This module provides a standard set of rules for defining access to Silverstripe sites:
- password validation configuration per NIST standards
- password handling and management
- password checking via pwnedpasswords API
- multi-factor authentication setup (MFA)
- security extensions
- security reports
- pending profiles
This module is under active development and should not be considered production-ready just yet
We welcome testing and feedback via the Github issue tracker
- silverstripe/totp-authenticator - for MFA via a Time-based One-time Password
- nswdpc/silverstripe-pwnage-hinter - provides pwned password/breached account assistance
- silverstripe/security-extensions - provides features including sudo mode, password change on next sign in
- silverstripe/securityreport - "Users, Groups and Permissions" report in the administration area for Administrators
- spomky-labs/otphp - TOTP base library
See composer.json for details
Note that this module provides the ability to configure the MFA secret key via per-project YAML rather than in .env
More: Multi Factor Authentication
If you are setting a PasswordValidator in project configuration like so:
$validator = \SilverStripe\Security\PasswordValidator::create();
\SilverStripe\Security\Member::set_password_validator($validator);This will replace the password validator provided in this module.
We welcome bug reports, pull requests and feature requests on the Github Issue tracker for this project.
Please review the code of conduct prior to opening a new issue.
If you would like to make contributions to the module please ensure you raise a pull request and discuss with the module maintainers.
Please review the code of conduct prior to completing a pull request.