This package works in Neos CMS and Flow and provides the following functionality:
- Registration of (frontend) users via a registration form
- Sending out an e-mail for account confirmation
- Login of registered (frontend) users via a login form
- "Forgotten password" with password reset e-mail
Sandstorm.UserManagement is currently being maintained for the following versions:
| Neos / Flow Version | Sandstorm.UserManagement Version | Branch | Maintained |
|---|---|---|---|
| Neos 5.x, Flow 6.x | 7.x | master | Yes |
| Neos 4.x, Flow 5.x | 6.x | 6.0 | Yes |
| Neos 3.x, Flow 4.x | 5.x | 5.0 | Bugfixes |
| Neos 2.3 LTS, Flow 3.3 LTS | 3.x | 3.0 | No |
| Neos 2.2, Flow 3.2 | 1.x | - | No |
Since I've removed the direct dependency to swiftmailer in favor of the Sandstorm/TemplateMailer package (which provides css inlining), the EmailService in this package was removed. This means that you will need to change some of your config options, because they are now set in the Sandstorm.TemplateMailer config path instead of inside the Sandstom.UserManagement path. Please refer to the Sandstorm/TemplateMailer Documentation for instructions on how to set the following configurations:
- senderAddress
- senderName
- templatePackage
Hint: to override the sender address for this package, you will need the following setting:
Sandstorm:
TemplateMailer:
senderAddresses:
sandstorm_usermanagement_sender_email: # You need to use this exact key to override the UserManagement defaults
name: Your-App
address: [email protected]In the registration email templates, two variables are no longer available by default:
- "applicationName" (filled with configured email senderAddress)
- "email" (filled with the email address the mail is sent to) However, in the registration email, "registrationFlow" is now available, which gives access to the email as well to all other information the user has entered during the registration process (as long as it is stored in the RegistrationFlow object).
To overwrite the existing Activation- and PasswordReset templates, do the following:
- Add
ActivationToken.html,ActivationToken.txt,ResetPasswordToken.htmlandResetPasswordToken.txtto<YourPackage>/Resources/Private/EmailTemplates/ - Fill in the necessary information (you can use the sandstormUserManagement templates as a point of reference
- Add your package to your TemplateMailer-Configuration https://github.com/sandstorm/TemplateMailer#configuring-template-source-packages
There are the basic config steps:
-
Run
./flow doctrine:migrateafter you add this package to install its model. The package automatically exposes its routes via auto-inclusion in the package settings. Attention: Any routes defined in the globalRoutes.yamlare loaded before this package's routes, so they may be overriden. This is especially true for the default Flow subroutes, so make sure you have removed those from your globalRoutes.yaml. If you can't remove them, just include the subroutes for this package manually before the Flow subroutes. -
Require this package in your own package's
composer.json. This will inform Flow that it needs to load UserManagement before your packages, which allows you to override config and will make sure authorizations work correctly. Keep in mind that you have to add this into all packages that use features from user management - very important if your site is split into multiple packages or plugins. Here's an example:
{
"description": "Your Site Package",
"type": "neos-site", (or "neos-package" if you're using Flow only or building a Plugin)
"require": {
"neos/neos": "*",
"sandstorm/usermanagement": "*"
}
...more settings here...
}
-
Run
./flow neos.flow:package:rescanto regenerate to order in which all your packages are loaded. -
Add and adapt the configuration settings below to your config (make sure to not miss the special Neos settings).
These are the basic configuration options for e-mails, timeouts etc. You will usually want to adapt these to your application.
Sandstorm:
UserManagement:
# Validity timespan for the activation token for newly registered users.
activationTokenTimeout: '2 days'
# Validity timespan for the token used to reset passwords.
resetPasswordTokenTimeout: '4 hours'
# The message that appears if a user could not be logged in.
authFailedMessage:
title: 'Login nicht möglich'
body: 'Sie haben ungĂĽltige Zugangsdaten eingegeben. Bitte versuchen Sie es noch einmal.'
