Page tree
Skip to end of metadata
Go to start of metadata

Magnolia's Public User Registration module allows users to register an account on the public site. This page explains how to use the module to set up public user registration and protected pages that are available only to users who have registered and logged in.

The tutorial takes you through the process of:

  • Setting up pages containing the components provided by the module 
  • Restricting access to certain pages to registered users only.

We use the Sportstation demo in our example. CE users can adapt the example to fit the Travel demo or their own site. 

Making PUR components available 

The Public User Registration module includes all the necessary components to implement PUR on your site.

You can make the components available on any page template. The components will be used on pages for registration, login and related PUR tasks.

The Travel demo's Public Users template makes the components available in main area of the page. The example uses this template. See Area definition for more.

    templateScript: /travel-demo/templates/pages/areas/contentContainer.ftl
    parameters:
      cssClass: container
    type: list
    availableComponents:
        login:
          id: public-user-registration:components/login
        registration:
          id: public-user-registration:components/registration
        userUpdate:
          id: public-user-registration:components/userUpdate
        forgottenPassword:
          id: public-user-registration:components/forgottenPassword
        passwordChange:
          id: public-user-registration:components/passwordChange
        enableUser:
          id: public-user-registration:components/enableUser
        textImage:
           id: travel-demo:components/textImage

Node nameValue

 areas


 main


 availableComponents


 login


 id

public-user-registration:components/login

 registration


 id

public-user-registration:components/registration

 userUpdate


 id

public-user-registration:components/userUpdate

 forgottenPassword


 id

public-user-registration:components/forgottenPassword

 passwordChange


 id

public-user-registration:components/passwordChange

 enableUser


 id

public-user-registration:components/enableUser

 textImage


 id

travel-demo:components/textImage

Creating pages

Your pages can be located anywhere in the site hierarchy.

Create two sets of pages:

  • PUR pages
    • Base these pages on your PUR template. We will add the PUR components made available above to these pages. 
    • You need one page for each PUR component, for example a registration page for the Registration form component, a login page for the Login form component etc..
  • Restricted content pages
    • These are standard pages. They do not rely on the functionality of the PUR module.
    • You can base these pages on any template and you add any components.

Example pages:

  • Registration: To register account (club-registration).
  • Login: To log in (club-login).
  • Registration update: To update user information (update-club-profile).
  • Password retrieval: To retrieve lost or forgotten password (retrieve-club-password).
  • Password change: To change password (change-club-password). 
  • Restricted content page or tree (club-deals and subpages). 

Adding restricted content

The example creates an exclusive club for registered users on the Sportstation site. In the Sports Club area users have access to special deals on the club-deals page and its subpages. The example uses the Travel Standard template for these pages.

Example pages:

  • /sports-club: All public users can access this page. The teaser component on the left takes logged-out registered users to the login form and logged-in users to the club-deals page. The teaser component on the right takes non-registered users to the registration form page. 
    • /club-deals: This page contains teasers to all available deals.
      • /<deals: These are the Individual deal pages.

Adding PUR components 

Open the PUR pages for editing and:

  • Add the corresponding PUR component to each page. 
  • Hide the pages from navigation. You can set this in the Page properties dialog. 

The PUR components are all forms.

Login is delivered as a preconfigured form. In the dialog, set links to the registration and forgotten-password pages. These links display at the bottom of the form. The target page directs the user to a page after login. Set this link to the restricted-content parent page.

  

The other PUR components require form setup. See Creating a form for more.  

These forms expect fields with the exact names:  usernamefullNamepassword, passwordConfirmation and email. Use Input fields, without validators, set advanced field types to text, password and email and add a Submit button field

Here are the components used in the example.

Use this reference table to set up your forms:

ComponentFields
registrationusernamefullNamepasswordpasswordConfirmation,email
userUpdateusername fullName email
forgottenPasswordusername email
passwordChangepassword passwordConfirmation

Configuring the PUR module

The PUR module configuration used in the example is a copy of the travel configuration (that extends default) with minor changes. 

  • Registration: Always registration strategy enables users immediately. A user can access restricted content straight after registration. 
  • Password retrieval: MailChangePasswordLinkStrategy sends an email to the user who submits the password retrieval form. A link in the email directs the user to the example /change-club-password page. 
  • Default group: We create the sportstation-pur group in Setting permissions (below). 
  • Default role: The configuration overrides default to ensure that users assigned only the anomymous role cannot access restricted content.  

