oxid-esales / security-module
OXID eSales Security module
Installs: 1
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 3
Forks: 0
Type:oxideshop-module
Requires
- php: ^8.2
Requires (Dev)
- codeception/codeception: *
- codeception/module-asserts: *
- codeception/module-db: *
- codeception/module-filesystem: *
- codeception/module-webdriver: *
- mikey179/vfsstream: ^1.6
- oxid-esales/codeception-modules: dev-b-7.3.x
- oxid-esales/codeception-page-objects: dev-b-7.3.x
- oxid-esales/oxideshop-ce: dev-b-7.3.x
- phpmd/phpmd: ^2.15
- phpstan/phpstan: ^1.11
- phpunit/phpunit: ^11.4
- squizlabs/php_codesniffer: 3.*
Conflicts
- oxid-esales/oxideshop-ce: <7.3
This package is not auto-updated.
Last update: 2025-06-18 12:19:49 UTC
README
A collection of security features for OXID eShop
Compatibility
This module assumes you have OXID eShop Compilation version 7.3.0 installed.
Branches
- 2.0.0.x versions (or b-7.3.x branch) are compatible with OXID eShop compilation 7.3.x.
- 1.0.0.x versions (or b-7.2.x branch) are compatible with OXID eShop compilation 7.2.x.
Development installation
To be able running the tests and other preconfigured quality tools, please install the module as a root package.
The next section shows how to install the module as a root package by using the OXID eShop SDK.
In case of different environment usage, please adjust by your own needs.
Development installation on OXID eShop SDK
The installation instructions below are shown for the current SDK for shop 7.3. Make sure your system meets the requirements of the SDK.
-
Ensure all docker containers are down to avoid port conflicts
-
Clone the SDK for the new project
echo MyProject && git clone https://github.com/OXID-eSales/docker-eshop-sdk.git $_ && cd $_
- Clone the repository to the source directory
git clone --recurse-submodules https://github.com/OXID-eSales/security-module.git --branch=b-7.3.x ./source
- Run the recipe to setup the development environment
./source/recipes/setup-development.sh
You should be able to access the shop with http://localhost.local and the admin panel with http://localhost.local/admin (credentials: noreply@oxid-esales.com / admin)
Password strength and Captcha protection
This module provides password strength estimation for any string input. It can validate password length and character variety based on configurable settings. It also includes a visual password strength indicator with a progress bar for real-time feedback via an Ajax widget.
Additionally, the module features Image Captcha protection to prevent automated bot submissions. Users must enter the text displayed in the captcha image, with an audio captcha option available for accessibility. A honeypot captcha is also implemented as a hidden field to detect and block bots without affecting the user experience.
Configuration
The module configurations provide an option to Enable/Disable any of the features - Password strength estimation, Image Captcha protection, Honeypot Captcha protection.
Configurable options for password strength estimation are:
- Enable/Disable password strength estimation
- Minimum password length
- Uppercase character requirement
- Lowercase character requirement
- Digit requirement
- Special character requirement
Configurable options for Captcha protection are:
- Enable/Disable Image Captcha protection
- Enable/Disable Honeypot Captcha protection
- Image Captcha lifetime
Running the tests and quality tools
Check the "scripts" section in the composer.json file for the available commands. Those commands can be executed
by connecting to the php container and running the command from there, example:
make php composer tests-coverage
Commands can be also triggered directly on the container with docker compose, example:
docker compose exec -T php composer tests-coverage
Testing
Linting, syntax check, static analysis
Check the "scripts" section in the composer.json file for the available commands. Those commands can be executed
by connecting to the php container and running the command from there, example:
make php composer update composer static
Unit/Integration/Acceptance tests
- Run all the tests
composer tests-all
- Or the desired suite
composer tests-unit composer tests-integration composer tests-codeception