scheb/two-factor-bundle

Provides two-factor authentication for Symfony applications


README

Build Status Scrutinizer Code Quality Code Coverage Latest Stable Version Total Downloads License

This bundle provides two-factor authentication for your Symfony application. It comes with the following two-factor authentication methods:

  • Google Authenticator
  • Email authentication code

Additional features you will like:

  • Interface for custom two-factor authentication methods
  • Trusted IPs
  • Trusted devices (once passed, no more two-factor authentication on that device)
  • Single-use backup codes for when you don't have access to the second factor device
  • Multi-factor authentication
  • CSRF protection
  • Whitelisted routes (accessible during two-factor authentication)

Installation

composer require scheb/two-factor-bundle

... and follow the installation instructions.

Documentation

Detailed documentation of all features can be found in the Resources/doc directory.

Compatibility

  • Recommended version: Bundle version 3.x is compatible with Symfony 3.4 and 4.x
  • Use bundle version 2.x for Symfony < 3.4
  • Use bundle version 1.x for Symfony < 2.6

Security

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication.

Contribute

You're welcome to contribute to this bundle by creating a pull requests or feature request in the issues section. For pull requests, please follow these guidelines:

  • Symfony code style
  • PHP7.1 type hints for everything (including: return types, void, nullable types)
  • Please add/update test cases
  • Test methods should be named [method]_[scenario]_[expected result]

Besides new features, translations are highly welcome.

To run the test suite install the dependencies with composer install and then execute bin/phpunit.

License

This bundle is available under the MIT license.