The PasswordFieldDefinition renders two text boxes for entry and verification of passwords. 

The input text is masked in the field but the value is stored as clear text in the JCR.

If you want to store hashed password values, you can:

  • Use the password field to collect the value of the password entered by user and delegate the storage of the password and hashing to an underlying user manager. The user manager may be an internal Magnolia User Manager or an external user manager. See the Security app for an example of this approach.

  • Configure BCryptTransformer on the password field by specifying a transformerClass property in the field definition: 

    transformerClass = info.magnolia.ui.form.field.transformer.basic.BCryptTransformer

(warning) If you store a hashed value, you can no longer decode it to clear text. This is suitable when you want to authenticate against the password and only compare the stored hash against the hash of the password provided when logging in. If you need passwords in plain text so that they can be used to access other systems requiring authentication, we recommend you use the Magnolia Password Manager module.

classinfo.magnolia.ui.form.field.definition.PasswordFieldDefinition

fieldType: password

Password field properties

Simple password definition:

form:
  tabs:
    - name: tabUser
      label: User
      fields:
        - name: password
          fieldType: password
          label: Password

Node name

Value

 form


 tabs


 tabUser


 fields


 password


 fieldType

password

 label

Password



See Referencing fields for further information.

You can use common field properties and the following properties in a password field definition:

Properties:

<field name>

required

Name of field

encode

optional, default is true

Encodes the password and visually masks the characters.

verification

optional, default is true

Verifies that the contents of the two boxes match. When set to false the verification (second) box is not rendered.

verificationMessage

optional, default is field.password.verificationMessage

Text displayed above the field. Displays as "Please verify your entry", retrieved from a message bundle.

verificationErrorMessage

optional, default is field.password.verificationErrorMessage

Text displayed when passwords don't match. Displays as "Passwords do not match", retrieved from a message bundle.

transformerClass

optional, default is info.magnolia.ui.form.field.transformer.basic.BasicTransformer

Property transformer class. Defines how the values are stored in the repository.

Add validators to define your own password policy such as minimum length and character types.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))