Un module pour forcer l’authentification sur votre site Magento

Il est parfois nécessaire de restreindre l’accès à une boutique aux personnes authentifiées. On pense notamment à un site B2B par exemple. Voici donc un petit module qui permet de rediriger toute personne non connectée vers la page de login.

Installation

L’extension est disponible sur GitHub : https://github.com/jreinke/magento-require-login.

Pour l’installer, 2 solutions s’offrent à vous :

  1. Installation manuelle : téléchargez le package ici, désarchivez le à la racine de votre projet Magento, puis videz le cache.
  2. Installation via modgit :

    modgit -e README.md clone require-login https://github.com/jreinke/magento-require-login.git

    Exemple complet d’utilisation de modgit ici.

Configuration

Rendez-vous dans « System > Configuration > Bubble RequireLogin » :

Magento Require Login

Bien sûr, certaines urls doivent rester accessibles même si l’authentification est requise. C’est le cas pour les pages de réinitialisation et d’oubli de mot de passe, de création de compte, etc. C’est pourquoi une « whiltelist » est configurable en tant qu’expression régulière des urls à ignorer. Soyez donc vigilant lorsque vous modifiez cette expression.

48 réponses à “Un module pour forcer l’authentification sur votre site Magento”

  1. masev dit :

    Super utile en effet pour du B2B !

    Merci pour tous les modules que tu publies ces derniers temps, bien cool !

  2. Garry dit :

    Hello Johann,

    If someone visits the store home page and is not logged in, I would like to have them redirected to the login page. Will this plugin do that?

    Thanks,

    Garry

  3. Pieter Mathys dit :

    Hello,

    When trying to log in using Safari, I sometimes get redirected to a page like this: ://?SID=2a52afee5970e1064664aefee7c5b187

    I believe this has to do with this module, since I can’t find any help or idea’s when looking for Magento Login Troubles.

    Any word on if this is the case?

    Module works great otherwise. ;)

    Kind regards,
    Pieter

    • Johann Reinke dit :

      Hi!

      Difficult for me to reproduce the issue. Can you give more info on how to reproduce this?

      • Pieter Mathys dit :

        Hi Johan,

        Some general Info:

        1 Website
        2 Stores: B2B & B2C
        B2B Has login required, B2C does not and also has no catalog.

        The problem happens when the customer comes in from the splash page (outside of Magento installation folder). He gets the Login Form presented, fills in details and clicks submit. One of the following redirects will lead to « ://?SID=2a52afee5970e1064664aefee7c5b187″.

        The only case this (sometimes) doesn’t happen if AFTER logging out the user immediatly clicks the ‘Log in’ link again. In about 70% of the cases, he wil log in correctly and get redirected to his Account page. But this does fail sometimes.

        If after logging out he visits any page and then tries to log in again (since the login form wil get presented anyway), it will result in the wrong redirect once again.

        Hope this helps some, thanks in advance anyway! ;-)

      • Mike dit :

        I’m having a similar issue. Whenever a customer completes the login form, it directs them to https://localhost//://:/// (I force https, but this was happening before forcing https).

  4. Jon dit :

    Encountered a similar issue:

    loginPost was redirecting to ://?SID=…

    except that it was happening systematically. Under Safari, users were even unable to login.

    Delete line 16:
    $session->setBeforeAuthUrl($requestString);

    It should work.

    I struggle 2 days in a raw on this issue… Hope this helps others.

  5. David dit :

    Hi Johann,

    First of all thankyou for the very nice and usefull extension for magento.
    I have a question: it’s possible to make visible the cms pages as like who_we_are or contact_page ?
    If yes how can they be added to the expression?

    Greetings,

    David

  6. matt stanchie dit :

    Hello, we are running Magento CE 1.7.0.2. I just installed your extension and when I access the admin panel….. System>Configuration> Bubble I get a 404 Error – Page not found in the right column. I can send you screen shots if needed. Thank you for any help!

  7. matt stanchie dit :

    Doh! should have tried that. Thanks – it works now.

  8. Clément Crépin dit :

    Bonjour Johann,

    Votre module est parfait pour le site B2B que je développe.
    Actuellement, j’aimerai pouvoir laisser accès à la page d’accueil.

    Après plusieurs tentatives infructueuses, je n’ai toujours pas réussi à trouver comment ajouter cette dernière dans l’expression régulière.

    Pourriez-vous m’aider ?

    D’avance merci,
    Clément

  9. Thomas Heimann dit :

    German Translation for Bubble RequireLogin
    (app\locale\de_DE\Bubble_RequireLogin.csv) :

    Maybe its usefull

    « Login Options », »Anmeldeoption »
    « Require Login », »Login erforderlich »
    « Require Login Whitelist », »Login nicht erforderlich bei diesen URLs »
    « Regular expression that is used to match request strings that do not need customer authentication. », »Regulärer Ausdruck für die URLs, die keine Authentifizierung benötigen. »
    « Full overview available », »Komplette Übersicht verfügbar  »
    « here », »hier »
    « Bubble RequireLogin is a module that can force user authentication in frontend. », »Bubble RequireLogin ist ein Modul welches die Benutzeranmeldung im Frontend erzwingt. »
    « http://www.bubblecode.net/en/2012/05/15/a-magento-module-to-require-login-on-your-store/ », »http://www.bubblecode.net/2012/05/15/a-magento-module-to-require-login-on-your-store/ »

  10. Daniele dit :

    Very interesting article, I downloaded the zip file with the content and I did copy the files inside my magento installation.

    After you have logged in I went into the configuration of my site and I will return this error: 500 internal server error.

