bitexpert / magento2-force-customer-login
bitexpert/magento2-force-customer-login
The Force Login module for Magento2 redirects a storefront visitor to the Magento2 Frontend login page, if the visitor is not logged in. It is possible to configure the whitelisted urls to add custom definitions.
Force Login Module for Magento® 2
The Force Login Module for Magento® 2 allows you to restrict which pages a visitor is
able to see. Visitors get redirected to the login page if the page is not marked visitable.
The Force Login Module for Magento® 2 is especially useful for merchants serving only a specific
group of users, e.g. enterprise related business partners and need to ensure that only those users are
able to browse the the website or the product catalog.
Features:
- Force your guest visitors to log in first (or register), before allowing them to visit your pages and catalog
- Administration: Manage the whitelist rules by the GUI in the administration area
- ACL: Restrict the administration of whitelist rules to certain backend user groups
- Whitelisting: Define url rules as pattern to define which pages guest visitors can visit without logging in first
- Multistore-Support: Define if whitelist rules either apply globally or for specific stores
- Hyvä Themes compatible
Requirements:
- PHP 7.4 or PHP 8.1
- Magento 2.4.0 or higher
Installation
The preferred way of installing bitexpert/magento2-force-customer-login is through Composer. Simply add bitexpert/magento2-force-customer-login
as a dependency:
composer.phar require bitexpert/magento2-force-customer-login
Optional you can download the latest version here and install the
decompressed code in your projects directory under app/code/BitExpert/ForceCustomerLogin.
Composer error package bitexpert/magento2-force-customer-login exists
When you have errors after installing trough composer there is probably an issue with version numbers between Packagist and Magento repo. You can update your project composer file to fix this:
{
"repositories": [
{
"type": "composer",
"url": "https://repo.magento.com/",
"canonical": false
}
]
}
Post-Install
After the installment of the module source code, the module has to be enabled by the Magento® 2 CLI.
bin/magento module:enable BitExpert_ForceCustomerLogin
System Upgrade
After enabling the module, the Magento® 2 system must be upgraded.
If the system mode is set to production, run the compile command first. This is not necessary for the developer mode.
bin/magento setup:di:compile
To upgrade the system, the upgrade command must be run.
bin/magento setup:upgrade
Clear Cache
At last, the Magento® 2 should be cleared by running the flush command.
bin/magento cache:flush
Sometimes, other cache systems or services must be restarted first, e.g. Apache Webserver and PHP FPM.
User Guide
Find the complete user guide here.
How to use
The usage of the Force Login Module for Magento® 2 is applied implicitly by redirecting visitors
if the called URI does not match any configured whitelisted url rules.
Whitelisting
Whitelisting is based upon the usage of rules. The strategy selection defines how the rules are interpreted, details are listed below.
By default, some static rules are already listed. The following example shows, how to add a whitelist entry for the homepage (startpage).
Navigate to the Overview Grid and use the Add Entry button.
- Enter Homepage into the text field beside from the Label label.
- Enter ^/?$ into the text field beside from the Url Rule label.
- Select All Stores from the selection field beside from the Store label.
Use the Save button in the upper menu. After being redirected to the Overview Grid, the new
entry should appear to the list and the systems homepage should be available for guest visitors.
How to configure
Administration
The Force Login Module for Magento® 2 allows you to enable or disable the module itself on the level of websites, stores and store views.
If the module is disabled, the whitelist ruling and the redirection are not applied. If the module is enabled based upon the configuration,
the whitelist rules are process, which themselves are also configurable for all enabled stores or just specific ones.
After installing and enabling Force Login Module for Magento® 2 with the CLI, you must be able to navigate to
Stores > Configuration > Force Login, where you are able to configure the availability of the module for each website, store and store view.
In the administration configuration, you are also able to setup the URL the redirecting is targeting to if not whitelist rule is matching.
[image: alt text]
Navigation
Navigating through the Magento® 2 backend menu by clicking onto Customers you must see a new menu
entry Forced Login Whitelist.
Enter this menu entry.
[image: alt text]
Overview Grid
You can add new entries by clicking on the Add Entry button in the upper right corner ( 1 ), see below.
The grid ( 2 ) contains all existing whitelisted Url Rules, for which the forced redirect to the Customer Login Page is omitted.
