswordLinkStrategy

 emailTemplate

/public-user-registration/templates/mail/password-reset-email.ftl

 fromEmail

your@email.com

 fromName

Your Site

 subject

Password change request

 targetPagePath

/sportstation/members/forgotten-password/password-change

 tokenExpirationTime

60

Properties:

passwordRetrievalStrategy

required

Password retrieval strategy node.

class

required

Password retrieval strategy class:

  • MailChangePasswordLinkStrategy: This strategy sends the user a link to the page containing the Password Change component.
  • NOPStrategy: This strategy does nothing. You have the option to code your own strategy in the Confirmation Email tab of the Forgotten Password dialog instead.

emailTemplate

required

Relative path to the template used for the email message.

fromEmail

required

Sender's email.

fromName

optional

Sender's name.

subject

optional

Message subject.

targetPagePath

required

Relative path to the page containing the Password Change component.

tokenExpirationTime

optional, default in 30

Duration (in minutes) that the password change link remains valid.

password-reset-email.ftl  (Git) (referenced in the emailTemplate property) is a simple script that sets the link to the password change form.

 <p>Dear ${user.name!},</p>
<p>Follow this link where you can set your new password: <a href=${pagePath!}>CLICK HERE</a></p>
<p>If you did not ask for password change, ignore this email.</p>

MailChangePasswordLinkStrategy class adds userid UUID and token parameters to the URL to verify identity. The verification link looks something like this:

http://localhost:8080/magnoliaPublic/sportstation/members/forgotten-password/password-change?userId=80fc309e-4250-4203-b8be-33bbe1e7fbd2&amp;token=e4dca890d75ee54559bab07e75e457c562ec3c3e&amp;

You can test the password retrieval strategy on the public instance of the Travel demo. Sign up for an account and follow the link in the email to reset your password.

The user profile configuration defines the properties in a user's profile. By default, these are username, password, email and fullname.

Example: default user profile configuration

Node name

Value

 configurations


 default


 userProfileConfiguration


 userProfileClass

info.magnolia.module.publicuserregistration.UserProfile

Properties:

userProfileConfiguration

required

User profile configuration node.

class

required

User profile class.

UserProfile is a basic profile bean that supports the default usernamepasswordemail and fullName properties

Extending the user profile

You can extend UserProfile  and register a custom class in configuration if you need to store more information.

Example: Custom user profile class configuration with additional phoneNumber property.

Node name

Value

 configurations


 default


 myConfiguration


 userProfileConfiguration


 autopopulatedProperties


 phoneNumber

phoneNumber

 userProfileClass

info.magnolia.module.publicuserregistration.CustomUserProfile

 extends

../default

Properties:

userProfileConfiguration

required

User profile configuration node.

autopopulatedProperties

required

UserProfileConfiguration supports adding custom user profile properties under this node

<custom properties>

optional

Your custom user profile properties, for example phoneNumber.

userProfileClass

required

Custom user profile class.

The default properties are always populated, but you need to write a custom class that extends UserProfile to set the custom properties in the user profile. 

Example: Custom user profile class for handling a phone number.

CustomUserProfile.java
public class CustomUserProfile extends UserProfile {
    private String phoneNumber = "";
    public String getPhoneNumber() {
        return phoneNumber;
    }
    public void setPhoneNumber(String phoneNumber) {
        this.phoneNumber = phoneNumber;
    }
}

To test the new property:

  1. Add a new field named after the custom property in the registration form, for example phoneNumber.
  2. Publish the form page to the public instance.
  3. Register a new user.
  4. In the Exporter subappexport the user profile to XML (Set Repository=users, Base path=/public) .
  5. Check that the new property is in the exported XML.

PUR components

The module includes all necessary components to implement user registration and related tasks on your site. 

You can view the PUR components in the Members area of the Travel demo .

Components are configured in /modules/public-user-registration/templates/components.