These options are configured in /modules/public-user-registration/config/configurations/sportstation.

Node nameValue
 configurations

 default


 travel


 sportstation


 registrationStrategy


 class

info.magnolia.module.publicuserregistration.strategy.Always 

 passwordRetrievalStrategy


 emailTemplate

/public-user-registration/templates/mail/password-reset-email.ftl 

 targetPagePath

/sportstation/sports-club/retrieve-club-password/change-club-password

 defaultRoles


 anonymous

anonymous

 extends

 override

 defaultGroups


 pur

sportstation-pur

 extends

../default 

Publishing

At this stage, publish the work to date to the public instance. We set permissions and test the setup on the public site because this is where it will be used and anonymous users have different permissions on the author and public instances by default.

Publish: 

Setting permissions

On the public instance, first restrict anonymous access to content reserved for registered users and then give registered users access to this content

Restricting anonymous access

In the Security app, edit the anonymous role and add permissions denying access to restricted content.

Example: Web access:

PermissionPath
Deny/sportstation/sports-club/club-deals*
Deny<sportstation>/sports-club/club-deals*
Deny/sportstation/sports-club/update-club-profile*
Deny<sportstation>/sports-club/update-club-profile*

The permissions starting with <site name> prevent cross-site access. See Site-specific ACLs for more.

Granting registered users access

In the Security app, create a new role (sportstation-pur in the example) that gives access to restricted content.

Example: Web access:

PermissionPath
Get & Post/sportstation/sports-club/club-deals*
Get & Post<sportstation>/sports-club/club-deals*
Get & Post/sportstation/sports-club/update-club-profile*
Get & Post<sportstation>/sports-club/update-club-profile*

Next create a new group named after the value in the defaultRoles configuration property (sportstation-pur in the example) and assign the new role to the new group. Users in this group also need other basic roles.

Example: Group role assignment.

GroupGranted roles
sportstation-pursportstation-pur

travel-demo-base

imaging-base

Adding a client callback to the security filter

Adding a client callback on the security callback filter ensures that users are redirected to the login component on a page and not to the default (green) Magnolia login screen. The redirect comes into play when a registered user logs out or an unregistered user attempts to access restricted content. 

Example:  sportstation-pur client callback configured in /server/filters/securityCallback/clientCallbacks/sportstation-pur.

Node nameValue
 server

 filters


 ...


 securityCallback


 clientCallbacks


 travel-demo-pur


 sportstation-pur


 originalUrlPattern


 class

info.magnolia.cms.util.SimpleUrlPattern

 patternString

(*|sportstation)/sports-club/(profile-update|club-deals)* 

 class

info.magnolia.cms.security.auth.callback.RedirectClientCallback 

 location

/sportstation/sports-club/club-login.html

Properties:

sportstation-pur

required

client callback name.

originalUrlPattern

required

Pattern node

class

required

SimpleUrlPattern matches strings using simple * or ? wildcards.

patternString

required

Pattern that defines the location of the restricted content that triggers the callback. See java.util.regex.Pattern for a summary of regular expression contructs.

class

required

RedirectClientCallback redirects to a configured path or URL.

location

required

Relative path to the login page. Add the ?mgnlReturnTo={0} parameter (with a leading forward slash ( / )) at the end of this path to direct the user to page they were on prior to login.

Testing the PUR setup

Make sure that your SMTP settings are configured on the public instance so that the Mail module can send emails. Remember to assign superuser a working email address.  

  1. Open the restricted content page logged in as superuser and then log out by adding the ?mgnlLogout=true parameter to the URL. The restricted content disappears and the page redirects to the login form page configured in the security callback.  
       
  2.  Click Register in the login form, register a dummy account (using a valid email address) and then login with the new credentials. The protected page (set in the Login form component) opens.  
       
  3. Log out as the new user, click Forgotten password in the login form and enter the dummy account username and email. The link in the password reminder email opens the password reset form page (set in passwordRetrievalStrategy configuration) where you can choose a new password.
         
  4. Log in to admincentral and launch the Security app to verify that the dummy user is assigned to the group defined in the defaultRoles configuration.