The Url Rules ( 3 ) are part of a regular expression checking on the called Url and tries to match against the whitelist.
Url Rules may be related to all stores or to a specific one ( 4 ). All rules except some mandatory ones are editable ( 5 ) and removeable ( 6 ).
[image: alt text]
Detail Form
You can return to the Overview Grid by using the Back button ( 1 ). The Label value has only declarative character and
is for information purpose only ( 2 ). The Url Rule is an expression checking on the called
Url and tries to match against the whitelist ( 3 ). Url Rules may be related to all stores or to a specific one ( 4 ).
The strategy selection ( 5 ) defines how the Url Rule is interpreted, details are listed below.
Persist the rule by using the Save button ( 6 ).
[image: alt text]
Strategies
Static
Rule is used as a literal value and will be added onto the base url for matching. This is default behaviour.
RegEx-All
Rule is based on regular expression, and will be used for looking up matching anywhere in the current Url.
RegEx-All Negation
Based on the RegEx-All strategy, but negates the result. Helpful if only a few pages should be restricted.
Tests
You can run the unit tests with the following command (requires dependency installation):
composer test
Contribution
Feel free to contribute to this module by reporting issues or create some pull requests for improvements.
License
The Force Login Module for Magento® 2 is released under the Apache 2.0 license.
Changelog
All notable changes to this project will be documented in this file, in reverse chronological order by release.
5.4.0
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #232 Updating PHP version for Magento 2.4.7
- #230 A whitelist entry is not editable Error after trying to update the module
5.3.0
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #229 Restore default whitelist all get static strategy
5.2.0
Added
- #227 add support for php 8.2
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #228 Add module enabled check to plugin enabled
5.1.0
Added
- #224 Make module compatible with Magento 2.4.5
- #218 Upgrade PHPStan to version 1.7
- #217 Update readme, add composer error instructions
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #223 Add db_schema_whitelist.json to fix issue
5.0.1
Added
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #215 Update default routes
5.0.0
Added
Deprecated
- #202 Only support M2.4.x
Removed
- Nothing.
Fixed
- #212 Allow Magento admin to log in as customer
- #209 Fix bug for wrong redirect on customer login and account confirmation
- #206 Homepage Redirect After Login Leads To incorrect url
- #198 Fix undefined method call
4.1.0
Added
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #192 force login in store redirects to default login
- #180 Customers get whoops.... after registering
- #179 Improve menu placement: fix compatibility with B2B
- #161 After login in shows css page
4.0.1
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #167 Password Reset not working
4.0.0
Added
- #172 Add PHP7.3 and Magento 2.3.3 version requirements
- #165 Added /stores/store/switch and /stores/store/redirect to the whitelist
- #155 Add varnish ESI url to whitelist
- #154 Add option to configure to force https redirect
Deprecated
- Nothing.
Removed
- #160 Drop Magento 2.1 & 2.2 compatibility
Fixed
- Nothing.
3.2.0
Added
- #140 Magento 2.3 compatibility
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Nothing.
3.1.0
Added
- #134 Fixed an issue where GET query parameters get stripped
- #123 Fixes for multiple stores with store name in path
- #118 Add path /customer/account/resetpasswordpost to the default setup
- #108 Add Magento EQP tool in Travis build
- #105 Add coveralls.io support in Travis build
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Nothing.
3.0.1
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #104 Fix to make sure the module will work with Magento 2.1 and 2.2
3.0.0
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #98 Convert "bitExpert" namespace to "BitExpert" to fix the Magento 2.2 XSD issue
- #99 Don't store AJAX requests as after login url
- #100 Apply fixes sugested by the EQP tool
- #101 Update docs to fix typos and reflect latest changes
- #102 Rename button "delete"
2.3.0
Added
- #88 Migrated from using observers to hook into router chain
- #89 Enabled edition of default whitelist routes
- #92 Fixed syntax issue in layout xml, invalid block definition
Deprecated
- Nothing.