Node name

 templates

 components

 login

 registration

 userUpdate

 forgottenPassword

 passwordChange

 enableUser

With the exception of login, the components are standard Magnolia forms. They extend the form component and override the standard form processors with custom form processors provided by the module. 

login
  • Displays Login Form component that has:
    • Preconfigured username and password fields.
    • Registration and Forgotten password links.
    • Login button.
  • In the dialog set:
    • Target page: Form can redirect to any page. Typically used to direct to protected content parent page, making content in this tree is only visible to logged-in users.
    • Registration page: Page containing the registration component.
    • Password retrieval page: Page containing the forgottenPassword component.
  • Rendered by login.ftl (Git)

registration
  • Displays User Registration form.
  • Add input fields named username, password, passwordConfirmation, fullName , and email, and a submit button field.
  • Uses RegistrationProcessor to register the user.


userUpdate
  • Displays User Profile Update form.
  • Add input fields named username, fullName, and email, and a submit button field.
  • Uses UserFormModel to prefill the user's data
  • Uses UpdateProcessor to update the user's profile.


forgottenPassword
  • Displays Forgotten Password form.
  • Add input fields named username and email, and a submit button field.
  • Uses PasswordProcessor to verify the user's credentials and retrieve the password retrieval strategy.
  • Processor sends the user an email with a link to the passwordChange component page when MailChangePasswordLinkStrategy is configured as the password retrieval strategy .
passwordChange
  • Displays Password Change form.
  • Add input fields named password and passwordConfirmation, and a submit button field.
  • Uses TokenPasswordProcessor that takes a token from the URL and checks if the token is valid. If it is, the user's password is changed.
enableUser
  • Displays Enable User form.
  • Add a submit button field.
  • Uses EnableUserByUuidProcessor to enable a user's account after retrieving it using the UUID parameter.
  • Use with mail registration strategy to confirm and enable user's account.

(warning) For PUR functionality to work, the input fields must be named exactly as specified in the table above. 

Adding components to templates

You can add the PUR components to any template. 

Example: Template definition with all PUR components in main area.

/my-module/templates/pages/myTemplate.yaml
templateScript: /my-module/templates/pages/my-script.ftl
renderType: freemarker
visible: true
title: My template
areas:
  main:
    availableComponents:
      login:
        id: public-user-registration:components/login
      registration:
         id: public-user-registration:components/registration
      userUpdate:
         id: public-user-registration:components/userUpdate
      forgottenPassword:
         id: public-user-registration:components/forgottenPassword
      passwordChange:
         id: public-user-registration:components/passwordChange
      enableUser:
         id: public-user-registration:components/enableUser
Node nameValue

 myTemplate


 areas


 main


 availableComponents


 login


 id

public-user-registration:components/login

 registration


 id

public-user-registration:components/registration

 userUpdate


 id

public-user-registration:components/userUpdate

 forgottenPassword


 id

public-user-registration:components/forgottenPassword

 passwordChange


 id

public-user-registration:components/passwordChange

 enableUser


 id

public-user-registration:components/enableUser

 templateScript

/my-module/templates/pages/my-script.ftl

 renderType

freemarker 

 visible

true

 title

My Template

PUR changes in 2.5.1+ 

The module and its configuration includes classes, resources and components that are deprecated in (warning) 2.5.1+ / 5.4.4+. These are maintained for backward compatibility and some are still used in configuration for this purpose. 

Mail registration strategy

The default configuration uses the mail registration strategy, but references a deprecated emailTemplate and pagePath. If you are implementing PUR for the first time and want to use or extend the default configuration, update these properties to:

emailTemplate /public-user-registration/templates/mail/user-confirmation-email.ftl
pagePath Relative path to the page containing the Enable User Form component.*

*pages are deprecated in 5.4.4

Password retrieval strategy

The default configuration uses MailChangePasswordLinkStrategy password retrieval strategy, but references a deprecated emailTemplate. If you are implementing PUR for the first time and want to use or extend the default configuration, update this property to:

emailTemplate/public-user-registration/templates/mail/password-reset-email.ftl

Default roles

The default configuration assigns registered public users the public-user-registration-base and anonymous roles. The base role provides permissions to /pages which are deprecated it 5.4.4. If you are implementing PUR for the first time, follow the pattern used in the Travel demo when setting up permissions.

PUR Components

A new set of components was introduced in 2.5.1. 

This table shows the 2.5.1 components and their equivalent earlier components.

