1. Go to this page and download the library: Download hydrat-agency/laravel-2fa library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
use Hydrat\Laravel2FA\TwoFactorAuthenticatable;
use Hydrat\Laravel2FA\Contracts\TwoFactorAuthenticatableContract;
class User extends Authenticatable implements AuthenticatableContract,
AuthorizableContract,
CanResetPasswordContract,
TwoFactorAuthenticatableContract
use Authenticatable,
Authorizable,
CanResetPassword,
TwoFactorAuthenticatable;
namespace App\Http\Controllers\Auth;
use Hydrat\Laravel2FA\TwoFactorAuth;
class LoginController extends Controller
{
/** [...] **/
/**
* The user has been authenticated.
*
* @param \Illuminate\Http\Request $request
* @param mixed $user
* @return mixed
*/
protected function authenticated(Request $request, $user)
{
# Trigger 2FA if necessary.
if (TwoFactorAuth::getDriver()->mustTrigger($request, $user)) {
return TwoFactorAuth::getDriver()->trigger($request, $user);
}
# If not, do the usual job.
return redirect()->intended($this->redirectPath());
}
/**
* The user has been authenticated.
*
* @param \Illuminate\Http\Request $request
* @param mixed $user
* @return mixed
*/
protected function authenticated(Request $request, $user)
{
return TwoFactorAuth::getDriver()->maybeTrigger($request, $user)
?: redirect()->intended($this->redirectPath());
}
return [
'policy' => [
'browser', // first check if we know the browser
'geoip', // if so, check if we know the user ip location
// if so, no more rules : skip 2FA.
],
];
return [
/*
|--------------------------------------------------------------------------
| The 2FA package options.
|--------------------------------------------------------------------------
|
| Here you may specify the package options, such as policies parameters.
|
*/
'options' => [
# 2FA token lifetime in minutes.
'token_lifetime' => 10,
'policies' => [
# Can be one of "country", "region", "city", "time_zone".
'geoip' => 'country',
# Cookie expiration time in minutes (default 30 days).
'browser' => 30 * 1440,
],
],
];
namespace App\Notifications;
use Hydrat\Laravel2FA\Notifications\TwoFactorToken as BaseTwoFactorToken;
class TwoFactorToken extends BaseTwoFactorToken
{
/**
* Get the notification's delivery channels.
*
* @param mixed $notifiable
* @return array
*/
public function via($notifiable)
{
return [
'nexmo',
];
}
/**
* Get the Vonage / SMS representation of the notification.
*
* @param mixed $notifiable
* @return NexmoMessage
*/
public function toNexmo($notifiable)
{
return (new NexmoMessage)
->content('Your two-factor token is ' . $this->token)
->from('MYAPP');
}
}
return [
[...]
/*
|--------------------------------------------------------------------------
| The 2FA notification containing the token.
|--------------------------------------------------------------------------
|
| Here you may specify an alternative notification to use.
|
*/
'notification' => \App\Notifications\TwoFactorToken::class,
];
namespace App\Auth\Policies;
use Hydrat\Laravel2FA\Policies\IpPolicy as BaseIpPolicy;
class IpPolicy extends BaseIpPolicy
{
/**
* Check that the request passes the policy.
* If this return false, the 2FA Auth will be triggered.
*
* @return bool
*/
public function passes(): bool
{
# Passes the check if the user didn't activate IpPolicy on his account.
if ( ! $this->user->hasTwoFactorAuthActiveForIp()) {
return true;
}
# Else, run the IpPolicy check.
return parent::passes();
}
/**
* The reason sent to the Notification and the frontend view,
* to tell the user why the 2FA check was triggered.
*
* @return string
*/
public function message(): string
{
return $this->message ?: __('your account activated 2FA for unknown IP adresses.');
}
}
/**
* The incomming request at login.
*
* @var \Illuminate\Http\Request
*/
protected $request = null;
/**
* The user that just loggued in.
*
* @var \Hydrat\Laravel2FA\Contracts\TwoFactorAuthenticatableContract
*/
protected $user = null;
/**
* The login attempt, with UID and IP address data.
*
* @var \Hydrat\Laravel2FA\Models\LoginAttempt
*/
protected $attempt = null;
namespace App\Auth\Policies;
use Hydrat\Laravel2FA\Policies\AbstractPolicy;
class ActivePolicy extends AbstractPolicy
{
/**
* Check that the request passes the policy.
* If this return false, the 2FA Auth will be triggered.
*
* @return bool
*/
public function passes(): bool
{
return $this->user->hasTwoFactorAuthActive() ? false : true;
}
/**
* The reason sent to the Notification and the frontend view,
* to tell the user why the 2FA check was triggered.
*
* @return string
*/
public function message(): string
{
return $this->message ?: __('your account activated the 2FA auth');
}
}
namespace App\Auth\Policies;
use Hydrat\Laravel2FA\Policies\AbstractPolicy;
class ActivePolicy extends AbstractPolicy
{
/**
* Check that the request passes the policy.
* If this return false, the 2FA Auth will be triggered.
*
* @return bool
*/
public function passes(): bool
{
if ($this->user->hasTwoFactorAuthActive()) {
$this->message = __('your account activated the 2FA auth');
return false;
}
if ($this->user->didntSpecifyTwoAuthActive()) {
$this->message = __('2FA auth is activated by default');
return false;
}
if (anyReason()) {
return false; // will use the default reason used in message() method.
}
return true;
}
/**
* The reason sent to the Notification and the frontend view,
* to tell the user why the 2FA check was triggered.
*
* @return string
*/
public function message(): string
{
return $this->message ?: __('2FA auth is automatically activated for your account');
}
}
return [
'policy' => [
'active', // your new rule !
'browser', // if 2FA is not activated for the account, will check anyways if the browser is known
],
[...]
'mapping' => [
[...]
'active' => \Auth\Policies\ActivePolicy::class,
],
];
/**
* An action to perform on successful 2FA login.
* May be used to remember stuff for the next policy check.
*
* @return void
*/
public function onSucceed(): void
{
Cookie::queue(
'2fa_remember',
$this->attempt->uid,
1440
);
}
namespace App\Auth\Drivers;
use Hydrat\Laravel2FA\Drivers\BaseDriver;
use Hydrat\Laravel2FA\Contracts\TwoFactorAuthenticatableContract as Authenticatable;
class CustomDriver extends BaseDriver
{
/**
* Check if must trigger 2FA token for this user.
*
* @param \Illuminate\Http\Request $request
* @param \Hydrat\Laravel2FA\Contracts\TwoFactorAuthenticatableContract $user
*
* @return bool
*/
public function mustTrigger(Request $request, Authenticatable $user): bool
{
// custom workflow.
}
}