Removed
- #88 Usage of observers (LoginRequiredOnCustomerSessionInitObserver, LoginRequiredOnVisitorInitObserver) and event hooks (customer_session_init, visitor_init) have been removed
Fixed
- #83 404 pages do not show when logged out
- #84 Disable registration isn't possible
- #91 Whitelist is Not works for Magento 2.2.0
2.2.0
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #85 Incompatible with Magento 2.2
2.1.0
Added
- #82 Fixed invalid position of tag resource in system.xml
- #78 Move backend configuration to customer > customer configuration section
- #77 Provides backwards compatibility by set strategy for existing rules to regex matcher instead of static
- #76 Static matcher now canonicalizes url and rule to omit differences of trailing slashes
- #60 Behavior Setting for Matcher
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #81 Error in admin pages due to invalid XML
- #79 Invalid system.xml file
- #75 Static matching strategy could ignore ending slash
- #74 Upgrade to 2.1 RC2 from 2 breaks backward compatibility of rules
- #73 Force login top level system config tab is overkill
- #72 Fixes on class resolution
2.0.2
Added
- #71 Moved events.xml to frontend/events.xml
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #68 Activating the module also blocks the backend
2.0.1
Added
- #67 Resolve redirect loop from login to customer dashboard
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #66 Redirect loop
2.0.0
Added
- Changed type namings in DI to match best practice.
- Respect configured login option behavior.
- Added own session handler.
- #63 Updated resource ACL
- #62 Move UpgradeSchema to InstallSchema
- #54 Added configuration to enabled or disabled the module
- #43 Added additional default rules for sitemap.xml and robots.txt
- #26 Added cache control to redirecting
- #24 Added configuration to set target url
Deprecated
- Nothing.
Removed
- Removed full qualification of namespace representation type name to match best practice.
Fixed
- Refactored code structure.
- #64 ACL error when accessing Store Configuration
- #61 Setup install then upgrade fails
- #35 Redirection after logging in
1.3.1
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Increased version number in module.xml
1.3.0
Added
- Unified support for Magento 2.0 and Magento 2.1
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Nothing.
1.2.4
Added
- #27 Allow to edit default paths
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #22 disable /customer/account/create
1.2.3
Added
- #21 Updated docs to match Magento2 marketplace regulations
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Nothing.
1.2.2
Added
- #15 Fixed appliance of whitelist repository collection filter
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #14 Whitelist entire website or store view
1.2.1
Added
- #15 Reduced the quotation of the whitelist entries to allow some regular expressions
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #14 Whitelist entire website or store view
1.2.0
Added
- #11 Magento 2.1 compatibility added
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Nothing.
1.1.7
Added
- #27 Allow to edit default paths
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #22 disable /customer/account/create
1.1.6
Added
- #20 Updated docs to match Magento2 marketplace regulations
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Nothing.
1.1.5
Added
- #15 Fixed appliance of whitelist repository collection filter
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #14 Whitelist entire website or store view
1.1.4
Added
- #15 Reduced the quotation of the whitelist entries to allow some regular expressions
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #14 Whitelist entire website or store view
1.1.3
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #7 Fixed new whitlist entry saving fails
1.1.2
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #6 Fix/missing customer session check
1.1.1
Added
- Nothing.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #5 Fixed issue with storefront prefix
1.1.0
Added
- #4 Added an administrative UI for configure the whitelist entries
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Nothing.
1.0.1
Added
- #1 added links to ignore-urls
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- #3 Fix #2 issues with DI compilation
- #2 DI Compilation fails due to dependency duplicate on older magento2 versions then 2.0.4
1.0.0
Initial release of the Force Login module for Magento2.
