Download the PHP package dododedodonl/laravel-2fa without Composer
On this page you can find all versions of the php package dododedodonl/laravel-2fa. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download dododedodonl/laravel-2fa
More information about dododedodonl/laravel-2fa
Files in dododedodonl/laravel-2fa
Package laravel-2fa
Short Description Simple way to add two-factor authentication to your laravel application with minimal setup required.
License MIT
Homepage https://github.com/dododedodonl/laravel-2fa
Informations about the package laravel-2fa
laravel-2fa
Installation
Step 1
Install using composer
Step 2
Publish migration and run it. Change the migration if it does not fit your database schema.
Step 3
Either configure web-based secret setup (by enabling the php-imagick
extension), or make an error message visible when a user has no secret set manually using artisan.
Error on login
Edit your login form page, and add this somewhere when secret setup via web is disabled to display the correct errors.
Vendor assets
Optionally publish config, migration or views
Usage
Protect a route
A middleware alias is added called 2fa
. You can assign this to individual routes or controllers like all other middleware.
Disabled by default
The middleware is disabled by default in some cases (for example in local environment). Override this by using 2fa:force
as middleware.
Globally
To use it globally, add \Dododedodonl\Laravel2fa\Http\Middleware\Verify2faAuth
to the web
group in your app/Http/kernel.php
. Routes starting with 2fa.
and the route logout
will still work when logged in. On all other routes the middleware will be applied and a token will be asked.
Secret setup
Via web
This is disabled by default because it requires ext-imagick
php extension. Edit config/laravel-2fa.php
or edit your environment file.
Add OTP_SETUP_ENABLED=true
to your .env
file to enable.
Via artisan
Set a secret for a user: php artisan 2fa:generate {username}
.
Revoke a secret for a user: php artisan 2fa:revoke {username}
.
Troubleshoot
No token is asked of me
By default, the middleware is disabled when the environment is set to local to make testing easier. Use 2fa:force
to force the execution of the middelware.
I get redirected back to the login page without error
When no secret is found in the database, and web-based secret setup is not configured, you are redirected back to the login page, logged out.
An error does accompany this, but you need to edit your login.blade.php
file to show it as suggested in one of the installation steps.
Contributing
Please see contributing.md for details and a todolist.
Security
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
Notes
This packages assumed you use Bootstrap 4 as css framework. Bootstrap 3 views are also provided, configure them by calling Dododedodonl\Laravel2fa\TwoFactorAuthentication::useBootstrapThree()
.
However, this is not a requirement, you can just change the views to your css framework.
License
MIT. Please see the license file for more information.
All versions of laravel-2fa with dependencies
illuminate/support Version 5.7.* | 5.8.* | ^6.0 | ^7.0 | ^8.0 | ^9.0 | ^10.0
bacon/bacon-qr-code Version ^2.0
spomky-labs/otphp Version ^10.0