# opengento/module-hoodoor

> This module enables you to log in without a password and without relying on a third-party service.

`composer require opengento/module-hoodoor`

Canonical URL: https://packagento.com/opengento/module-hoodoor

## At a glance

- **Vendor**: opengento (https://packagento.com/opengento.md)
- **Latest version**: 0.2.0 — released 2026-03-05
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/opengento/module-hoodoor and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require opengento/module-hoodoor:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

This module enables you to log in without a password and without relying on a third-party service.

## README

[![Latest Stable Version](https://img.shields.io/packagist/v/opengento/module-hoodoor.svg?style=flat-square)](https://packagist.org/packages/opengento/module-hoodoor)
[![License: MIT](https://img.shields.io/github/license/opengento/magento2-hoodoor.svg?style=flat-square)](./LICENSE)
[![Packagist](https://img.shields.io/packagist/dt/opengento/module-hoodoor.svg?style=flat-square)](https://packagist.org/packages/opengento/module-hoodoor/stats)
[![Packagist](https://img.shields.io/packagist/dm/opengento/module-hoodoor.svg?style=flat-square)](https://packagist.org/packages/opengento/module-hoodoor/stats)

This module provides a top-notch security for your customers' accounts by adopting a passwordless approach, effectively removing the vulnerability of weak passwords from your database. This instills a sense of confidence and reliability in your platform among your customers.

- [Setup](#setup)
    - [Composer installation](#composer-installation)
    - [Setup the module](#setup-the-module)
- [Settings](#settings)
- [Documentation](#documentation)
- [Support](#support)
- [Authors](#authors)
- [License](#license)

### Setup

Magento 2 Open Source or Commerce edition is required.

####  Composer installation

Run the following composer command:

```
composer require opengento/module-hoodoor
```

#### Setup the module

Run the following magento command:

```
bin/magento setup:upgrade
```

**If you are in production mode, do not forget to recompile and redeploy the static resources.**

### Settings

The configuration for this module is available in `Stores > Configuration > OpenGento > Hoodoor`.

Make sure you have generated a secret key.

### Documentation

#### Compatibility and Activation:

This module is compatible with Magento 2 version 2.4.6-p4. 

You have the flexibility to enable its functionality either on the Magento frontend or backend. To activate either option, adjust the corresponding values in the config settings.

#### Token Expiration and Customization:

By default, the authentication token remains valid for 15 minutes after the email is sent. However, you have the option to customize this duration according to your requirements. Refer to the PHP documentation on how to modify the datetime value.

#### Enhanced Security Measures:

We have implemented a robust security layer to ensure a high level of protection for the data transmitted via the HTTP protocol.

#### Private Key Generation:

To process requests securely, it is essential to generate a private key in the settings. This private key serves as a crucial component for decrypting and authenticating requests. Failure to provide this key may hinder the ability to decipher and establish connections effectively.

### Support

Raise a new [request](https://github.com/opengento/magento2-hoodoor-login/issues) to the issue tracker.

### Authors

- **Opengento Community** - *Lead* - [![Twitter Follow](https://img.shields.io/twitter/follow/opengento.svg?style=social)](https://twitter.com/opengento)
- **Ronan Guérin** - *Maintainer* - [![GitHub followers](https://img.shields.io/github/followers/ronangr1.svg?style=social)](https://github.com/ronangr1)
- **Contributors** - *Contributor* - [![GitHub contributors](https://img.shields.io/github/contributors/opengento/magento2-hoodoor.svg?style=flat-square)](https://github.com/opengento/magento2-store-path-url/graphs/contributors)

### License

This project is licensed under the MIT License - see the [LICENSE](./LICENSE) details.

***That's all folks!***

## Changelog

### [0.2.0]

#### Added
- PHPDoc blocks on all previously undocumented methods across the module
- `#[\Override]` attributes on all overriding methods (PHP 8.3)
- Typed constants (`const string`) where applicable (PHP 8.3)
- Admin email template registration (`admin_login`) in `etc/email_templates.xml`
- Login URL is now built in PHP (`EmailProcessor`) and passed as `login_url` template variable

#### Changed
- `RequestException` now extends `LocalizedException` instead of `\Exception`
- `AccountManagement` plugin throws `LocalizedException` instead of `\Exception` and uses `__()` instead of `_()`
- Admin emails use a dedicated `admin_login` template instead of the generic customer one
- Email templates use `{{var login_url}}` instead of `this.getUrl(...)` calls
- Removed unused catch variables (`$e`, `$exception`)

#### Refactored
- Extracted shared `ProcessLogin` logic into `ProcessLoginTrait` — both frontend and admin controllers now use the trait and implement 3 abstract methods
- Extracted shared `RequestLogin` logic into `RequestLoginTrait` — both frontend and admin controllers now use the trait and implement 5 abstract methods
- Consolidated 3 identical `RemoveReAuthVerification` plugin classes into a single class using `Generic` type hint
- `PasswordVerification::remove()` signature changed from `AccountForm|UserMain|RoleInfo` to `Generic`

#### Fixed
- PHP 8.4 compatibility: implicit nullable parameters now use explicit `?Type` syntax (`CreatePost`, `Model/Admin/User`)
- `AccountManagementTest` expectations updated to match `LocalizedException` change

## Recent Versions

| Version | Released |
|---|---|
| 0.2.0 | 2026-03-05 |
| 0.1.2 | 2025-05-14 |
| 0.1.1 | 2025-05-14 |
| 0.1.0 | 2025-05-13 |
| 0.0.11 | 2024-09-22 |
| 0.0.10 | 2024-09-22 |
| 0.0.9 | 2024-09-21 |
| 0.0.8 | 2024-08-08 |
| 0.0.7 | 2024-04-09 |
| 0.0.6 | 2024-04-09 |

Showing 10 of 15 versions. Full release history on https://packagento.com/opengento/module-hoodoor.

## Dependencies

### Require

| Package | Constraint |
|---|---|
| firebase/php-jwt | ^6.10 |
| magento/framework | * |
| php | ^8.3 |
| psr/log | * |

### Require (dev)

| Package | Constraint |
|---|---|
| magento/magento-coding-standard | ^33 |
| roave/security-advisories | dev-latest |

## Quality

Latest release (0.2.0) passes the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | not tested | not tested | – | – |
| 2.4.8 | – | not tested | not tested | – |
| 2.4.9 | – | – | not tested | not tested |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Warning | 63 | 63 warnings (ruleset: Magento2) — 6 auto-fixable with phpcbf |
| PHPMD | Warning | 9 | 9 rule violations (MissingImport:3, ExcessiveParameterList:2, UnusedFormalParameter:2, CyclomaticComplexity:1, NPathComplexity:1) |
| Cpd | Pass | 0 |  |
| Composer validate | Info | 2 | valid; 2 advisory notes (composer validate --strict) |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | Error | – | – |
| 2.4.8 | – | Error | Error | – |
| 2.4.9 | – | – | Error | Error |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | N/A | 0 | no resolvable dependency tree to audit — Your requirements could not be resolved to an installable set of packages. Problem 1 |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["opengento/module-hoodoor"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

opengento is a Magento 2 vendor on Packagento. See https://packagento.com/opengento.md for their full catalogue.