Force Login Module for Magento® 2

The Force Login Module for Magento® 2 allows you to restrict which pages a visitor is
able to see. Visitors get redirected to the login page if the page is not marked visitable.
The Force Login Module for Magento® 2 is especially useful for merchants serving only a specific
group of users, e.g. enterprise related business partners and need to ensure that only those users are
able to browse the the website or the product catalog.

Features:

• Force your guest visitors to log in first (or register), before allowing them to visit your pages and catalog
• Administration: Manage the whitelist rules by the GUI in the administration area
• ACL: Restrict the administration of whitelist rules to certain backend user groups
• Whitelisting: Define url rules as pattern to define which pages guest visitors can visit without logging in first
• Multistore-Support: Define if whitelist rules either apply globally or for specific stores

Installation

The preferred way of installing bitexpert/magento2-force-customer-login is through Composer. Simply add bitexpert/magento2-force-customer-login
as a dependency:

composer.phar require bitexpert/magento2-force-customer-login

Optional you can download the latest version here and install the
decompressed code in your projects directory under app/code/BitExpert/ForceCustomerLogin.

Post-Install

After the installment of the module source code, the module has to be enabled by the Magento® 2 CLI.

bin/magento module:enable BitExpert_ForceCustomerLogin

System Upgrade

After enabling the module, the Magento® 2 system must be upgraded.

If the system mode is set to production, run the compile command first. This is not necessary for the developer mode.

bin/magento setup:di:compile

To upgrade the system, the upgrade command must be run.

bin/magento setup:upgrade

Clear Cache

At last, the Magento® 2 should be cleared by running the flush command.

bin/magento cache:flush

Sometimes, other cache systems or services must be restarted first, e.g. Apache Webserver and PHP FPM.

User Guide

Find the complete user guide here.

How to use

The usage of the Force Login Module for Magento® 2 is applied implicitly by redirecting visitors
if the called URI does not match any configured whitelisted url rules.

Whitelisting

Whitelisting is based upon the usage of rules. The strategy selection defines how the rules are interpreted, details are listed below.
By default, some static rules are already listed. The following example shows, how to add a whitelist entry for the homepage (startpage).

Navigate to the Overview Grid and use the Add Entry button.

• Enter Homepage into the text field beside from the Label label.
• Enter ^/?$ into the text field beside from the Url Rule label.
• Select All Stores from the selection field beside from the Store label.

Use the Save button in the upper menu. After being redirected to the Overview Grid, the new
entry should appear to the list and the systems homepage should be available for guest visitors.

How to configure

Administration

The Force Login Module for Magento® 2 allows you to enable or disable the module itself on the level of websites, stores and store views.

If the module is disabled, the whitelist ruling and the redirection are not applied. If the module is enabled based upon the configuration,
the whitelist rules are process, which themselves are also configurable for all enabled stores or just specific ones.

After installing and enabling Force Login Module for Magento® 2 with the CLI, you must be able to navigate to
Stores > Configuration > Force Login, where you are able to configure the availability of the module for each website, store and store view.

In the administration configuration, you are also able to setup the URL the redirecting is targeting to if not whitelist rule is matching.

[image: alt text]

Navigation

Navigating through the Magento® 2 backend menu by clicking onto Customers you must see a new menu
entry Forced Login Whitelist.

Enter this menu entry.

[image: alt text]

Overview Grid

You can add new entries by clicking on the Add Entry button in the upper right corner ( 1 ), see below.
The grid ( 2 ) contains all existing whitelisted Url Rules, for which the forced redirect to the Customer Login Page is omitted.
The Url Rules ( 3 ) are part of a regular expression checking on the called Url and tries to match against the whitelist.
Url Rules may be related to all stores or to a specific one ( 4 ). All rules except some mandatory ones are editable ( 5 ) and removeable ( 6 ).

[image: alt text]

Detail Form

You can return to the Overview Grid by using the Back button ( 1 ). The Label value has only declarative character and
is for information purpose only ( 2 ). The Url Rule is an expression checking on the called
Url and tries to match against the whitelist ( 3 ). Url Rules may be related to all stores or to a specific one ( 4 ).
The strategy selection ( 5 ) defines how the Url Rule is interpreted, details are listed below.
Persist the rule by using the Save button ( 6 ).

[image: alt text]

Strategies

Static

Rule is used as a literal value and will be added onto the base url for matching. This is default behaviour.

RegEx-All

Rule is based on regular expression, and will be used for looking up matching anywhere in the current Url.

RegEx-All Negation

Based on the RegEx-All strategy, but negates the result. Helpful if only a few pages should be restricted.

Tests

You can run the unit tests with the following command (requires dependency installation):

composer test

Contribution

Feel free to contribute to this module by reporting issues or create some pull requests for improvements.

License

The Force Login Module for Magento® 2 is released under the Apache 2.0 license.

Changelog

All notable changes to this project will be documented in this file, in reverse chronological order by release.

