vivanwebsolution / sylius-2fa-plugin
Installs: 1
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Type:sylius-plugin
Requires
- php: ^8.2
- endroid/qr-code: ^6.0
- scheb/2fa-bundle: ^7.10
- scheb/2fa-google-authenticator: ^7.10
- spomky-labs/otphp: ^11.3
- sylius/sylius: ~2.0.0
Requires (Dev)
- behat/behat: ^3.16
- dmore/behat-chrome-extension: ^1.4
- dmore/chrome-mink-driver: ^2.9
- friends-of-behat/mink: ^1.11
- friends-of-behat/mink-browserkit-driver: ^1.6
- friends-of-behat/mink-debug-extension: ^2.1
- friends-of-behat/mink-extension: ^2.7
- friends-of-behat/page-object-extension: ^0.3
- friends-of-behat/suite-settings-extension: ^1.1
- friends-of-behat/symfony-extension: ^2.6
- friends-of-behat/variadic-extension: ^1.6
- nyholm/psr7: ^1.8
- phpspec/phpspec: ^7.5
- phpstan/phpstan: ^1.12
- phpstan/phpstan-doctrine: ^1.3
- phpstan/phpstan-webmozart-assert: ^1.2
- phpunit/phpunit: ^10.5
- robertfausk/behat-panther-extension: ^1.1
- sylius-labs/coding-standard: ^4.4
- sylius-labs/suite-tags-extension: ~0.2
- sylius/sylius-rector: ^2.0
- symfony/browser-kit: ^6.4 || ^7.1
- symfony/debug-bundle: ^6.4 || ^7.1
- symfony/dotenv: ^6.4 || ^7.1
- symfony/flex: ^2.4
- symfony/http-client: ^6.4 || ^7.1
- symfony/intl: ^6.4 || ^7.1
- symfony/web-profiler-bundle: ^6.4 || ^7.1
- symfony/webpack-encore-bundle: ^2.2
README
This plugin enables Google Two-Factor Authentication (2FA) for Sylius 2.0 Admin Users using:
It allows admins to secure their accounts with Google Authenticator time-based one-time passwords (TOTP).
Features
- Seamless integration of Google Authenticator for 2FA on Sylius Admin Users
- Admin UI toggle to enable/disable 2FA per user
- AJAX-enabled toggle with CSRF protection
- Extends the Sylius
AdminUserentity to supportTwoFactorInterface - QR code generation for quick mobile setup using
endroid/qr-code
Requirements
- Sylius 2.0
- PHP 8.x
- Composer
Installation
1. Install via Composer
composer require vivanwebsolution/sylius-2fa-plugin
2. Enable the Bundle
In config/bundles.php, register the bundle:
return [ // ... Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true], ];
3. Configure the Bundle
Create the config file at config/packages/scheb_2fa.yaml:
scheb_two_factor:
security_tokens:
- Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
- Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken
google:
enabled: true
server_name: 'Sylius Admin'
To clear the Symfony cache, run:
php bin/console cache:clear
4. Extend the AdminUser Entity
Modify your AdminUser entity to implement the 2FA interface:
<?php declare(strict_types=1); namespace App\Entity\User; use Doctrine\ORM\Mapping as ORM; use Sylius\Component\Core\Model\AdminUser as BaseAdminUser; use VivanWebSolution\Sylius2FAPlugin\Trait\GoogleTwoFactorTrait; use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface; #[ORM\Entity] #[ORM\Table(name: 'sylius_admin_user')] class AdminUser extends BaseAdminUser implements TwoFactorInterface { use GoogleTwoFactorTrait; }
5. Run Database Migrations
Ensure your database is configured, then run:
php bin/console doctrine:schema:update --force
6. Override the Admin User Form Template
Create or override the following template:
templates/bundles/SyliusAdminBundle/admin_user/form/sections.html.twig
Include the 2FA section:
{% include '@VivanWebSolutionSylius2FAPlugin/admin/sections.html.twig' %}
7. Configure Routes
Add the plugin routes to config/routes.yaml:
vivan_sylius_2fa_plugin_admin:
resource: '@VivanWebSolutionSylius2FAPlugin/config/admin_routing.yaml'
prefix: /admin
Usage
-
Log in to the Sylius Admin panel.
-
Navigate to the Admin User detail page.
-
Use the checkbox in the "Two-Factor Authentication" section to enable or disable Google 2FA for that admin user.
-
When 2FA is enabled, the user will be prompted to enter a Google Authenticator code after logging in with their credentials.
References
- Scheb Two Factor Bundle – Provides two-factor authentication support for Symfony.
- Scheb Google Authenticator – Adds Google Authenticator support to the Scheb bundle.
- Endroid QR Code – Used for generating QR codes for Google Authenticator setup.
Functionality Screenshot
© Vivan Web Solution — Open-source Sylius plugin for 2FA with Google Authenticator