Package Data | |
---|---|
Maintainer Username: | AntonioCarlosRibeiro |
Maintainer Contact: | acr@antoniocarlosribeiro.com (Antonio Carlos Ribeiro) |
Package Create Date: | 2017-06-17 |
Package Last Update: | 2024-03-26 |
Language: | PHP |
License: | MIT |
Last Refreshed: | 2024-11-16 15:01:52 |
Package Statistics | |
---|---|
Total Downloads: | 9,306,476 |
Monthly Downloads: | 271,027 |
Daily Downloads: | 7,813 |
Total Stars: | 938 |
Total Watchers: | 24 |
Total Forks: | 183 |
Total Open Issues: | 55 |
Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.
This package is a Laravel bridge to Google2FA's PHP package.
The intent of this package is to create QRCodes for Google2FA and check user typed codes. If you need to create backup/recovery codes, please check below.
if you need to create recovery or backup codes to provide a way for your users to recover a lost account, you can use the Recovery Package.
Please check the Google2FA Package Playground.
Here's an demo app showing how to use Google2FA: google2fa-example.
You can scan the QR code on this (old) demo page with a Google Authenticator app and view the code changing (almost) in real time.
| Laravel | Google2FA | Google2FA-Laravel | |---------|-----------|-------------------| | 4.2 | <= 1.0.1 | | | 5.0-5.1 | <= 1.0.1 | | | 5.2-5.6 | >= 2.0.0 | >= 0.2.0 |
Before Google2FA 2.0 (Laravel 5.1) you have to install pragmarx/google2fa:~1.0
, because this package was both a Laravel package and a PHP (agnostic).
Click here to see the middleware demo:
Use Composer to install it:
composer require pragmarx/google2fa-laravel
If you prefer inline QRCodes instead of a Google generated url, you'll need to install BaconQrCode:
composer require bacon/bacon-qr-code
You don't have to do anything else, this package autoloads the Service Provider and create the Alias, using the new Auto-Discovery feature.
Add the Service Provider and Facade alias to your app/config/app.php
(Laravel 4.x) or config/app.php
(Laravel 5.x):
PragmaRX\Google2FALaravel\ServiceProvider::class,
'Google2FA' => PragmaRX\Google2FALaravel\Facade::class,
php artisan vendor:publish --provider="PragmaRX\Google2FALaravel\ServiceProvider"
use Google2FA;
return Google2FA::generateSecretKey();
$google2fa = app('pragmarx.google2fa');
return $google2fa->generateSecretKey();
This package has a middleware which will help you code 2FA on your app. To use it, you just have to:
protected $routeMiddleware = [
...
'2fa' => \PragmaRX\Google2FALaravel\Middleware::class,
];
Route::get('/admin', function () {
return view('admin.index');
})->middleware(['auth', '2fa']);
You can set your 'ask for a one time password' view in the config file (config/google2fa.php):
/**
* One Time Password View
*/
'view' => 'google2fa.index',
And in the view you just have to provide a form containing the input, which is also configurable:
/**
* One Time Password request input name
*/
'otp_input' => 'one_time_password',
Here's a form example:
<form action="/google2fa/authenticate" method="POST">
<input name="one_time_password" type="text">
<button type="submit">Authenticate</button>
</form>
Usually an OTP lasts forever, until the user logs off your app, but, to improve application safety, you may want to re-ask, only for the Google OTP, from time to time. So you can set a number of minutes here:
/**
* Lifetime in minutes.
* In case you need your users to be asked for a new one time passwords from time to time.
*/
'lifetime' => 0, // 0 = eternal
And you can decide whether your OTP will be kept alive while your users are browsing the site or not:
/**
* Renew lifetime at every new request.
*/
'keep_alive' => true,
This command wil logout your user and redirect he/she to the 2FA form on the next request:
Google2FA::logout();
If you don't want to use the Facade, you may:
use PragmaRX\Google2FALaravel\Support\Authenticator;
(new Authenticator(request()))->logout();
Unless you need somethig really fancy, you can probably use Laravel's route throttle middleware for that:
Route::get('/admin', function () {
return view('admin.index');
})->middleware(['auth', '2fa', 'throttle']);
$authenticator = app(Authenticator::class)->bootStateless($request);
if ($authenticator->isAuthenticated()) {
// otp auth success!
}
You can also use a stateless middleware:
protected $routeMiddleware = [
...
'2fa' => \PragmaRX\Google2FALaravel\MiddlewareStateless::class,
];
The following events are fired:
Check the ReadMe file in the main Google2FA repository.
The package tests were written with phpspec.
Google2FA is licensed under the MIT License - see the LICENSE
file for details
Pull requests and issues are more than welcome.