lsat/yii2-otp

LSAT YII2 extension for generating one time passwords according to RFC 4226/6238 (HOTP/TOTP Algorithm) and authentication widget , Upgrade version lib 2amigos/qrcode-library and spomky-labs/otphp from https://github.com/sam002/yii2-otp (sam002/yii2-otp) Support PHP to ^8.0

Installs: 613

Dependents: 0

Suggesters: 0

Security: 0

Type:yii2-extension

1.0.4 2023-12-13 04:56 UTC

This package is auto-updated.

Last update: 2024-12-13 07:19:10 UTC


README

LSAT Yii2 OTP


How to install

docker-compose exec api composer require lsat/yii2-otp:~1.0.0

Or

composer require lsat/yii2-otp:~1.0.0 

or Add

"lsat/yii2-otp" : "~1.0.0"

to the require section of your application's composer.json file.

Add components to web.php or console.php

'components' => [
    'otp' => [
        'class' => lsat\otp\Otp::class,
        // 'totp' only now
        'algorithm' => lsat\otp\Otp::ALGORITHM_TOTP,

        // length of code
        'digits' => 6,

        //  Algorithm for hashing
        'digest' => 'sha1',

        // Label of application
        'label' => '1022_Bình Dương',

        // Uri to image (application icon)
//            'imgLabelUrl' => \yii\helpers\Url::to('\app\web\logo.php'),

        // Betwen 8 and 1024
        'secretLength' => 72,
        // Time interval in seconds, must be at least 1
        'interval' => 30,
        'issuer' => '1022_BD',
    ],
]

Use Behavior

Set behavior in model

<?php
...

'behavior' => [
    'otp' => [
        'class' => lsat\otp\behavior\OtpBehavior::className(),
        // Component name
        'component' => 'otp',
        
        // column|property name for get and set secure phrase
        //'secretAttribute' => 'secret'
        // column|property name for get code and confirm secret
        //'codeAttribute' => 'code'
        
        //Window in time for check authorithation (current +/- window*interval) 
        //'window' => 0
    ],
...
]

attachBehavior with dynamic form

// create form or load secret form for each user
$dynamicModel = new yii\base\DynamicModel(['code','secret']);
$dynamicModel->addRule(['code'],'required');
$dynamicModel->addRule(['code'],'string', ['min' => 6]);
$dynamicModel->addRule(['secret'],'string');
// set secret attribute
$dynamicModel->secret = "YOURSECRET";
$dynamicModel->attachBehavior("otp", [
    'class' => OtpBehavior::class,
//            'secretAttribute' => "CustomSecretField",
//            'codeAttribute' => "CustomCodeField",
]);
// Load value code attribute
$code = Yii::$app->request->post("code");
$dynamicModel->code = $code;
// Validate otp code and secret attribute
if (!$dynamicModel->validate()) {
    var_dump($dynamicModel->errors);
}

Widget for generate init QR-code.

Read more about QrParams in the qrcode-library

<?php 
echo $form->field($model, 'secret')->widget(
            lsat\otp\widgets\OtpInit::class, [
            'component' => 'otp',

            // link text
            'link' => false,

            'QrParams' => [
                // pixels width
                'size' => 200,

                // margin around QR-code
                'margin' => 10,

                // Path to logo on image
                'logo' => Yii::getAlias("@app/web/icon.png"),

                // Width logo on image
                'logoWidth' => 50,

                // RGB color
                'foregroundColor' => [0, 0, 0],

                // RGB color
                'backgroundColor' => [255, 255, 255],

                // Qulity of QR: LOW, MEDIUM, HIGHT, QUARTILE
                'level' => ErrorCorrectionLevelInterface::HIGH,

                // Image format: PNG, JPG, SVG, EPS
                'type' => PngWriter::class,

                // Locale
                'encoding' => 'UTF-8',

                // Text on image under QR code
                'label' => '',

                // by default image create and save at Yii::$app->runtimePath . '/temporaryQR/'
//                            'outfile' => '/tmp/'.uniqid(),

                // save or delete after generate
                'save' => false,
            ]
        ])->label(false); 
?>