PHPackages                             ashokdubariya/module-login-as-customer - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. ashokdubariya/module-login-as-customer

ActiveMagento2-module[Security](/categories/security)

ashokdubariya/module-login-as-customer
======================================

Secure admin-to-customer login with multi-website support and audit logging for Magento 2

1.0.0(5mo ago)031MITPHPPHP ^8.1

Since Jan 16Pushed 5mo agoCompare

[ Source](https://github.com/ashokdubariya/magento2-login-as-customer)[ Packagist](https://packagist.org/packages/ashokdubariya/module-login-as-customer)[ RSS](/packages/ashokdubariya-module-login-as-customer/feed)WikiDiscussions main Synced today

READMEChangelog (1)Dependencies (5)Versions (2)Used By (0)

Magento 2 Login as Customer Module
==================================

[](#magento-2-login-as-customer-module)

This repository contains a **Login as Customer** module that allows authorized Admin users to log in as customers from the Admin Panel with **multi-website support** and full audit traceability.

Key Features
------------

[](#key-features)

- **Multi-Website Support** - Login as customer on any website (Ashokdubariya, Coverion, etc.)
- **Smart Button Detection** - Automatically shows single button or dropdown based on available websites
- **Grid &amp; Edit Page Access** - Login from customer grid or edit page
- **Cryptographically Secure** - Token-based authentication with SHA-256 hashing
- **Complete Audit Trail** - Track every login attempt with full details
- **ACL Protected** - Granular permission control
- **One-Time Tokens** - Prevents replay attacks
- **Configurable Expiry** - Default 5-minute token lifetime

Security Features
-----------------

[](#security-features)

- **Cryptographically Secure Tokens** - Uses `random_bytes(32)` for token generation
- **SHA-256 Hash Storage** - Tokens stored as hashes, never plaintext
- **Single-Use Tokens** - Automatically invalidated after first use
- **Configurable Expiry** - Default 5 minutes, prevents stale tokens
- **ACL Protected** - Dual permissions for login action and audit access
- **Complete Audit Trail** - Logs every attempt with admin/customer/IP/timestamp
- **CSRF Protection** - Leverages Magento's form key validation
- **No Password Access** - Bypasses password, uses session-based login
- **IP Tracking** - Records admin IP for forensics
- **Replay Prevention** - Hash comparison prevents token reuse

Requirements
------------

[](#requirements)

- Magento Open Source **2.4.4+**
- PHP **8.1+**

Module Information
------------------

[](#module-information)

- **Module Name:** `Ashokdubariya_LoginAsCustomer`
- **Package Name:** `ashokdubariya/module-login-as-customer`
- **Module Type:** Magento 2 Custom Module
- **License:** MIT

Installation
------------

[](#installation)

### Method 1: Composer Installation (Recommended)

[](#method-1-composer-installation-recommended)

```
composer require ashokdubariya/module-login-as-customer
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy -f
php bin/magento cache:flush
```

### Method 2: Manual Installation

[](#method-2-manual-installation)

1. Copy the module to Magento:

```
mkdir -p app/code/Ashokdubariya/LoginAsCustomer
# Copy module files to app/code/Ashokdubariya/LoginAsCustomer
```

2. Run Magento commands:

```
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy -f
php bin/magento cache:flush
```

Configuration
-------------

[](#configuration)

Navigate to: **Stores &gt; Configuration &gt; Ashokdubariya &gt; Login as Customer**

### Settings

[](#settings)

SettingDescriptionDefault**Enable Module**Enable/Disable functionalityYes**Token Lifetime (minutes)**How long token remains valid5**Redirect Page After Login**URL path after logincustomer/account**Enable Audit Logging**Log all attemptsYesPermissions Setup
-----------------

[](#permissions-setup)

### Grant Permissions to Admin Role

[](#grant-permissions-to-admin-role)

1. Navigate to: **System &gt; Permissions &gt; User Roles**
2. Edit the desired role
3. Under **Role Resources**, expand **Customers**
4. Check:
    - **Login as Customer &gt; Perform Login as Customer Action**
    - **Login as Customer &gt; View Audit Log**
5. Under **Stores &gt; Configuration**, check:
    - **Login as Customer Configuration**
6. Save Role

Usage Guide
-----------

[](#usage-guide)

### Method 1: From Customer Grid (Quick Access)

[](#method-1-from-customer-grid-quick-access)

**Single Website Customer:**

1. Navigate to: **Customers &gt; All Customers**
2. Locate customer row
3. Click **Select** in Actions dropdown
4. Click **Login as Customer**
5. New window opens with customer logged in

**Multi-Website Customer:**

1. Navigate to: **Customers &gt; All Customers**
2. Locate customer row
3. Click **Select** in Actions dropdown
4. You'll see multiple options:
    - **Login as Customer (Default)**
    - **Login as Customer (Wholesale)**
    - etc.
5. Click the desired website option
6. New window opens with customer logged into that website

