aligent/bypass2fa

Release 2.1.1

Magento 2 module for bypassing 2-factor authentication in local development environments.

Repository Packagist PHP

Keywords
development, magento2, security
License
OCCT-PL

Documentation

Bypass 2-Factor Authentication

This module is designed to allow developers to bypass the need for 2-factor authentication (2FA) in local development environments.

Configuration

The bypassing of 2FA is made possible for both admin access and the generation of admin tokens via API. Both methods of access are controlled by setting variables in the environment's app/etc/env.php file:

  • BYPASS_2FA_ADMIN when set to true (must be a boolean, setting truthy or falsy values like 1, 'true' is not supported), this variable allows bypassing of 2FA for admin actions.
  • BYPASS_2FA_API when set to true, this variable allows bypassing of 2FA for admin token generation.

Additionally, there is an added security measure, to prevent 2FA being bypassed accidentally (or intentionally) in production environments. The app/etc/config.php file must have the following config setting added under system => default:

'system' => [
  'default' => [
    'bypass_2fa' => [
      'settings' => [
        'allowed_hostnames' => [
            'hostname1',
            'hostname2',
          ...
        ],
         'allowed_usernames' => [
            'username1',
            'username2'
        ]
      ]
    ]
  ]
]

The configured (partial) hostnames are checked against the base URL, with the configured name needing to be contained wholly within the base URL. If no match is found, then 2FA is not bypassed for the request. By committing this setting to the codebase, it prevents someone from overriding the allowed hosts in environments such as Magento Cloud hosting (where app/etc/config.php is not writable).

Magento Cloud

Magento Cloud environment-specific variables can be used to switch this feature on and off on a per cloud instance, especially useful for integration environments where emails may not be configured. First make sure that you've added the hostname to config.php in the allowed_hostnames section, and then also check you've added the usernames in the allowed_usernames section that need to be bypassed 2FA when generating the admin tokens. Then, in the Cloud dashboard:

  1. Click Configure enviroment and enter the Variables tab
  2. Add env:BYPASS_2FA_ADMIN and env:BYPASS_2FA_API as needed, setting the value to 1 to enable bypass

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
5
Latest release
First release
Stars
3
Forks
0
Watchers
6
Contributors
4
Repository size
23.4 KB
SourceRank
10

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.1.1
2.1.0
1.0.2
2.0.0
1.0.0

Contributors

Lachlan Turner Matt Smith Gowri harshaaligent


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-01-17 00:25:06 UTC

Login to resync this project