Implemented in Magnolia CMS 4.5.7, Public User Registration 1.4.2
The demo-project
site does not provide a default means for public users to retrieve their password. This tutorial shows you how to configure a password retrieval strategy that works like this:
- A registered public user clicks the Forgotten password? link on the
demo-project/members-area/login
page. - The user is directed to a
/password-reminder
page where they enter their username. - An email containing a link to a new
password-change
page is sent to the user. This link remains valid for a specified period of time. - The user resets their password on this page and then receives an email confirming the password change.
This password retrieval strategy uses the STK and requires Magnolia CMS 4.5.7 and Public User Registration module 1.4.2 or later.
Configure the new retrieval strategy
To configure a new password retrieval strategy:
- Go to Configuration >
/modules/public-user-registration/configuration/passwordRetrievalStrategy
. - Change the value of the
property toclass
info.magnolia.module.publicuserregistration.password.MailChangePasswordLinkStrategy
. This class mails a link to a user's email address. The link directs the use to thetargetPage
(see below). The link includes the user ID and a token that expires in 30 minutes. - Add six data nodes:
emailTemplate
and set the value topublicuserregistration/components/password-reset-email.ftl
. You can view this template in Git.fromEmail
: Email address that is displayed in the From field.fromName
: Name of the sender.subject
: Email subject line.targetPage
: The page that the email link directs to. You will create this page in Create a password change form below.tokenExpirationTime
: The time in minutes that the token remains valid. This value overrides the default of 30 minutes.
Create a new component
Create a new form component definition in Templating Kit > Template Definitions.
- Go to
/components/pur
and copy thestkPURPasswordForm
component definition. - Rename the new component to
stkPURPasswordChangeForm
. - In the new component definition:
- Add a new data node
redirectWithParams
and set the value totrue
. If you leave out this property the user ID will be lost after a failed form submission and cannot be retrieved. - Change the values of the
title
anddescriptions
properties so you will be able to identify the component when you later add it to a page. - Change the name of the class in
/formProcessor/class
toinfo.magnolia.module.publicuserregistration.processors.TokenPasswordProcessor
. This processor takes tokens from the URL and checks whether the token is valid or not. If valid, the password will be changed.
- Add a new data node
Make the component available
Make the new component available in the stkPublicUserRegistration
template.
- Go to In Templating Kit > Template Definitions
/pages/stkPublicUserRegistration
. - Add a new content node under
/areas/main/areas/content/availableComponents
and name itstkPURPasswordChangeForm
to correspond with the new component definition created above. - Add a data node
id
and set the value to the path to the new component definition i.e.standard-templating-kit:components/pur/stkPURPasswordChangeForm
.
Create a password change form
Create a new form on a Web page.
- In Website, create a new page based on the
stkPublicUserRegistration
template under/demo-project/members-area/password-reminder
and name it for examplepassword-change
. The new form will reside on this page. The email link will direct users to the page to change their passwords. - Open the new page and add the new component to it.
- Configure the form in the component dialog with your own version of the content in the screenshots below. For more information about configuring forms see the Form and Public User Registration module documentation.
- Form tab: This content is displayed on the page above the field sets.
- Submit settings tab: This content is displayed on the page after submission of the form.
- Confirmation Email tab: This is the content of the email sent to the user after they have changed their password
- Form tab: This content is displayed on the page above the field sets.
- Add a new Form Fieldsets component with:
- Two mandatory Password fields that use
Passwords
validation. The first is for entry of the new password and the second to confirm it. Note that the Field Names must bepassword
andpasswordConfirmation
because the system expects to find these fields. but you can label them as you like. - A Submit button field.
- Two mandatory Password fields that use
Your form should look simiar to this.
Edit the password-reminder page
The default demo-project/members-area/password-reminder
page contains the form for a user to submit their username in order to retrieve their password. By default, this form is configured to automatically send a email containing the user's password and redirect them to the /members-area/password-reminder/password-change-confirmation
page on successful submission of the form. This behaviour does not fit in with our new strategy.
Make the following changes to the default pages:
- On the
/password-reminder
page, in the:- Form tab: Edit the introductory text in the Password Retrieval Form component to read something like "Enter your username and we will send a password-reset link to your registered email address".
- Submit settings tab: You can optionally add content to the Text field to advise the user that the email has been sent and delete the link in the Page displayed after submission field.
- Confirmation E-Mail tab: Deselect Send confirmation, alernatively delete the contents of all fields.
- Depending on what you did in 1.b above, de-activate or delete the
/password-reminder/password-change-confirmation
page or edit the content of the Text and Image component on the page to read something like "A password-reset link has been sent to the address you provided".
Activate the content
Next, activate all the changes to the public instance. Here's a list of nodes:
- Configuration:
/modules/public-user-registration/configuration/passwordRetrievalStrategy
.: - Website:
demo-project/password-reminder
(including subpages). - Templating Kit > Template Defintions:
/components/pur
/stkPURPasswordChangeForm
and/pages/stkPublicUserRegistration/areas/main/areas/content/availableComponents.
Test the strategy
First check that your SMTP settings are working and activated.
Next, on the public instance:
- Register a new account: On the Members Area page click Request New Account and fill in the form. You receive an email containing a verification link. Verify your account and login to the members area.
- Logout and click Forgotten password?. Enter the username registered in 1. and click RETRIEVE PASSWORD.
- Depending on your setup, the page reloads to advise that the email has been sent or you are redirected to the
/password-reminder/password-change-confirmation
page where a similar message displays.
- Click CLICK HERE in the email to redirect you to the
/password-change
page. Enter and retype a new password and click SUBMIT - The Success message displays and you receive an email confirming the password change.
- Login with the new password.