buckhamduffy / laravel-two-factor
This is my package laravel-two-factor
Fund package maintenance!
BuckhamDuffy
Installs: 14 244
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 3
Requires
- php: ^8.2
- bacon/bacon-qr-code: ^2.0
- illuminate/contracts: ^9.0|^10.0|^11.0
- pragmarx/google2fa-qrcode: ^3.0
- pragmarx/recovery: ^0.2.1
- spatie/laravel-data: ^3.0|^4.0
- spatie/laravel-package-tools: ^1.14.0
Requires (Dev)
- buckhamduffy/coding-standards: ^3
- larastan/larastan: ^2.0.1
- laravel/pint: ^1.0
- nunomaduro/collision: ^7.8
- orchestra/testbench: ^8.8
- pestphp/pest: ^2.20
- pestphp/pest-plugin-arch: ^2.5
- pestphp/pest-plugin-laravel: ^2.0
- spatie/laravel-ray: ^1.26
This package is auto-updated.
Last update: 2024-10-23 02:16:09 UTC
README
An opinionated two factor authentication package for Laravel.
Installation
You can install the package via composer:
composer require buckhamduffy/laravel-two-factor
You can publish and run the migrations with:
php artisan vendor:publish --tag="two-factor-migrations"
php artisan migrate
You can publish the config file with:
php artisan vendor:publish --tag="two-factor-config"
This is the contents of the published config file:
return [
];
Optionally, you can publish the views using
php artisan vendor:publish --tag="two-factor-views"
Add the trait and interface to the user model
use BuckhamDuffy\LaravelTwoFactor\Traits\HasTwoFactor; use BuckhamDuffy\LaravelTwoFactor\Interfaces\HasTwoFactorInterface; class User extends Model implements HasTwoFactorInterface { use HasTwoFactor; }
Add the middleware to your Kernel.php
protected $middlewareAliases = [ // ... '2fa' => \BuckhamDuffy\LaravelTwoFactor\Http\Middleware\TwoFactorMiddleware::class, ];
Route::middleware('2fa')->group(function(){ // Your routes here });
SMS (Not Implemented Yet)
When a code is requested via SMS, an event will be dispatched that you can listen for to send the SMS. You can listen for the TwoFactorCodeRequested event and send the SMS using your preferred SMS provider.
use \BuckhamDuffy\LaravelTwoFactor\Events\TwoFactorCodeRequested; class EventProvider extends ServiceProvider { protected $listen = [ // ... TwoFactorCodeRequested::class => [ \App\Listeners\SendTwoFactorCode::class, ], ]; }
namespace App\Listeners; use BuckhamDuffy\LaravelTwoFactor\Events\TwoFactorCodeRequested; use Illuminate\Contracts\Queue\ShouldQueue; use Illuminate\Queue\InteractsWithQueue; class SendTwoFactorCode implements ShouldQueue { use InteractsWithQueue; public function handle(TwoFactorCodeRequested $event): void { $user = $event->getUser(); $user->sendTwoFactorSms($event->getCode()); } }
CustomThrottlesLogins
This is a custom login throttler, that throttles based on the user's email address. This is to prevent brute force attacks on the login page.
First 5 attempts are allowed, then throttled for 5 minutes. The 8th attempt will be locked out for 15 minutes. Any subsequent attempts will be locked out for 1 hour.
Attempts are reset after successful login, or 24 hours after the last attempt.
use Illuminate\Foundation\Auth\AuthenticatesUsers; use BuckhamDuffy\LaravelTwoFactor\Traits\CustomThrottlesLogins; class LoginController extends Controller { use AuthenticatesUsers; use CustomThrottlesLogins { CustomThrottlesLogins::hasTooManyLoginAttempts insteadof AuthenticatesUsers; CustomThrottlesLogins::incrementLoginAttempts insteadof AuthenticatesUsers; CustomThrottlesLogins::clearLoginAttempts insteadof AuthenticatesUsers; CustomThrottlesLogins::sendLockoutResponse insteadof AuthenticatesUsers; } }
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.