xddesigners / otp-authenticator
A OTP authenticator for use with silverstripe/mfa
Installs: 152
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 2
Forks: 3
Open Issues: 2
Language:SCSS
Type:silverstripe-vendormodule
Requires
- php: ^7.4 || ^8.0
- giggsey/libphonenumber-for-php: ^8.12
- silverstripe/mfa: ^4.0
- spomky-labs/otphp: ^10
- twilio/sdk: ^6.35
Requires (Dev)
- phpunit/phpunit: ^9.5
- squizlabs/php_codesniffer: ^3.0
This package is auto-updated.
Last update: 2024-11-13 20:01:10 UTC
README
Log in to SilverStripe with an One Time Password
You can configure a provider to send trough SMS or use Email.
This module provides a authenticator that plugs in to the silverstripe/mfa module.
The default providers that ship with this module:
Requirements
- PHP ^7.4
- SilverStripe ^4.1
- silverstripe/mfa: ^4.0
- twilio/sdk: "^6.35"
- giggsey/libphonenumber-for-php: "^8.12"
Installation
Install with Composer:
composer require xddesigners/otp-authenticator
The email provider is configured by default and requires no further setup.
If you want to change providers, to SMSTools for example, you can add the following to your .yml config:
SilverStripe\Core\Injector\Injector: XD\OTPAuthenticator\Providers\SendProvider: class: XD\OTPAuthenticator\Providers\SMSToolsProvider # The other providers: # class: XD\OTPAuthenticator\Providers\EmailProvider # class: XD\OTPAuthenticator\Providers\TwilioProvider
For Twillio and SMSTools you'll need to define authentication tokens in your environment:
# Twilio API credentials # (find here https://www.twilio.com/console) TWILIO_ACCOUNT_SID="SID" TWILIO_AUTH_TOKEN="TOKEN" TWILIO_PHONE_NUMBER="PHONE NUMBER" # SMS Tools credentials SMS_TOOLS_CLIENT_ID="CLIENT_ID" SMS_TOOLS_CLIENT_SECRET="CLIENT_SECRET"
pass exisiting send to address
This can be an existing phone number, or if you use the email provider an existing email address.
On your member add the method otpSendTo
that returns an OTPSendTo
object.
The additional data can be used by the configured provider for validation and is also stored on the RegisteredMethod
.
The SMS providers use an extra region
property to validate the phone number for example.
public function otpSendTo() { return new OTPSendTo($member->Email, ['additional' => 'data']); }
create a custom send provider
If you want to make use of a different service to pass the code you can create a custom provider.
You'll need to extend the abstract SendProvider
class and implement the required methods.
class MySendProvider extends XD\OTPAuthenticator\Providers\SendProvider { /** * Send the code */ public function send($code, $to): bool {} /** * Validate the send to address */ public function validate($to, $data): bool {} /** * Add a regex to validate the input on the frond end */ public function getFieldValidate(): string {} /** * method to check if the provider is properly set up */ public function enabled(): bool {} /** * Obfuscate the sent to address. * So a user has a way to verify the sent address is correct * but in a way an unallowed user couldn't make out the complete address */ public function obfuscateTo($to): string {} /** * Register the field type to switch to. * Accepts phone, email, or text */ public function getFieldType(): string {} /** * Register the field label */ public function getFieldLabel(): string {} }