markshust/magento2-module-disabletwofactorauth
Composer 安装命令:
composer require --dev markshust/magento2-module-disabletwofactorauth
包简介
The DisableTwoFactorAuth module provides the ability to disable two-factor authentication.
README 文档
README
Provides the ability to disable two-factor authentication.
Table of contents
Summary
With the release of Magento 2.4, two-factor authentication (also known as 2FA) became enabled by default, with no ability to disable it in either the admin or console. However, there are situations which may require 2FA to be disabled or temporarily turned off, such as within development or testing environments.
This module automatically disables 2FA while in developer mode (since version 2.0.0), and adds the missing toggle to turn 2FA on or off from the admin for other environments. It does this by hooking into the core code in a very seamless manner, just as would be done if this toggle existed in the core code. Installing this module should not open any security holes, as it just works off of a simple config toggle which, if not present, falls back to the default functionality.
You can also toggle 2FA back on while in developer mode, if you need to test your code functionality while 2FA is enabled.
Why
Why should you use this module? I hear all of the time that you can just disable Magento's 2FA module. There is a large inherent issue with doing this though.
When you disable a module, it updates the app/etc/config.php file with the removed module, which will eventually make its way upstream (accidentally committed to version control or unintendedly leaving your development environment). This will disable 2FA on staging/production, which is a big security concern. This module resolves this because you can keep it installed & enabled on dev/stage/prod, but control whether or not 2FA is enabled or disabled with configuration settings or environment variables. This means you can have it permanently disabled on dev, but have it permanently enabled in all other environments, all while keeping this module installed in all environments.
Installation
composer require --dev markshust/magento2-module-disabletwofactorauth
bin/magento module:enable MarkShust_DisableTwoFactorAuth
bin/magento setup:upgrade
Usage
This module automatically disables 2FA in developer mode (since version 2.0.0). In any other deployment mode, 2FA is kept enabled by default. This is to prevent any unexpected side effects or security loopholes from being introduced during automated installation processes.
It is highly recommended to install this module as a dev dependency to avoid security warning reports from either Adobe Commerce or other production environments which run security checks. This can be done either by passing in the --dev flag when installing it with Composer, or by adding it to the require-dev property of your composer.json file.
Disable 2FA
It may still be desirable to disable 2FA in non-production environments, such as within testing or internal staging environments. For these cases, 2FA is not automatically disabled. However, there are toggles to override the default Magento settings to disable 2FA within these environments.
You can also bypass 2FA for API token generation. This can be useful for third-party vendors during module development.
NOTE: Always keep 2FA enabled within production environments for security purposes.
2FA
To disable 2FA, visit Admin > Stores > Settings > Configuration > Security > 2FA and set Enable 2FA to No.
CLI: bin/magento config:set twofactorauth/general/enable 0
2FA for API Token Generation
To disable 2FA for API Token Generation, visit Admin > Stores > Settings > Configuration > Security > 2FA and set Enable 2FA for API Token Generation to No.
CLI: bin/magento config:set twofactorauth/general/enable_for_api_token_generation 0
Enable 2FA in developer mode
This module automatically disables 2FA while developer mode is enabled, but there may be situations when you need 2FA enabled during development. Rather than needing to disable this module, you can just disable this configuration setting in the admin.
To enable 2FA while in developer mode, visit Admin > Stores > Settings > Configuration > Security > 2FA and set Disable 2FA in Developer Mode to No.
CLI: bin/magento config:set twofactorauth/general/disable_in_developer_mode 0
Credits
M.academy
This module is sponsored by M.academy, the simplest way to master Magento development.
Mark Shust
My name is Mark Shust and I am a 6X Adobe Commerce Certified Developer and the founder of M.academy. Since the early days of Magento, I've been involved with many intricately complex eCommerce and open-source projects.
My passion is teaching and helping others learn Magento, and has created many courses and tutorials to help thousands of students from all over the world to learn and improve their Magento skills.
- 🖥️ Learn with Magento courses
- 📖 Read my technical articles
- 🔗 Connect on LinkedIn
- 🎥 Watch on YouTube
- 🐦 Follow me on X
- 💌 Contact me
License
markshust/magento2-module-disabletwofactorauth 适用场景与选型建议
markshust/magento2-module-disabletwofactorauth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.84M 次下载、GitHub Stars 达 228, 最近一次更新时间为 2020 年 08 月 10 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 「two-factor」 「magento」 「dev」 「2fa」 「magento2」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 markshust/magento2-module-disabletwofactorauth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 markshust/magento2-module-disabletwofactorauth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 markshust/magento2-module-disabletwofactorauth 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Filament Two Factor Authentication: Google 2FA + Passkey Authentication
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
Novactive eZ 2FA Bundle is an Ibexa bundle that provides two-factor authentication for your Ibexa project
Two-factor Authentication for WordPress
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
统计信息
- 总下载量: 2.84M
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 230
- 点击次数: 21
- 依赖项目数: 6
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2020-08-10

