genaker / free-admin
Magento 2 module that allows free admin login when env.php backend => auth = false
Installs: 2
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 0
Forks: 0
Open Issues: 0
Type:magento2-module
pkg:composer/genaker/free-admin
Requires
- magento/framework: >=103.0.0
- magento/module-backend: >=100.0.0
- magento/module-user: >=100.0.0
README
Overview
This module allows free admin login when the Magento_Backend module is disabled in app/etc/config.php
.
How It Works
The module uses a before plugin on Magento\Backend\Model\Auth::login()
method to:
- Security Check: Never bypass authentication in production mode
- Check if
Magento_Backend
module is disabled using Magento'sModuleList
andDeploymentConfig
classes - If disabled AND not in production mode, bypass normal authentication by:
- First trying to find admin user by the provided email/username
- If not found, falling back to the first available admin user
- If enabled or in production mode, proceed with normal authentication
Installation
Method 1: Manual Installation
- Copy the module to
app/code/Genaker/FreeAdmin/
- Enable the module:
php bin/magento module:enable Genaker_FreeAdmin
- Run setup:
php bin/magento setup:upgrade php bin/magento setup:di:compile php bin/magento cache:flush
Method 2: Composer Installation
- Add the module to your project's
composer.json
:{ "repositories": [ { "type": "path", "url": "app/code/Genaker/FreeAdmin" } ] }
- Install via Composer:
composer require genaker/free-admin:1.0.0
- Run setup:
php bin/magento setup:upgrade php bin/magento setup:di:compile php bin/magento cache:flush
Usage
To Enable Free Admin Access:
- Set
backend/auth
tofalse
in your deployment configuration (e.g.,app/etc/env.php
):
'backend' => [ 'auth' => false ],
- Clear caches:
php bin/magento cache:flush
- Now any username/password combination will work for admin login
To Disable Free Admin Access:
- Set
backend/auth
totrue
or remove the configuration in your deployment configuration:
'backend' => [ 'auth' => true ],
- Clear caches:
php bin/magento cache:flush
Security Warning
⚠️ IMPORTANT: This module is for development/testing purposes only.
- Never bypasses authentication in production mode - additional safety measure
- It bypasses authentication when enabled by using existing admin users
- Requires at least one admin user to exist in the system
- Only works in development or default modes
Module Structure
Genaker/FreeAdmin/
├── Plugin/
│ └── Backend/
│ └── Model/
│ └── Auth/
│ └── SimpleLoginPlugin.php
├── etc/
│ ├── di.xml
│ └── module.xml
├── composer.json
├── registration.php
└── README.md
Troubleshooting
Module Not Working
- Check if module is enabled:
php bin/magento module:status Genaker_FreeAdmin
- Verify plugin is loaded:
php bin/magento setup:di:compile
- Clear caches:
php bin/magento cache:flush
- We need also disable TWO FACTOR Auth modules
Customization
To modify the authentication bypass logic, edit SimpleLoginPlugin.php
in the beforeLogin
method.
Support
For issues or questions, check the module logs or contact the development team.