# Email settings
email:
# Subject line for the account confirmation email
subjectActivation: 'Please confirm your account'
# Subject line for the password reset email
subjectResetPassword: 'Password reset'
# An array of roles which are assigned to users after they activate their account.
rolesForNewUsers: []
You should switch the implementation of the Redirect and User Creation Services to the Neos services. Add this to your Objects.yaml:
# Use the Neos services
Sandstorm\UserManagement\Domain\Service\RedirectTargetServiceInterface:
className: 'Sandstorm\UserManagement\Domain\Service\Neos\NeosRedirectTargetService'
Sandstorm\UserManagement\Domain\Service\UserCreationServiceInterface:
className: 'Sandstorm\UserManagement\Domain\Service\Neos\NeosUserCreationService'
Be aware that the NeosUserCreationService requires a non-empty firstName and lastName to be present in the RegistrationFlow attributes
as it's in the templates of this package.
Add the following to your package's (or the global) Settings.yaml. This creates a separate authentication provider so Neos can
distinguish between frontend and backend logins.
Neos:
Flow:
security:
authentication:
providers:
'Neos.Neos:Backend':
requestPatterns:
Sandstorm.UserManagement:NeosBackend:
pattern: Sandstorm\UserManagement\Security\NeosRequestPattern
patternOptions:
'area': 'backend'
'Sandstorm.UserManagement:Login':
provider: PersistedUsernamePasswordProvider
requestPatterns:
Sandstorm.UserManagement:NeosFrontend:
pattern: Sandstorm\UserManagement\Security\NeosRequestPattern
patternOptions:
'area': 'frontend'
Before Neos 3.0, the Neos.Neos:Backend authentication provider was called Typo3BackendProvider. Replace Neos.Neos:Backend
with Typo3BackendProvider in the config above.
The package exposes a command to create users. You can run
./flow sandstormuser:create [email protected] password --additionalAttributes="firstName:Max;lastName:Mustermann"
to create a user. This will create a Neos user if you're using the package in Neos. You can assign roles to the new user in the Neos backend afterwards.
It is possible to confirm a registrationflow and trigger user creation by running
./flow sandstormuser:activateregistration [email protected]
Since 1.1.2, it is possible to reset passwords for users created with this package.
./flow sandstormuser:setpassword [email protected] password
If the package detects that the NeosUserCreationService is used, it forwards the command to the
Neos UserCommandController->setPasswordCommand(). Otherwise, our oackage's own logic is used.
The Authentication Provider can be passed in as an optional argument to reset passwords for users created
with a different provider that the default UserManagement one (Sandstorm.UserManagement:Login):
./flow sandstormuser:setpassword [email protected] password --authenticationProvider=Typo3BackendProvider
To define where users should be redirected after they log in or out, you can set some config options:
Sandstorm:
UserManagement:
redirect:
# To activate redirection, make these settings:
afterLogin:
action: 'action'
controller: 'Controller'
package: 'Your.Package'
afterLogout:
action: 'action'
controller: 'Controller'
package: 'Your.Package'
When using the package within Neos, you have another possibility: you can set properties on the LoginForm node type. The pages you link here will be shown after users log in or out. Please note that when a login/logout form is displayed on a restricted page: in that case you MUST set a redirect target, otherwise you will receive an error message on logout. If the redirection is configured via Settings.yaml, they will take precedence over the configuration at the node. You can, of course, set these properties from TypoScript also if you have a login/logout form directly in you template:
loginform = Sandstorm.UserManagement:LoginForm {
// This should be set, or there will be problems when you have multiple plugins on a page
argumentNamespace = 'login'
// Redirect to the parent page automatically after logout
redirectAfterLogout = ${q(documentNode).parent().get(0)}
}
If redirecting to a specific controller method is still not enough for you, you can simply roll your own implementation of the
RedirectTargetServiceInterface. Just add the implementation within your own package and add the following lines to your Objects.yaml.
Mind the package loading order, you package should require sandstorm/usermanagement in its composer.json.
Sandstorm\UserManagement\Domain\Service\RedirectTargetServiceInterface:
className: 'Your\Package\Domain\Service\YourCustomRedirectTargetService'
There is a ViewHelper available that allows you to check if somebody is logged into the frontend. Here's an example:
{namespace um=Sandstorm\UserManagement\ViewHelpers}
<um:ifAuthenticated>
<f:then>
You are currently logged in.
</f:then>
<f:else>
You are not logged in!
</f:else>
</um:ifAuthenticated>
If you have configured a different Authentication Provider than the default one, the viewhelper has an authenticationProviderName
argument to which you can pass the name of the Auth Provider you are using.
You can change any template via the default method using Views.yaml. Please see
http://flowframework.readthedocs.io/en/stable/TheDefinitiveGuide/PartIII/ModelViewController.html#configuring-views-through-views-yaml.