| Version | Stability | QA Status | Released |
|---|---|---|---|
| 5.4.0 | stable | Fail | 2024-05-01 17:53:49 |
| 5.3.0 | stable | Not tested | 2023-11-12 15:23:34 |
| 5.2.0 | stable | Not tested | 2023-10-29 08:16:50 |
| 5.1.0 | stable | Not tested | 2022-10-31 18:00:23 |
| 5.0.1 | stable | Not tested | 2022-05-14 12:00:34 |
| 5.0.0 | stable | Not tested | 2022-05-13 16:54:02 |
| 4.1.0 | stable | Not tested | 2020-10-19 14:34:42 |
| 4.0.2 | stable | Not tested | 2019-12-27 18:50:27 |
| 4.0.1 | stable | Not tested | 2019-12-16 20:31:31 |
| 4.0.0 | stable | Not tested | 2019-11-02 16:32:35 |
| 3.2.0 | stable | Not tested | 2019-02-07 18:18:04 |
| 3.1.0 | stable | Not tested | 2018-11-17 09:03:06 |
| 3.0.1 | stable | Not tested | 2017-12-26 21:06:56 |
| 3.0.0 | stable | Not tested | 2017-12-25 13:23:26 |
| 2.3.0 | stable | Not tested | 2017-10-31 08:08:47 |
| 2.3.0-RC2 | RC | Not tested | 2017-10-26 13:42:22 |
| 2.3.0-RC1 | RC | Not tested | 2017-10-25 13:04:53 |
| 2.2.0 | stable | Not tested | 2017-10-04 08:34:28 |
| 2.1.0 | stable | Not tested | 2017-08-04 12:09:16 |
| 2.1.0-RC4 | RC | Not tested | 2017-08-03 09:43:36 |
| 2.1.0-RC3 | RC | Not tested | 2017-07-11 20:14:36 |
| 2.1.0-RC2 | RC | Not tested | 2017-07-05 13:38:15 |
| 2.1.0-RC1 | RC | Not tested | 2017-07-05 08:42:45 |
| 2.0.2 | stable | Not tested | 2017-06-12 06:16:33 |
| 2.0.1 | stable | Not tested | 2017-04-24 10:21:58 |
| 2.0.0 | stable | Not tested | 2017-04-19 14:27:01 |
| 2.0.0-RC3 | RC | Not tested | 2017-04-15 15:12:56 |
| 2.0.0-RC2 | RC | Not tested | 2017-04-10 13:03:04 |
| 1.3.1 | stable | Not tested | 2017-03-23 17:46:42 |
| 2.0.0-RC1 | RC | Not tested | 2017-03-23 17:46:18 |
| 1.3.0 | stable | Not tested | 2017-02-17 07:52:23 |
| 1.2.4 | stable | Not tested | 2016-09-29 13:23:09 |
| 1.1.7 | stable | Not tested | 2016-09-29 13:14:05 |
| 1.2.3 | stable | Not tested | 2016-08-18 12:31:14 |
| 1.1.6 | stable | Not tested | 2016-08-18 12:26:35 |
| 1.2.2 | stable | Not tested | 2016-07-25 10:47:07 |
| 1.1.5 | stable | Not tested | 2016-07-25 10:45:16 |
| 1.1.4 | stable | Not tested | 2016-07-23 12:01:30 |
| 1.2.1 | stable | Not tested | 2016-07-23 11:42:44 |
| 1.2.0 | stable | Not tested | 2016-07-01 15:21:20 |
| 1.1.3 | stable | Not tested | 2016-06-03 17:00:03 |
| 1.1.2 | stable | Not tested | 2016-05-12 08:24:46 |
| 1.1.1 | stable | Not tested | 2016-05-10 15:45:19 |
| 1.1.0 | stable | Not tested | 2016-05-09 14:05:00 |
| 1.0.1 | stable | Not tested | 2016-04-26 19:13:29 |
| 1.0.0 | stable | Not tested | 2016-04-19 07:23:38 |
Requires 6
| Package | Constraint |
|---|---|
| php | ~8.1.0|~8.2.0|~8.3.0 |
| magento/framework | ^103.0.4 |
| magento/module-backend | ^102.0.4 |
| magento/module-customer | ^103.0.4 |
| magento/module-store | ^101.1.4 |
| magento/module-ui | ^101.2.4 |
Requires-dev 8
| Package | Constraint |
|---|---|
| phpunit/phpunit | ^9.5.2 |
| captainhook/captainhook | ^5.16.4 |
| captainhook/plugin-composer | ^5.3.3 |
| phpstan/extension-installer | ^1.3.1 |
| phpstan/phpstan | ^1.10.33 |
| bitexpert/phpstan-magento | ^0.30.0 |
| magento/magento-coding-standard | ^31 |
| php-coveralls/php-coveralls | ^2.7 |
| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Fail | 29 | 29 errors (gating threshold: error-severity=10, ruleset: Magento2) |
| PHPStan | Fail | 29 | 29 errors (level 5, ruleset: phpstan + bitexpert/phpstan-magento) · +154 advisory to level max |
| Cpd | Fail | 12 | 12 duplicated chunks spanning 560 total lines (min-lines=5, min-tokens=70) |
| Security | Pass | 0 |
Turn an existing module into recurring revenue.
If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.