(warning) 2.5.1 +< 2.5.1 (old)
loginuserLogin
registrationuserRegistration
userUpdateprofileUpdate
forgottenPasswordpasswordReminder
passwordChangepasswordChange
enableUser-
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))

10 Comments

  1. Dao Thi Thanh Huyen

    Excuseme,

    I want to allow public users to register with their Facebook accounts on my magnolia site, for registrations i am using Public User Registration module how can this be extended to allow users to register/login with facebook or any other social media logins, i.e facebook
    Anything already available? If available how i can do that?

    1. Richard Gange

      Hello-

      You need to create a custom login handler and configure it into the filter chain. You should have a look at the Basic and Form login handlers for inspiration. Combine that with this https://developers.facebook.com/docs/facebook-login article. 

      HTH

  2. Dao Thi Thanh Huyen

    Thanks, But i dont know to custem filter. . It means if it is the fisrt time user click "login with fb" system redirect to sign in with fb, if user sign in with fb, system redirect to page.

    And i have one more question.

    I use Blossom, i create template login-custom, but i don't know how to config to save data to Public user (I use public user module)


    Thanks,

    DTTHuyen1

    1. Christoph Meier

      @Dao Thi Thanh Huyen

      Just because I am curious: What is your reason to use Blossom?

      Concerning custom filter:
      Have a look at https://documentation.magnolia-cms.com/display/DOCS56/Custom+filters

      cheers,
      Christoph

      1. Dao Thi Thanh Huyen

        I have learning spring mvc, i want to use cms and i search magnolia use java, and blossom = spring mvc + magnolia. So i use blossom.

        Moreover, i have some functions which magnolia doesnot support, i thinks, i will develop them by spring.


        Thanks,

        HuyenDTT

        1. Christoph Meier

          I have learning spring mvc, i want to use cms and i search magnolia use java, and blossom = spring mvc + magnolia. So i use blossom.

          That's what I have thought ;-)

          Please note that using Blossom does not flatten the learning curve for Magnolia - the opposite is true!
          And if you lack features which Magnolia does not provide out of the box - I am sure that they also can be implemented without Spring.
          Keep in mind my comment which I have written for you on the Blossom page, see https://goo.gl/QrTtNY

          For sure you can use Blossom - but I don't think you give yourself a favor in doing that. It will make your development more complex, you will find less support within the community (because the number of people using Blossom is not too big and decreasing), and last but not least there is a very high chance you that you will overlook or ignore some of the nowadays best practices for Magnolia.

          Just my 2 cents
          (shrug)

          1. Dao Thi Thanh Huyen

            thanks you for your support 

            But i must build recruitment portal website  using Magnolia CMS it have a few features like like and share news in website and recommend content for user visit website.... Can i do that with Magnolia CMS without Spring


            1. Christoph Meier

              Simply said ... more or less you can do everything with Magnolia, since it is a very open platform.
              But for sure the question is how much effort you must invest to "rebuild" features which Magnolia lacks and Spring does provide.
              You will have to estimate what makes more sense in that context. Using Blossom with the advantage of Spring support but with an increased complexity and low community support (and using some ... hm ... a bit old-school techniques) ... or using pure Magnolia without Blossom where you may have to re-implement some missing features.

              Note that we have a services department with highly skilled engineers with tons of experience concerning using Magnolias best breed for highly complex projects and integrating existing 3rd party systems and similar.
              https://www.magnolia-cms.com/services.html
              Do not hesitate to contact our srvices guys! :-)

              1. Dao Thi Thanh Huyen

                Okie, If i want to create new features and i have a troble, i will contact you.

                Now, i don't understand how to custem filter. Maybe i am stupid?

                Can you help me more detail?


                Thanks,

                DTTHuyen1

                1. Christoph Meier

                  Okie, If i want to create new features and i have a troble, i will contact you.

                  No. (smile) - If you want consulting from the real experts - contact our services department https://www.magnolia-cms.com/services.html.

                  And you also can ask the community at forums.magnolia-cms.com

                  Now, i don't understand how to custem filter.

                  Have you tried to understand Custom filters? Should be pretty straightforward, if you generally understand servlet filters ... and with a basic understanding of Magnolia. The links gives an example how to implement a very simple filter. The custom logic for your use case - you have to implement yourself.