### Method 2: From Customer Edit Page

[](#method-2-from-customer-edit-page)

**Single Website Customer:**

1. Navigate to: **Customers &gt; All Customers**
2. Click **Edit** on a customer
3. Click **Login as Customer** button in header
4. New window opens with customer logged in

**Multi-Website Customer:**

1. Navigate to: **Customers &gt; All Customers**
2. Click **Edit** on a customer
3. Click **Login as Customer** dropdown button in header
4. Select the desired website from dropdown:
    - Default
    - Wholesale
    - etc.
5. New window opens with customer logged into selected website

### Website Selection Logic

[](#website-selection-logic)

The module intelligently detects available websites:

- **Global Customer Sharing** (scope = 0): Shows all websites
- **Per-Website Sharing** (scope = 1): Shows only customer's assigned website
- **Single Website**: Simple button/action
- **Multiple Websites**: Dropdown button/multiple actions

### Viewing Audit Log

[](#viewing-audit-log)

1. Navigate to: **Customers &gt; Login as Customer**
2. View grid with columns:
    - Log ID
    - Admin ID / Username
    - Customer ID / Email
    - IP Address
    - Status (Pending/Success/Expired/Failed)
    - Store View
    - Created At / Expires At / Used At
3. Use filters to search by admin, customer, status, date range

Security Considerations
-----------------------

[](#security-considerations)

### What we do?

[](#what-we-do)

1. **Token Generation:** Cryptographically secure `random_bytes(32)` = 64 hex chars
2. **Token Storage:** Store SHA-256 hash only (64 chars), original token discarded after URL generation
3. **Single-Use:** Token status changed from `pending` → `success` after first use, subsequent attempts rejected
4. **Expiration:** Configurable TTL (default 5 min), server-side timestamp validation
5. **Audit Logging:** Every attempt logged with:
    - Admin ID/username
    - Customer ID/email
    - IP address
    - Timestamp
    - Outcome (success/failed/expired)
6. **ACL Enforcement:** Separate permissions for:
    - Performing login action
    - Viewing audit log
    - Modifying configuration
7. **CSRF Protection:** Magento's built-in form key validation on admin controllers
8. **Session Regeneration:** Customer session ID regenerated after login
9. **No Password Exposure:** Customer password hash never accessed

### What we don't do?

[](#what-we-dont-do)

- No customer password access
- No plaintext token storage
- No unlimited token lifetime
- No token reuse
- No bypass of ACL permissions
- No modification of customer data during login

### Technical Details

[](#technical-details)

1. Detects customer's primary website ID
2. Checks customer sharing configuration
3. Retrieves all accessible websites
4. Generates appropriate UI (single/multiple actions)
5. Passes `website_id` parameter to controller
6. Controller selects correct store based on website
7. Redirects to appropriate website base URL

Support
-------

[](#support)

- **Source**: [GitHub Repository](https://github.com/ashokdubariya/magento2-login-as-customer)
- **Issues**: [GitHub Issues](https://github.com/ashokdubariya/magento2-login-as-customer/issues)

License
-------

[](#license)

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

###  Health Score

33

—

LowBetter than 72% of packages

Maintenance70

Regular maintenance activity

Popularity4

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity43

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

170d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/12961793?v=4)[Ashokkumar Dubariya](/maintainers/ashokdubariya)[@ashokdubariya](https://github.com/ashokdubariya)

---

Top Contributors

[![ashokdubariya](https://avatars.githubusercontent.com/u/12961793?v=4)](https://github.com/ashokdubariya "ashokdubariya (7 commits)")

---

Tags

admin-loginaudit-trailsmagento2multi-website-modulesecuritysecurityaudit-trailmagento2Login as customermulti-websiteadmin logincustomer impersonation

### Embed Badge

![Health badge](/badges/ashokdubariya-module-login-as-customer/health.svg)

```
[![Health](https://phpackages.com/badges/ashokdubariya-module-login-as-customer/health.svg)](https://phpackages.com/packages/ashokdubariya-module-login-as-customer)
```

###  Alternatives

[mollie/magento2

Mollie Payment Module for Magento 2

1131.9M16](/packages/mollie-magento2)[loki/magento2-components

Core module for defining Alpine.js components with advanced AJAX features

1011.8k26](/packages/loki-magento2-components)[opengento/module-category-import-export

This module add the capability to import and export the categories from the back-office.

1310.9k2](/packages/opengento-module-category-import-export)[buckaroo/magento2

Buckaroo Magento 2 extension

32420.3k8](/packages/buckaroo-magento2)[zwernemann/module-withdrawal

Magento 2 EU Withdrawal Button Module - Adds a withdrawal/revocation button for orders in compliance with EU Directive (EU) 2023/2673

245.0k2](/packages/zwernemann-module-withdrawal)[loki/magento2-admin-components

Admin Panel grids and forms created via Loki Components

175.2k7](/packages/loki-magento2-admin-components)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
