boxed-code/laravel-challenge

Multi-method two factor authentication for Laravel apps.

2.0 2021-02-19 19:27 UTC

This package is auto-updated.

Last update: 2024-10-21 00:51:45 UTC


README

Tests Latest Stable Version License

Auth Flow

Version Compatibility

You'll need PHP >= 7.4 and Laravel 6.x, 7.x or 8.x.

Getting Started

A demo project is available at laravel-challenge-demo, see this commit to view how simple it is to implement.

Installation

composer require boxed-code/laravel-challenge then run the databse migrations using ./artisan migrate

Implementation

Modify your User model class to implement \BoxedCode\Laravel\Auth\Challenge\Contracts\Challengeable and either optionally use the BoxedCode\Laravel\Auth\Challenge\Challengeable trait or implement the the methods defined in the contract yourself.

Next you must add the middleware \BoxedCode\Laravel\Auth\Challenge\Http\Middleware\RequireAuthentication to the routes you would like to protect or simply add it to the global stack

Further Steps

Login an enrol yourself to the default 'email' authentication method at http://localhost/tfa/email/enrol, then logout and in again to be challenged for 2FA via email.

To Document

  • Overview
  • Configuration options (challengeable.php)
  • Authentication methods
    • Enabling default methods
      • Email
      • Twilio SMS
      • Twilio Voice (WIP)
      • Google Authenticator [OTP]
      • Password (WIP)
    • Custom notification based authentication methods
    • Custom authentication methods
  • Challenges
    • Token Generators
    • Lifetimes & Periodic Re-authentication
    • Custom Repositories
  • Authentication for different purposes & lifetimes
  • Skining / Theming views
  • Events

License

MIT