dracoder / s4-2fa
Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install)
Requires
- php: >=7.2.5|^8.0
- ext-json: *
- endroid/qr-code: ^3.0
- lcobucci/jwt: ^5.3
- paragonie/constant_time_encoding: ^2.2
- spomky-labs/otphp: ^9.1|^10.0
- symfony/config: ^4.4|^5.0
- symfony/dependency-injection: ^4.4|^5.0
- symfony/event-dispatcher: ^4.4|^5.0
- symfony/framework-bundle: ^4.4|^5.0
- symfony/http-foundation: ^4.4|^5.0
- symfony/http-kernel: ^4.4|^5.0
- symfony/property-access: ^4.4|^5.0
- symfony/security-bundle: ^4.4.1|^5.0
- symfony/twig-bundle: ^4.4|^5.0
Requires (Dev)
- doctrine/persistence: ^1.3|^2.0
- escapestudios/symfony2-coding-standard: ^3.9
- phpunit/phpunit: ^8.0|^9.0
- squizlabs/php_codesniffer: ^3.5
- swiftmailer/swiftmailer: ^6.0
- symfony/mailer: ^4.4|^5.0
- symfony/polyfill-php80: ^1.15
- symfony/yaml: ^4.4|^5.0
- vimeo/psalm: ^3.17|^4.0
Conflicts
Replaces
- scheb/2fa-backup-code: ^5.0
- scheb/2fa-bundle: ^5.0
- scheb/2fa-email: ^5.0
- scheb/2fa-google-authenticator: ^5.0
- scheb/2fa-qr-code: ^5.0
- scheb/2fa-totp: ^5.0
- scheb/2fa-trusted-device: ^5.0
README
⚠ Unmaintained version
Please upgrade your project to a recent version. See version guidance on the default branch for maintained versions.
This bundle provides two-factor authentication for your Symfony application.
ℹ️ The repository contains bundle versions ≥ 5, which are compatible with Symfony 4.4 or later. The older (unsupported) versions are located in the scheb/two-factor-bundle repository.
The bundle is split into sub-packages, so you can choose the exact feature set you need and keep installed dependencies to a minimum.
Core features are provided by scheb/2fa-bundle
:
- Interface for custom two-factor authentication methods
- Trusted IPs
- Multi-factor authentication (more than 2 steps)
- CSRF protection
- Whitelisted routes (accessible during two-factor authentication)
- Fully customizable conditions when to perform two-factor authentication
- Future proof: Supports the authenticator-based security system, which will replace the current system in Symfony 6
Additional features:
- Trusted devices (once passed, no more two-factor authentication on that device) (
scheb/2fa-trusted-device
) - Single-use backup codes for when you don't have access to the second factor device (
scheb/2fa-backup-code
) - QR codes to scan with your mobile device (
scheb/2fa-qr-code
)
Two-factor authentication methods:
- TOTP authentication (
scheb/2fa-totp
) - Google Authenticator (
scheb/2fa-google-authenticator
) - Authentication code via email (
scheb/2fa-email
)
Installation
Follow the installation instructions.
Documentation
Detailed documentation of all features can be found on the Symfony Bundles Documentation website.
Demo
This repository contains a small test application that can be quickly set-up locally to test two-factor authentication
in a real Symfony environment. Check out the readme file in the app
folder for more details.
Version Guidance
⚠ Version 5.x is no longer maintained.
Please upgrade your project to a recent version. See version guidance on the default branch for maintained versions.
License
This software is available under the MIT license.
Security
For information about the security policy and know security issues, see SECURITY.md.
Contributing
Want to contribute to this project? See CONTRIBUTING.md.
Support Me
I'm developing this library since 2014. I love to hear from people using it, giving me the motivation to keep working on my open source projects.
If you want to let me know you're finding it useful, please consider giving it a star ⭐ on GitHub.
If you love my work and want to say thank you, you can help me out for a beer 🍻️ via PayPal.