spryker-ufirst / second-factor-auth
Second Factor Authentication for Spryker ZED
Installs: 35 583
Dependents: 0
Suggesters: 0
Security: 0
Stars: 3
Watchers: 5
Forks: 6
Open Issues: 1
Requires
- php: >=7.3
- bacon/bacon-qr-code: ^2.0
- pragmarx/google2fa: ^8.0
- spryker/ramsey-uuid: 1.0.0 || 2.0.0
- spryker/security: ^1.6.0
Requires (Dev)
This package is auto-updated.
Last update: 2024-04-10 11:05:22 UTC
README
Installation
composer require spryker-ufirst/second-factor-auth
Once the module is installed, add the SecondFactorAuthorizationEventDispatcherPlugin to the
EventDispatcherDependencyProvider::getEventDispatcherPlugins at the end of the array:
class EventDispatcherDependencyProvider extends SprykerEventDispatcherDependencyProvider { /** * @return \Spryker\Shared\EventDispatcherExtension\Dependency\Plugin\EventDispatcherPluginInterface[] */ protected function getEventDispatcherPlugins(): array { return [ # ...other plugins new SecondFactorAuthorizationEventDispatcherPlugin(), ]; } }
And add the SprykerUFirst namespace to the config_default.php
$config[KernelConstants::CORE_NAMESPACES] = [ ... 'SprykerUFirst', ];
Enforcing 2FA
You can enforce second factor authentication for all admin users per environment. Add the following line to your
config_default.php:
use SprykerUFirst\Shared\SecondFactorAuth\SecondFactorAuthConstants; ... $config[SecondFactorAuthConstants::SECOND_FACTOR_AUTH_REQUIRED] = true;
Add 2FA Status to the User Table
In order to see the 2FA status (enabled/disabled) on each user in the administration GUI, add the two table expander
plugins to the UserDependencyProvider in your project space:
<?php namespace Pyz\Zed\User; use Spryker\Zed\User\UserDependencyProvider as SprykerUserDependencyProvider; use SprykerUFirst\Zed\SecondFactorAuth\Communication\Plugin\Table\SecondFactorAuthUserTableConfigExpanderPlugin; use SprykerUFirst\Zed\SecondFactorAuth\Communication\Plugin\Table\SecondFactorAuthUserTableDataExpanderPlugin; class UserDependencyProvider extends SprykerUserDependencyProvider { /** * @return \Spryker\Zed\UserExtension\Dependency\Plugin\UserTableDataExpanderPluginInterface[] */ protected function getUserTableDataExpanderPlugins(): array { return [ new SecondFactorAuthUserTableDataExpanderPlugin(), ]; } /** * @return \Spryker\Zed\UserExtension\Dependency\Plugin\UserTableConfigExpanderPluginInterface[] */ protected function getUserTableConfigExpanderPlugins(): array { return [ new SecondFactorAuthUserTableConfigExpanderPlugin(), ]; } }
Add Reset 2FA column to the User Table
In order to see the Reset 2FA column with buttons to reset second factor authentification for each user in the administration GUI add the following line to your config_default.php:
use SprykerUFirst\Shared\SecondFactorAuth\SecondFactorAuthConstants; ... $config[SecondFactorAuthConstants::SHOW_SECOND_FACTOR_AUTH_RESET] = true;
If this column is enabled, we recomended allowing it to the highest permissions having roles by adding a rule:
| Param | Value |
|---|---|
| Bundle | second-factor-auth |
| controller | user |
| action | unregister |
| type | allow |
Or if the entire second-factor-auth bundle allowed add this rule to the roles that should not be able to unregister other users.
| Param | Value |
|---|---|
| Bundle | second-factor-auth |
| controller | user |
| action | unregister |
| type | deny |