Here's an example how to plug your own login template:
-
requestFilter: 'mainRequest.isPackage("Neos.Neos") && isPackage("Sandstorm.UserManagement") && isController("Login") && isAction("login")'
options:
templatePathAndFilename: 'resource://Your.Package/Private/Templates/Login/Login.html'
partialRootPaths: ['resource://Your.Package/Private/Partials']
layoutRootPaths: ['resource://Your.Package/Private/Layouts']As documented in the configuration options above, overriding e-mail templates is easy:
- Copy the
EmailTemplatesfolder from the UserManagement'sResources/Privatefolder into your own package and modify the templates to your heart's desire. - Add your own package to the templatePackages config, as described in Sandstorm/TemplateMailer Documentation.
You might want to add additional information to the user model. This can be done by extending
the User model delivered with this package and adding properties as you like. You will then
need to switch out the implementation of UserCreationServiceInterface to get control over
the creation process. This can be done via Objects.yaml:
Sandstorm\UserManagement\Domain\Service\UserCreationServiceInterface:
className: 'Your\Package\Domain\Service\YourCustomUserCreationService'The UserManagement package emits three signals during the login and logout process, into which you can hook
using Flows Signals and Slots
mechanism. You could for example use this to set additional cookies when a user logs in, e.g. to enable JWT authentication
with another service. Here is an example of using all three, you could copy this into your own Package.php file:
public function boot(Bootstrap $bootstrap) {
$dispatcher = $bootstrap->getSignalSlotDispatcher();
$dispatcher->connect(
\Sandstorm\UserManagement\Controller\LoginController::class, 'authenticationSuccess',
\Your\Package\Domain\Service\ExampleService::class, 'onAuthenticationSuccess'
);
$dispatcher->connect(
\Sandstorm\UserManagement\Controller\LoginController::class, 'authenticationFailure',
\Your\Package\Domain\Service\ExampleService::class, 'onAuthenticationFailure'
);
$dispatcher->connect(
\Sandstorm\UserManagement\Controller\LoginController::class, 'logout',
\Your\Package\Domain\Service\ExampleService::class, 'onLogout'
);
}Your example service could then look like this:
namespace Your\Package\Domain\Service;
use Neos\Flow\Mvc\ActionRequest;
use Neos\Flow\Mvc\Controller\ControllerContext;
use Neos\Flow\Security\Exception\AuthenticationRequiredException;
class ExampleService
{
public function onAuthenticationSuccess(ControllerContext $controllerContext, ActionRequest $originalRequest = null)
{
// Do custom stuff here
}
public function onAuthenticationFailure(ControllerContext $controllerContext, AuthenticationRequiredException $exception = null)
{
// Do custom stuff here
}
public function onLogout(ControllerContext $controllerContext)
{
// Do custom stuff here
}
}The RegistrationFlow class is the representation of a user signing up for your application.
It has a few default properties and can be extended with arbitrary additional data via its attributes property.
Exchange the registration template as described above and add a field:
<f:form.checkbox id="terms" property="attributes.terms" value=""/>This will add the field, but of course you might also want to validate it.
The UserManagement package has a hook for you to implement your custom registration flow validation logic. It is
called directly from the domain model validator of the package. All you need to to is create an implementation of
Sandstorm\UserManagement\Domain\Service\RegistrationFlowValidationServiceInterface in your own package. It could
look like this:
class RegistrationFlowValidationService implements RegistrationFlowValidationServiceInterface {
/**
* @param RegistrationFlow $registrationFlow
* @param RegistrationFlowValidator $validator
* @return void
*/
public function validateRegistrationFlow(RegistrationFlow $registrationFlow, RegistrationFlowValidator $validator) {
// This is an example of your own custom validation logic.
if ($registrationFlow->getAttributes()['agb'] !== '1') {
$validator->getResult()->forProperty('attributes.terms')->addError(new \Neos\Flow\Validation\Error('You need to accept the terms and conditions.'));
}
}
}Run all tests with:
./bin/phpunit -c ./Build/BuildEssentials/PhpUnit/UnitTests.xml Packages/Application/Sandstorm.UserManagement/Tests/Unit
Feel free to submit issues/PRs :)
- I18N for Templates.
- More Tests.
- What happens if the user did not receive the registration email? Just tell the user to register again. In this case, previous unfinished registrations are discarded.