README

Signing in or signing up on a modern website or mobile app typically follows these steps:

A user initiates verification by submitting a phone number
The user receives an SMS or a call with a one-time password (OTP)
The user completes verification by submitting the OTP

This library is built on top of alexeygeno/phone-verification-php and allows to set this up

Supported features

Easy switching between different storages and notification channels
Configurable length and expiration time for OTP
Configurable rate limits
Localization
Usage with different Laravel approaches: automatic injection, facade, and commands
Logging notifications instead of sending real ones, beneficial for non-production environments
Out-of-the-box routes for quick start

Requirements

Laravel 9.x
Any of the available Laravel Notification Channels: laravel/vonage-notification-channel, laravel-notification-channels/twilio, laravel-notification-channels/messagebird and many more
Any of the supported storages: predis/predis, jenssegers/laravel-mongodb

Installation

composer require alexgeno/phone-verification-laravel predis/predis laravel/vonage-notification-channel

Note: Redis as a storage and Vonage as a notification channel are defaults in the configuration

Usage

Automatic injection

public function initiate(\AlexGeno\PhoneVerification\Manager\Initiator $manager)
{
    $manager->initiate('+15417543010');
}

public function complete(\AlexGeno\PhoneVerification\Manager\Completer $manager)
{
    $manager->complete('+15417543010', 1234);
}

Facade

\AlexGeno\PhoneVerificationLaravel\Facades\PhoneVerification::initiate('+15417543010');

\AlexGeno\PhoneVerificationLaravel\Facades\PhoneVerification::complete('+15417543010', 1234);

Commands

php artisan phone-verification:initiate --to=+15417543010

php artisan phone-verification:complete --to=+15417543010 --otp=1234

Routes

curl -d "to=+15417543010" localhost/phone-verification/initiate
{"ok":true,"message":"Sms has been sent. Check your Phone!"}

curl -d "to=+15417543010&otp=1234" localhost/phone-verification/complete
{"ok":true,"message":"The verification is done!"}

Note: The package routes are available by default. To make them unavailable without redefining the service provider, change the bool key phone-verification.sender.to_log in the configuration

Configuration

[
    'storage' => [
        'driver' => 'redis', // 'redis' || 'mongodb'
        'redis' => [
            'connection' => 'default',
            // the key settings - normally you don't need to change them
            'settings' => [
                'prefix' => 'pv:1',
                'session_key' => 'session',
                'session_counter_key' => 'session_counter',
            ],
        ],
        'mongodb' => [
            'connection' => 'mongodb',
            // the collection settings - normally you don't need to change them
            'settings' => [
                'collection_session' => 'session',
                'collection_session_counter' => 'session_counter',
            ],
        ],
    ],
    'sender' => [
        'driver' => 'vonage', // 'vonage' || 'twilio' || 'messagebird' and many more https://github.com/laravel-notification-channels
        'channel' => \Illuminate\Notifications\Channels\VonageSmsChannel::class, // \Illuminate\Notifications\Channels\VonageSmsChannel::class || \NotificationChannels\Twilio\TwilioChannel::class || \NotificationChannels\Messagebird\MessagebirdChannel::class and many more https://github.com/laravel-notification-channels
        'to_log' => false, // if enabled: instead of sending a real notification, debug it to the app log
    ],
    'routes' => true, // managing the availability of the package routes without redefining the service provider
    'manager' => [
        'otp' => [
            'length' => env('PHONE_VERIFICATION_OTP_LENGTH', 4), // 1000..9999
        ],
        'rate_limits' => [
            'initiate' => [ // for every 'to' no more than 10 initiations over 24 hours
                'period_secs' => env('PHONE_VERIFICATION_RATE_LIMIT_INITIATE_PERIOD_SECS', 86400),
                'count' => env('PHONE_VERIFICATION_RATE_LIMIT_INITIATE_COUNT', 10),
            ],
            'complete' => [ // for every 'to' no more than 5 failed completions over 5 minutes
                'period_secs' => env('PHONE_VERIFICATION_RATE_LIMIT_COMPLETE_PERIOD_SECS', 300), // this is also the expiration period for OTP
                'count' => env('PHONE_VERIFICATION_RATE_LIMIT_COMPLETE_COUNT', 5),
            ],
        ],
    ],
];

Different storages and notification channels

To switch between available storages and notifications channels, install the respective package and update the configuration. For example, to use Mongodb as a storage and Twilio as a notification channel:

composer require jenssegers/mongodb laravel-notification-channels/twilio

[
    'storage' => [
        'driver' => 'mongodb',
        // ... 
    ],
    'sender' => [
        'driver' => 'twilio',
        'channel' => \NotificationChannels\Twilio\TwilioChannel::class,
        // ... 
    ],
    // ... 
]

If the available options are not sufficient, you can redefine the service provider and add a custom storage (implementing \AlexGeno\PhoneVerification\Storage\I) or/and a sender (implementing \AlexGeno\PhoneVerification\Sender\I)

Publishing

Config

php artisan vendor:publish --tag=phone-verification-config

Localization

php artisan vendor:publish --tag=phone-verification-lang

Migrations

php artisan vendor:publish --tag=phone-verification-migrations

Note: Only the MongoDB storage driver requires migrations

alexgeno / phone-verification-laravel

Maintainers

Details