4.0.1

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #167 Password Reset not working

4.0.0

Added

• #172 Add PHP7.3 and Magento 2.3.3 version requirements
• #165 Added /stores/store/switch and /stores/store/redirect to the whitelist
• #155 Add varnish ESI url to whitelist
• #154 Add option to configure to force https redirect

Deprecated

• Nothing.

Removed

• #160 Drop Magento 2.1 & 2.2 compatibility

Fixed

• Nothing.

3.2.0

Added

• #140 Magento 2.3 compatibility

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

3.1.0

Added

• #134 Fixed an issue where GET query parameters get stripped
• #123 Fixes for multiple stores with store name in path
• #118 Add path /customer/account/resetpasswordpost to the default setup
• #108 Add Magento EQP tool in Travis build
• #105 Add coveralls.io support in Travis build

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

3.0.1

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #104 Fix to make sure the module will work with Magento 2.1 and 2.2

3.0.0

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #98 Convert "bitExpert" namespace to "BitExpert" to fix the Magento 2.2 XSD issue
• #99 Don't store AJAX requests as after login url
• #100 Apply fixes sugested by the EQP tool
• #101 Update docs to fix typos and reflect latest changes
• #102 Rename button "delete"

2.3.0

Added

• #88 Migrated from using observers to hook into router chain
• #89 Enabled edition of default whitelist routes
• #92 Fixed syntax issue in layout xml, invalid block definition

Deprecated

• Nothing.

Removed

• #88 Usage of observers (LoginRequiredOnCustomerSessionInitObserver, LoginRequiredOnVisitorInitObserver) and event hooks (customer_session_init, visitor_init) have been removed

Fixed

• #83 404 pages do not show when logged out
• #84 Disable registration isn't possible
• #91 Whitelist is Not works for Magento 2.2.0

2.2.0

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #85 Incompatible with Magento 2.2

2.1.0

Added

• #82 Fixed invalid position of tag resource in system.xml
• #78 Move backend configuration to customer > customer configuration section
• #77 Provides backwards compatibility by set strategy for existing rules to regex matcher instead of static
• #76 Static matcher now canonicalizes url and rule to omit differences of trailing slashes
• #60 Behavior Setting for Matcher

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #81 Error in admin pages due to invalid XML
• #79 Invalid system.xml file
• #75 Static matching strategy could ignore ending slash
• #74 Upgrade to 2.1 RC2 from 2 breaks backward compatibility of rules
• #73 Force login top level system config tab is overkill
• #72 Fixes on class resolution

2.0.2

Added

• #71 Moved events.xml to frontend/events.xml

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #68 Activating the module also blocks the backend

2.0.1

Added

• #67 Resolve redirect loop from login to customer dashboard

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #66 Redirect loop

2.0.0

Added

• Changed type namings in DI to match best practice.
• Respect configured login option behavior.
• Added own session handler.
• #63 Updated resource ACL
• #62 Move UpgradeSchema to InstallSchema
• #54 Added configuration to enabled or disabled the module
• #43 Added additional default rules for sitemap.xml and robots.txt
• #26 Added cache control to redirecting
• #24 Added configuration to set target url

Deprecated

• Nothing.

Removed

• Removed full qualification of namespace representation type name to match best practice.

Fixed

• Refactored code structure.
• #64 ACL error when accessing Store Configuration
• #61 Setup install then upgrade fails
• #35 Redirection after logging in

1.3.1

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Increased version number in module.xml

1.3.0

Added

• Unified support for Magento 2.0 and Magento 2.1

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

1.2.4

Added

• #27 Allow to edit default paths

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #22 disable /customer/account/create

1.2.3

Added

• #21 Updated docs to match Magento2 marketplace regulations

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

1.2.2

Added

• #15 Fixed appliance of whitelist repository collection filter

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #14 Whitelist entire website or store view

1.2.1

Added

• #15 Reduced the quotation of the whitelist entries to allow some regular expressions

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #14 Whitelist entire website or store view

1.2.0

Added

• #11 Magento 2.1 compatibility added

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

1.1.7

Added

• #27 Allow to edit default paths

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #22 disable /customer/account/create

1.1.6

Added

• #20 Updated docs to match Magento2 marketplace regulations

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

1.1.5

Added

• #15 Fixed appliance of whitelist repository collection filter

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #14 Whitelist entire website or store view

1.1.4

Added

• #15 Reduced the quotation of the whitelist entries to allow some regular expressions

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #14 Whitelist entire website or store view

1.1.3

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #7 Fixed new whitlist entry saving fails

1.1.2

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #6 Fix/missing customer session check

1.1.1

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #5 Fixed issue with storefront prefix

1.1.0

Added

• #4 Added an administrative UI for configure the whitelist entries

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

1.0.1

Added

• #1 added links to ignore-urls

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #3 Fix #2 issues with DI compilation
• #2 DI Compilation fails due to dependency duplicate on older magento2 versions then 2.0.4

1.0.0

Initial release of the Force Login module for Magento2.