thecodework / two-factor-authentication
Two Factor Authentication (2FA) for Laravel
Installs: 5 437
Dependents: 0
Suggesters: 0
Security: 0
Stars: 21
Watchers: 7
Forks: 8
Open Issues: 8
Type:package
Requires
- php: >=8.0
- endroid/qr-code: ~4.4.8
- paragonie/constant_time_encoding: ^2.5
- spomky-labs/otphp: ^10.0.3
Requires (Dev)
- orchestra/testbench: ~7.4.0
- phpunit/phpunit: ~9.5.20
This package is auto-updated.
Last update: 2024-11-19 22:46:41 UTC
README
Laravel Two Factor Authentication (2FA)
Two Factor Authentication or 2-Step Verification provides stronger security for your Account by requiring a second step of verification when you sign in. In addition to your password, you’ll also need a code generated by the Google Authenticator app on your phone. This package implements TOTP defined in RFC 6238
Requirements
Installation
1. Composer Install
$ composer require thecodework/two-factor-authentication
Note - If your're using Laravel 5.5 or newer version then auto-discovery-pacakge would automatically update the providers and you could skip to Step 3
2. Add Service Provider
After requiring the package add TwoFactorAuthenticationServiceProvider::class into providors array in app.php confi file
[ 'providers' => [ //... Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider::class ] ]
3. Publish the ConfigFile
Publish config file
$ php artisan vendor:publish --provider="Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider" --tag=config
Once the config file is published you can navigate to config directory of your application and look for 2fa-config.php file and change configuration as you want.
4. Run Migrations
Now run the migration
$ php artisan migrate
It will use the default User model and adds two columns is_2fa_enabled and secret_key.
5. Add AuthenticatesUserWith2FA trait in the LoginController
Now the config file is placed. The last thing to do is addding AuthenticatesUsersWith2FA trait in the Http/Controllers/Auth/LoginController.php file which helps to stop user at verify-2fa page to enter TOTP token after each login.
The final snippet will look like this.
use AuthenticatesUsers, AuthenticatesUsersWith2FA { AuthenticatesUsersWith2FA::authenticated insteadof AuthenticatesUsers; }
Note: Don't forget to include use statement use Thecodework\TwoFactorAuthentication\AuthenticatesUsersWith2FA in the header.
6. Setup 2FA for user
• Enable 2FA
Now login to the application and visit /setup-2fa/ route, which will show a barcode which can be scanned either using Google Authenticator or Authy mobile application as described above.
Scan that code and click Enable Two Factor Authentication.
• Disable 2FA
To disable Two Factor, visit /setup-2fa route, which will now show a Disable Two Factor Authentication button. Click to disable 2FA for your account.
7. Testing 2FA
Now to test 2FA, perform logout and log back in again, it will ask you to enter Token which can be obtain from the authenticator mobile application. Enter the token and you're logged in.
Additionally
If you want to publish views, and migration as well along with config file then run
$ php artisan vendor:publish --provider="Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider"
Contribution
Feel free to create issues, submit PRs and talk about features and enhancement through proposing issue. If you find any security consideration, instead of creating an issue send an email to imrealashu@gmail.com.