opengento / module-hoodoor

opengento/module-hoodoor

This module enables you to log in without a password and without relying on a third-party service.

Opengento Team

magento2-module Compatibility: Not yet tested Code Quality: Fail Tests: N/A Security: Pass MIT

Get this package

Free

Install

Add the repository once:

composer config repositories.packagento composer https://packagento.com/

Then require:

composer require opengento/module-hoodoor:^0.2.0

Details

Latest version: 0.2.0
Released: 2026-03-05 11:12:52
Downloads: 0
License: MIT
Homepage: https://github.com/opengento/magento2-hoodoor
Repository: https://github.com/opengento/magento2-hoodoor
Issues: https://github.com/opengento/magento2-hoodoor/issues

Keywords

Own this package?

Are you the maintainer? Create an account and link the source repository to claim this package and register a webhook so new versions publish automatically.

Claim this Package

Report this package

Seeing license violations, malicious code, IP infringement, or spam? Let our moderation team know.

Readme

Module for Magento 2

This module provides a top-notch security for your customers' accounts by adopting a passwordless approach, effectively removing the vulnerability of weak passwords from your database. This instills a sense of confidence and reliability in your platform among your customers.

Setup
- Composer installation
- Setup the module
Settings
Documentation
Support
Authors
License

Setup

Magento 2 Open Source or Commerce edition is required.

Composer installation

Run the following composer command:

composer require opengento/module-hoodoor

Setup the module

Run the following magento command:

bin/magento setup:upgrade

If you are in production mode, do not forget to recompile and redeploy the static resources.

Settings

The configuration for this module is available in Stores > Configuration > OpenGento > Hoodoor.

Make sure you have generated a secret key.

Documentation

Compatibility and Activation:

This module is compatible with Magento 2 version 2.4.6-p4.

You have the flexibility to enable its functionality either on the Magento frontend or backend. To activate either option, adjust the corresponding values in the config settings.

Token Expiration and Customization:

By default, the authentication token remains valid for 15 minutes after the email is sent. However, you have the option to customize this duration according to your requirements. Refer to the PHP documentation on how to modify the datetime value.

Enhanced Security Measures:

We have implemented a robust security layer to ensure a high level of protection for the data transmitted via the HTTP protocol.

Private Key Generation:

To process requests securely, it is essential to generate a private key in the settings. This private key serves as a crucial component for decrypting and authenticating requests. Failure to provide this key may hinder the ability to decipher and establish connections effectively.

Support

Raise a new request to the issue tracker.

Authors

Opengento Community - Lead -
Ronan Guérin - Maintainer -
Contributors - Contributor -

License

This project is licensed under the MIT License - see the LICENSE details.

That's all folks!

Changelog

[0.2.0]

Added

PHPDoc blocks on all previously undocumented methods across the module
#[\Override] attributes on all overriding methods (PHP 8.3)
Typed constants (const string) where applicable (PHP 8.3)
Admin email template registration (admin_login) in etc/email_templates.xml
Login URL is now built in PHP (EmailProcessor) and passed as login_url template variable

Changed

RequestException now extends LocalizedException instead of \Exception
AccountManagement plugin throws LocalizedException instead of \Exception and uses __() instead of _()
Admin emails use a dedicated admin_login template instead of the generic customer one
Email templates use {{var login_url}} instead of this.getUrl(...) calls
Removed unused catch variables ($e, $exception)

Refactored

Extracted shared ProcessLogin logic into ProcessLoginTrait — both frontend and admin controllers now use the trait and implement 3 abstract methods
Extracted shared RequestLogin logic into RequestLoginTrait — both frontend and admin controllers now use the trait and implement 5 abstract methods
Consolidated 3 identical RemoveReAuthVerification plugin classes into a single class using Generic type hint
PasswordVerification::remove() signature changed from AccountForm|UserMain|RoleInfo to Generic

Fixed

PHP 8.4 compatibility: implicit nullable parameters now use explicit ?Type syntax (CreatePost, Model/Admin/User)
AccountManagementTest expectations updated to match LocalizedException change

Versions 15

Versions
Version	Stability	QA Status	Compatibility	Released
0.2.0	stable	Pass	Not yet tested Details	2026-03-05 11:12:52
0.1.2	stable	Not tested	Not yet tested Details	2025-05-14 13:15:29
0.1.1	stable	Not tested	Not yet tested Details	2025-05-14 11:03:43
0.1.0	stable	Not tested	Not yet tested Details	2025-05-13 05:47:51
0.0.11	stable	Not tested	Not yet tested Details	2024-09-22 12:26:03
0.0.10	stable	Not tested	Not yet tested Details	2024-09-22 11:20:56
0.0.9	stable	Not tested	Not yet tested Details	2024-09-21 06:49:53
0.0.8	stable	Not tested	Not yet tested Details	2024-08-08 03:01:42
0.0.7	stable	Not tested	Not yet tested Details	2024-04-09 09:07:32
0.0.6	stable	Not tested	Not yet tested Details	2024-04-09 07:48:43
0.0.5	stable	Not tested	Not yet tested Details	2024-04-09 07:26:01
0.0.4	stable	Not tested	Not yet tested Details	2024-04-01 00:44:20
0.0.3	stable	Not tested	Not yet tested Details	2024-03-30 10:55:28
0.0.2	stable	Not tested	Not yet tested Details	2024-03-26 12:13:45
0.0.1	stable	Not tested	Not yet tested Details	2024-03-23 15:35:04

Dependencies 6

Requires 4

Package	Constraint
php	^8.3
psr/log	*
magento/framework	*
firebase/php-jwt	^6.10

Requires-dev 2

Package	Constraint
magento/magento-coding-standard	^33
roave/security-advisories	dev-latest

Quality 12

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	not tested	not tested
2.4.8		not tested	not tested
2.4.9			not tested	not tested

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool	Status	Findings	Summary
PHPCS	Warning	63	63 warnings (ruleset: Magento2) — 6 auto-fixable with phpcbf
PHPMD	Warning	9	9 rule violations (MissingImport:3, ExcessiveParameterList:2, UnusedFormalParameter:2, CyclomaticComplexity:1, NPathComplexity:1)
Cpd	Pass	0
Composer validate	Info	2	valid; 2 advisory notes (composer validate --strict)

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.

PHPStan results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	Error
2.4.8		Error	Error
2.4.9			Error	Error

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Integration tests

Integration tests results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool	Status	Findings	Summary
Composer audit	N/A	0	no resolvable dependency tree to audit — Your requirements could not be resolved to an installable set of packages. Problem 1
Malware scan	Pass	0

License

License

MIT

Homepage

https://github.com/opengento/magento2-hoodoor

Authors

Opengento Team <[email protected]> — lead

More from opengento

View vendor

opengento/module-store-path-url Free

magento2-module

This module updates the store code path in url with the country code or a custom value.

v4.1.9 8mo ago

opengento/module-product-breadcrumbs Free

magento2-module

This module allows to toggle server side rendered breadcrumbs for product pages.

v2.0.4 12mo ago

opengento/logger Free

magento2-module

This extension sets new logger handlers for Magento2, such as Gelf or Slack and many others.

v0.14.0 10mo ago

opengento/module-webapi-logger Free

magento2-module

This module allows you to analyze all the webapi rest done call toward your Magento.

v5.0.0 4mo ago

Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.

List your module