thecodeine / two-factor-bundle
Provides two-factor authentication for Symfony applications
Installs: 1 506
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 3
Forks: 110
Type:symfony-bundle
Requires
- ocramius/proxy-manager: ~1.0|~2.0
- paragonie/random_compat: ~1.0|~2.0
- sonata-project/google-authenticator: ~1.0
- symfony/symfony: ~2.6|~3.0
Requires (Dev)
- doctrine/orm: ~2.4,>=2.4.5
- phpunit/phpunit: >=4.8,<6.0
- satooshi/php-coveralls: ~0.6
- swiftmailer/swiftmailer: >=4.3,<6.0
- symfony/phpunit-bridge: ~2.7|~3.0
Suggests
- r/u2f-two-factor-bundle: Two-factor provider for U2F Yuibkey
- dev-master
- v2.8.5
- v2.8.4
- v2.8.3
- v2.8.2
- v2.8.1
- v2.8.0
- v2.7.0
- v2.6.2
- v2.6.1
- v2.6.0
- v2.5.2
- v2.5.1
- v2.5.0
- v2.4.0
- v2.3.3
- v2.3.2
- v2.3.1
- v2.3.0
- v2.2.2
- v2.2.1
- v2.2.0
- v2.1.0
- v2.0.0
- 1.x-dev
- v1.5.1
- v1.5.0
- v1.4.7
- v1.4.6
- v1.4.5
- v1.4.4
- v1.4.3
- v1.4.2
- v1.4.1
- v1.4.0
- v1.3.2
- v1.3.1
- v1.3.0
- v1.2.1
- v1.2.0
- v1.1.0
- v1.0.0
- v0.3.0
- v0.2.0
- v0.1.1
- v0.1.0
- dev-bug-fixes
- dev-firewall-integration
This package is not auto-updated.
Last update: 2025-03-02 04:34:51 UTC
README
This Symfony bundle provides two-factor authentication for your website. Currently it is shipped with two authentication methods:
- Google Authenticator (via sonata-project/google-authenticator)
- Authentication code sent via email
In addition to this it provides an interface for implementing your own custom two-factor authentication methods.
Compatibility: Use bundle version 1.x for Symfony < 2.6.
Limitations
After the initial login happened, the user is already fully authenticated to the Symfony security layer. The bundle then prevents access to secured and non-secured content by intercepting any request and showing the two-factor authentication form instead.
If you execute code based on the authentication status, make sure to take the two-factor status into account. This can
be done by checking access with isGranted
(security voter has to be registered, see
configuration).
Warning: Just doing a getUser
on security.token_storage
(or the old security.context
) is not secure. You will
get a user object even when two-factor authentication is not complete yet.
Documentation
The documentation can be found in the Resources/doc directory.
Contribute
You're welcome to contribute to this bundle by creating a pull requests or feature request in the issues section.
Besides new features, translations are highly welcome.
License
This bundle is available under the MIT license.