# elgentos/frontend2fa

> Magento 2 Frontend 2FA implementation

`composer require elgentos/frontend2fa`

Canonical URL: https://packagento.com/elgentos/frontend2fa

## At a glance

- **Vendor**: elgentos (https://packagento.com/elgentos.md)
- **Latest version**: 1.2.0 — released 2026-02-09
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/elgentos/frontend2fa and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require elgentos/frontend2fa:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

Magento 2 Frontend 2FA implementation

## README

This extension is based on [Neyamtux_Authenticator](https://github.com/juashyam/2-Factor-Authentication/), which offers 2FA for the backend.

### Features
- Ability to force frontend 2FA for specific customer groups;
- 2FA is enforced for chosen customer groups meaning the customer has to either setup or authenticate before continuing after logging in;
- All customers in any group can optionally set their own 2FA;
- Open the customer in the backend to be able to reset the 2FA secret;
- Dutch translation files;
- Hyva theme support with Tailwind CSS templates.

### Installation

```
composer require elgentos/frontend2fa
php bin/magento module:enable Elgentos_Frontend2FA
php bin/magento module:enable Neyamtux_Authenticator
php bin/magento setup:upgrade
```

### Hyva Theme Support

This module includes Hyva-compatible templates that use Tailwind CSS classes. The Hyva templates are automatically loaded when a Hyva theme is active and provide the same functionality with Hyva's styling approach.

The following Hyva templates are included:
- `view/frontend/templates/hyva/setup.phtml` - Two-Factor Authentication setup page
- `view/frontend/templates/hyva/authenticate.phtml` - Two-Factor Authentication login page

The templates are responsive and use Tailwind utility classes for styling.

### Integration with other authentication systems

To bypass the 2FA requirement for a specific logged in user, for example if you are using a Single Sign-On system for certain users,
set this value in their customer session:


```
$customerSession->set2faSuccessful(true);
```

### Screenshots

Setup page (in My Account)

![image](https://user-images.githubusercontent.com/431360/53883116-69cdd280-4018-11e9-89a2-c1a471c51d64.png)

2FA authentication after logging in when setup is done

![image](https://user-images.githubusercontent.com/431360/53883181-98e44400-4018-11e9-8bc0-d98676e3527a.png)

Configuration in backend

![image](https://user-images.githubusercontent.com/431360/53885104-3b9ec180-401d-11e9-98bc-ec1a2df3fa6c.png)

2FA reset button in backend

![image](https://user-images.githubusercontent.com/431360/53883268-ce892d00-4018-11e9-84f6-aa1c0fc2e34a.png)

### License

This project is licensed under the MIT License

## Recent Versions

| Version | Released |
|---|---|
| 1.2.0 | 2026-02-09 |
| 1.1.0 | 2025-06-16 |
| 1.0.1 | 2025-04-10 |
| 1.0.0 | 2024-03-20 |
| 0.1.11 | 2021-11-19 |
| 0.1.10 | 2021-08-18 |
| 0.1.9 | 2021-03-03 |
| 0.1.8 | 2019-03-20 |
| 0.1.7 | 2019-03-19 |
| 0.1.6 | 2019-03-19 |

Showing 10 of 16 versions. Full release history on https://packagento.com/elgentos/frontend2fa.

## Dependencies

### Require

| Package | Constraint |
|---|---|
| endroid/qr-code | ^6 |
| juashyam/authenticator | dev-master |

## Quality

Latest release (1.2.0) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | not tested | not tested | – | – |
| 2.4.8 | – | not tested | not tested | – |
| 2.4.9 | – | – | not tested | not tested |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Fail | 114 | 4 errors, 110 warnings (ruleset: Magento2) — 58 auto-fixable with phpcbf |
| PHPMD | Pass | 0 |  |
| Cpd | Warning | 1 | 1 duplicated chunk spanning 32 total lines (min-lines=5, min-tokens=70) |
| Composer validate | Pass | 0 |  |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Error | Error | – | – |
| 2.4.8 | – | Error | Error | – |
| 2.4.9 | – | – | Error | Error |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | Pass | 0 |  |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["elgentos/frontend2fa"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

elgentos is a Magento 2 vendor on Packagento. See https://packagento.com/elgentos.md for their full catalogue.

