Download the PHP package jeffgreco13/filament-breezy without Composer

Enhanced security for Filament v3+ Panels.

Enhanced security features for Filament (v3) Panels. Includes a customizable My Profile page with personal info & avatar support, update password, two factor authentication, and Sanctum token management. Installs in minutes!

Features & Screenshots

My Profile - Personal info with avatar support Update password with customizable validation rules Protected sensitive actions with a password confirmation modal Action Two factor authentication with recovery codes Force the user to enable two factor authentication before they can use the app Create and manage Sanctum personal access tokens

Installation

Install the package via composer and install:

Optionally, you can publish the views using:

Usage & Configuration

You must enable Breezy by adding the class to your Filament Panel's plugin() or plugins([]) method:

Update the auth guard

Breezy will use the authGuard set on the Filament Panel that you create. You may update the authGuard as you please:

NOTE: you must ensure that the model used in your Guard extends the Authenticatable class.

My Profile

Enable the My Profile page with configuration options.

NOTE: if you are using avatars,

Custom My Profile page class

You can also use a custom My Profile page class by extending the default one, and registering it with the plugin.

Using avatars in your Panel

The instructions for using custom avatars is found in the Filament v3 docs under Setting up user avatars.

Here is a possible implementation using the example from the docs:

Customize the avatar upload component

Add column to table

If you wish to have your own avatar, you need to create a column on the users table named avatar_url. It is reccomended that you create a new migration for it, and add the column there:

Add column to user model

Customize password update

You can customize the validation rules for the update password component by passing an array of validation strings, or an instance of the Illuminate\Validation\Rules\Password class.

Exclude default My Profile components

If you don't want a default My Profile page component to be used, you can exclude them using the withoutMyProfileComponents helper.

Create custom My Profile components

In Breezy v2, you can now create custom Livewire components for the My Profile page and append them easily.

1. Create a new Livewire component in your project using:

2. Extend the MyProfileComponent class included with Breezy. This class implements Actions and Forms.

3. Within your Livewire component's view, you can use Breezy's grid-section blade component to match the style:

4. Finally, register your new component with Breezy:

Override My Profile components

You may override the existing MyProfile components to replace them with your own:

If you want to customize only the fields and notification in the personal info component, you can extend the original breezy component:

Now, as mentioned above, give this component to BreezyCore::make()->myProfileComponents to override the original and use your custom component.

Sorting My Profile components

Custom MyProfile components can be sorted by setting their static $sort property. This property can be set for existing MyProfile components in any service provider:

A lot of the time this won't be necessary, though, as the default sort order is spaced out in steps of 10, so there should be enough numbers to place any custom components in between.

Two Factor Authentication

1. Add Jeffgreco13\FilamentBreezy\Traits\TwoFactorAuthenticatable to your Authenticatable model:

2. Enable Two Factor Authentication using the enableTwoFactorAuthentication() method on the Breezy plugin.

3. Adjust the 2FA page

The Breezy 2FA page can be swapped for a custom implementation (see above), same as the Filament auth pages. This allows, for example, to define a custom auth layout like so:

Sanctum Personal Access tokens

As of Laravel 8.x Sanctum is included with Laravel, but if you don't already have the package follow the installation instructions here.

Enable the Sanctum token management component:

Password Confirmation Button Action

This button action will prompt the user to enter their password for sensitive actions (eg. delete). This action uses the same 'password_timeout' number of seconds found in config/auth.php.

Customizing the Registration form

Filament v3+ introduces enhanced capabilities for handling and customizing registration forms seamlessly. This feature is now an integral part of the core Filament functionality. Consequently, the ability to customize registration forms, which was available in Breezy v1, has been deprecated in v2 in favor of the more comprehensive and integrated approach provided by Filament v3+. Laravel Daily has a concise tutorial available, guiding users on creating and registering custom registration forms while incorporating additional fields. Check out the tutorial here for step-by-step instructions.

FAQ

How do 2FA sessions work across multiple panels?

By default, Breezy uses the same guard as defined on your Panel. The default is 'web'. Only panels that have registered the BreezyCore plugin will have access to 2FA. If multiple panels use 2FA, and share the same guard, the User only has to enter the OTP once for the duration of the session.

How does 2FA interact with MustVerifyEmail?

When 2FA is properly configured, and the User is prompted for the OTP code before email verification.

How long does the 2FA session last?

The 2FA session is the same as the Laravel session lifetime. Once the user is logged out, or the session expires, they will need to enter the OTP code again.

Testing

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

• Jeff Greco
• All Contributors

License

The MIT License (MIT). Please see License File for more information.