@@ -51,33 +51,67 @@ git clone --recurse-submodules https://github.com/OXID-eSales/security-module.gi
5151You should be able to access the shop with http://localhost.local and the admin panel with http://localhost.local/admin
5252(credentials: noreply@oxid-esales.com / admin)
5353
54- ## Password strength and Captcha protection
54+ ## Features
55+
56+ ### Password Strength Policy
5557
5658This module provides password strength estimation for any string input.
5759It can validate password length and character variety based on configurable settings.
5860It also includes a visual password strength indicator with a progress bar for real-time feedback via an Ajax widget.
5961
60- Additionally, the module features Image Captcha protection to prevent automated bot submissions.
61- Users must enter the text displayed in the captcha image, with an audio captcha option available for accessibility.
62- A honeypot captcha is also implemented as a hidden field to detect and block bots without affecting the user experience.
63-
64- ### Configuration
65-
66- The module configurations provide an option to Enable/Disable any of the features -
67- Password strength estimation, Image Captcha protection, Honeypot Captcha protection.
62+ #### Configuration
6863
69- Configurable options for password strength estimation are:
7064- Enable/Disable password strength estimation
7165- Minimum password length
7266- Uppercase character requirement
7367- Lowercase character requirement
7468- Digit requirement
7569- Special character requirement
7670
77- Configurable options for Captcha protection are:
71+ ### Captcha Protection
72+
73+ The module features Image Captcha protection to prevent automated bot submissions.
74+ Users must enter the text displayed in the captcha image, with an audio captcha option available for accessibility.
75+ A honeypot captcha is also implemented as a hidden field to detect and block bots without affecting the user experience.
76+
77+ #### Configuration
78+
7879- Enable/Disable Image Captcha protection
7980- Enable/Disable Honeypot Captcha protection
80- - Image Captcha lifetime
81+ - Image Captcha lifetime (5min, 15min, 30min)
82+
83+ ### Two-Factor Authentication (2FA)
84+
85+ The module provides Two-Factor Authentication using email-based One-Time Password (OTP) verification.
86+ When enabled, users are required to enter a verification code sent to their email address after logging in with their credentials.
87+
88+ #### Configuration
89+
90+ - Enable/Disable Two-Factor Authentication
91+ - Verification type (currently supports OTP)
92+
93+ ### OAuth Social Login
94+
95+ The module supports social login integration, allowing users to authenticate using their existing social media accounts.
96+ This provides a convenient and secure way for customers to log in without creating a separate password.
97+
98+ #### Supported Providers
99+
100+ ** Facebook Login**
101+ - Enable/Disable Facebook login
102+ - Facebook Client ID
103+ - Facebook Client Secret
104+ - Facebook Redirect URL
105+
106+ ** Google Login**
107+ - Enable/Disable Google login
108+ - Google Client ID
109+ - Google Client Secret
110+ - Google Redirect URL
111+
112+ To configure OAuth providers, you need to create applications in the respective developer consoles
113+ ([ Facebook Developers] ( https://developers.facebook.com/ ) , [ Google Cloud Console] ( https://console.cloud.google.com/ ) )
114+ and obtain the Client ID and Client Secret credentials.
81115
82116### Running the tests and quality tools
83117
0 commit comments