Novactive eZ Protected Content Bundle is an Ibexa bundle that provides quick protection on Contents

v2.0.6 2023-12-08 13:33 UTC


This repository is what we call a "subtree split": a read-only copy of one directory of the main repository. It is used by Composer to allow developers to depend on specific bundles.

If you want to report or contribute, you should instead open your issue on the main repository:

Documentation is available in this repository via .md files but also packaged here:

Downloads Latest version License

A bundle that provides quick password protection on Contents.

How does it work?

Allows you to add 1 on N password on a Content in the Admin UI.

Once a Password is set, the Content becomes Protected. In this situation you will have 2 new variables in the view full. Allowing you do:

<h2>{{ ibexa_content_name(content) }}</h2>
{% if not canReadProtectedContent %}
    <p>This content has been protected by a password</p>
    <div class="protected-content-form">
        {{ form(requestProtectedContentPasswordForm) }}
{% else %}
    {% for field in content.fieldsByLanguage(language|default(null)) %}
        <h3>{{ field.fieldDefIdentifier }}</h3>
        {{ ez_render_field(content, field.fieldDefIdentifier) }}
    {% endfor %}
{% endif %}

You can also manage this globally through the pagelayout wrapping the content block.

Once you have unlocked the content, canReadProtectedContent will be true

HTTP Cache is disabled for Protected Content.


Installation steps

Add the lib to your composer.json, run composer require novactive/ezprotectedcontentbundle to refresh dependencies.

Then inject the bundle in the bundles.php of your application.

    Novactive\Bundle\eZProtectedContentBundle\NovaeZProtectedContentBundle::class => [ 'all'=> true ],

Add routes

    resource: '@NovaeZProtectedContentBundle/Resources/config/routing/main.yml'

Install the database schema

bin/console novaezprotectedcontent:install


This module add a cookie to unlock the contents that match it, for that reason you want to keep all the cookie that starts with PasswordProvided::COOKIE_PREFIX (i.e: protected-content-).

 // Remove all cookies besides Session ID, as JS tracker cookies and so will make the responses effectively un-cached
    if (req.http.cookie) {
        set req.http.cookie = ";" + req.http.cookie;
        set req.http.cookie = regsuball(req.http.cookie, "; +", ";");
        set req.http.cookie = regsuball(req.http.cookie, ";[ ]*(eZSESSID[^=]*|protected-content-[^=]*)=", "; \1=");
        set req.http.cookie = regsuball(req.http.cookie, ";[^ ][^;]*", "");
        set req.http.cookie = regsuball(req.http.cookie, "^[; ]+|[; ]+$", "");