    Could you give me a hand, to understand what’s the problem?

  11. Patrick dit :

    Great module! I would like to include some CMS pages that are visible without the login. However, I can’t seem to find the best way to alter the regular expression. Any help appreciated!

  12. Patrick dit :

    Whoops, already found the answer. Maybe it can help someone.

    #(customer\/account\/(log(in|out)|forgotpassword|resetpassword))|your-page#

  13. Dean dit :

    Fantastic module! Is it possible to make an exception for the hompage, so the visitor can see the hompage without the need to login?

    Any ideas?

  14. jeff dit :

    Merci pour ton travail install parfaite

  15. Dev dit :

    Its Great! But is it possible to make an exception for the hompage, so the visitor can see the hompage without the need to login?

  16. Johann Reinke dit :

    Hi,

    Here is the syntax to include the homepage:

    #(^/$|^$|customer\/account\/(log(in|out)|forgotpassword|resetpassword|create))#

  17. John dit :

    Copied into my test store and got this when trying to access Configuration section in the admin menus:

    Fatal error: Class ‘Bubble_RequireLogin_Helper_Data’ not found in /html/STORE/app/Mage.php on line 546

    I’m using version 1.7.0.2

  18. Kalan dit :

    I’ve installed this, but it just goes into a page refresh loop at the login page. This stops happening when I disable the module.

  19. Lrkwz dit :

    Do not forget to whitelist your IPN urls.

    Replace

    « `
    #(customer\/account\/(log(in|out)|forgotpassword|resetpassword|create))#
    « `

    with

    « `
    #(customer\/account\/(log(in|out)|forgotpassword|resetpassword|create))|(paypal/\ipn\/)#
    « `

  20. Pete dit :

    Good thing, thanks…
    But how do i add the wishlist to the whitelist?

  21. Bryan dit :

    This is great! But is there a way to shift the whitelist to a blacklist, maybe? So that I can specify a particular section that needs to be passworded without having to whitelist the other pages?

  22. bhadresh dit :

    Thanks…its perfectly work in magento 1.8…nice tutorial ..

  23. Gyptian dit :

    Hello, thanks for this great module! It works great with 1.8. However, using the standard configuration, the API can’t seem to connect. For those who have this problem, simply add ‘|api’ at the end of the whitelist.

  24. jcuenin dit :

    Hello,

    I have an issue regarding this extension.

    I am using another extension to allow suppliers to update informations on products so I need to allow the route /supplier/, how can I do that ?

    I tried modifying the existing whitelist but without success.

    Thank you in advance for your answer!

    • jcuenin dit :

      My bad I just found the answer in the previous comments,

      As @Patrick said :

      #(customer\/account\/(log(in|out)|forgotpassword|resetpassword))|your-page#

      So I replaced it with my page :

      #(customer\/account\/(log(in|out)|forgotpassword|resetpassword))|supplier#

      And everything worked out :)

      Thank you for this great extension!

  25. shaik dit :

    when i try to access api http://xxxx.com/api/v2_soap?wsdl=1

    redirecting to login page,how can i access api

  26. shaik dit :

    i have an issue with this extension when i try to access magento api its redirecting to loging page.

    thank you

  27. Perry dit :

    I’ve recently implemented that feature. But additionally I needed to show different prices for wholesale and retail customers. So I installed customer group catalog by amasty.

  28. Thor dit :

    I am looking for a way that only I can add accounts for people to login. What would be the steps to accomplish this ?

  29. Fredrik Stertman dit :

    Does it work with 1.9.1.1?

  30. RCTech dit :

    Work also on Magento 1.9.0.1
    Thanks fo nice extension!

  31. Mike dit :

    I’m having an issue where ever since I installed this plugin, once a user logs in, it directs them to https://localhost//://:///

    Any idea?

  32. Nalin dit :

    call to SOAP API’s are not working,
    I have added ‘api’ in the expression as below,
    #(customer\/account\/(log(in|out)|forgotpassword|resetpassword|create))|(paypal/\ipn\/)|api#

    I can see XML’s by using
    http://yourdomain.com/api/soap/?wsdl

    But gets following error while accessing soap API via coding
    SoapFault exception: [HTTP] Error Fetching http headers

    It runs fine if I Disable module from xml file

  33. John Francis dit :

    I’m not a programmer so I need to know what to put into the « Require Login Whitelist » to have username= »riley » and password= »webstack ». I just want to protect store from entry.

    Thanks for your assistance
    John

  34. asobari dit :

    Dear Johann,

    First thanks for the module, it is working quite well.
    But my problem is a little bit complicated. I have multiple magento stores and I am using a single hosting and use addon domains. I’ve some ajax requests to get some blocks and for this purpose I’ve enabled cors. It is working well on Chrome but on Firefox when you have cors and do an ajax request when I’ve used your module, for all these requests the login page is also shown inside these blocks? So can you help me with this? Do you know this problem? I’ve checked all over the internet with no luck.
    For chrome the ajax request returns 200 OK.
    But for firefox it returns 302 Temp redirect and gets the login page for this store and show it inside every block for every ajax request?

    Thanks

  35. Abdul dit :

    Hi,
    Please advise
    Password reset link redirects to login page, unable to reset password.

  36. Brother Mouzone dit :

    Minor change, but I noticed that you cannot actually change your forgotten password in magento 1.9 since domain.com/forgottenpassword link that you get in the forgotten password email redirects to another page with url « changeforgotten » so my current filter look like:

    #^/$|^$|customer\/account\/(log(in|out)|forgotpassword|resetpassword|create|changeforgotten)|paypal\/ipn#

Laisser un commentaire

* Champs requis

Categories