nswdpc / silverstripe-authentication-boilerplate
Boilerplate default access rules for Silverstripe websites
Installs: 4 425
Dependents: 1
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 1
Type:silverstripe-vendormodule
Requires
Requires (Dev)
- cambis/silverstripe-rector: ^0.5.1
- nswdpc/ci-files: ^1
- phpunit/phpunit: ^9.5
- syntro/silverstripe-phpstan: ^5
This package is auto-updated.
Last update: 2024-10-27 04:49:00 UTC
README
This module provides a standard set of rules for defining access to Silverstripe sites:
- password validation configuration per NIST standards
- password handling and management
- password checking via pwnedpasswords API
- multi-factor authentication setup (MFA)
- security extensions
- security reports
- pending profiles
This module is under active development and should not be considered production-ready just yet
We welcome testing and feedback via the Github issue tracker
Requirements
- silverstripe/totp-authenticator - for MFA via a Time-based One-time Password
- nswdpc/silverstripe-pwnage-hinter - provides pwned password/breached account assistance
- silverstripe/security-extensions - provides features including sudo mode, password change on next sign in
- silverstripe/securityreport - "Users, Groups and Permissions" report in the administration area for Administrators
- spomky-labs/otphp - TOTP base library
See composer.json for details
Configuration
Note that this module provides the ability to configure the MFA secret key via per-project YAML rather than in .env
More: Multi Factor Authentication
Good-to-know
Password validator
If you are setting a PasswordValidator in project configuration like so:
$validator = \SilverStripe\Security\PasswordValidator::create(); \SilverStripe\Security\Member::set_password_validator($validator);
This will replace the password validator provided in this module.
License
Documentation
Maintainers
Bugtracker
We welcome bug reports, pull requests and feature requests on the Github Issue tracker for this project.
Please review the code of conduct prior to opening a new issue.
Development and contribution
If you would like to make contributions to the module please ensure you raise a pull request and discuss with the module maintainers.
Please review the code of conduct prior to completing a pull request.