PHP download

Download the PHP package michaeldzjap/twofactor-auth without Composer

On this page you can find all versions of the php package michaeldzjap/twofactor-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download michaeldzjap/twofactor-auth
More information about michaeldzjap/twofactor-auth
Files in michaeldzjap/twofactor-auth

Vendor michaeldzjap
Package twofactor-auth
Short Description A two-factor authentication package for Laravel tuned for use with MessageBird Verify
License MIT
Homepage https://github.com/michaeldzjap/twofactor-authentication

Keywords Authentication two-factor laravel 2fa messagebird

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of michaeldzjap/twofactor-auth

Informations about the package twofactor-auth

laravel-two-factor-authentication

A two-factor authentication package for Laravel >= 8 (for Laravel 5 to 7 you will need version 1 or 2 of this package)

Description
Important
- Optional Correction
Installation
Changes to the Login Process
- Failed Verification Attempt Handling
Using a Custom Provider
Errors and Exceptions
Testing

Description

This is a two-factor authentication package for Laravel. It is heavily inspired by the Laravel Two-Factor Authentication package. The main differences between this package and the aforementioned package are:

This package currently only works out of the box with the MessageBird Verify api or the 'null' driver that goes through all the steps of the two-factor authentication process without actually doing any real verification. This could be useful for testing purposes. You can however, specify a custom provider yourself.
This package uses throttling to limit the number of unsuccessful authentication attempts in a certain amount of time.
The current version of this package is only guaranteed to work with Laravel >= 8. Version 2. of this package works with Laravel 5.5 to 7. Version 1. of this package works with Laravel 5.4. Versions of Laravel prior to 5.4 have not been tested.

Important

From Laravel 5.8 and onwards, the default is to use bigIncrements instead of increments for the id column on the users table. As such, the default for this package is to use the same convention for the user_id column on the two_factor_auths table. If this is not what you want, you can change this to your liking by modifying the migration files that are published for this package.

Publishing the package's migration files allows for more flexibility with regards to customising your database structure. However, it could also cause complications if you already have ran migrations as part of installing previous versions of this package. In this case you simply might want to bypass running the migrations again or only run them when in a specific environment. The Schema::hasColumn() and Schema::hasTable() methods should be of use here.

Optional Correction

Versions of this package prior to v2.3.0 incorrectly created the user_id column on the two_factor_auths table using increments instead of unsignedInteger. Practically speaking, this error is of no concern. Although there is no need to have a primary key for the user_id column, it doesn't cause any problems either. However, if for some reason you don't like this idea, it is safe to remove the primary key using a migration of the form

Note that you will need the doctrine/dbal package for this migration to work. Furthermore, if the id column on your users table is of type bigIncrements you will have to change the lines $table->unsignedInteger('user_id')->change(); to $table->unsignedBigInteger('user_id')->change(); and $table->increments('user_id')->change(); to $table->bigIncrements('user_id')->change(); respectively.

Installation

To install using Composer run:

If you want to use MessageBird Verify as the two-factor authentication provider then you also need to install the MessageBird PHP api:

and don't forget to add your MESSAGEBIRD_ACCESS_KEY and TWO_FACTOR_AUTH_DRIVER=messagebird variables to the .env. If you instead wish to use the 'null' driver (default) then do NOT define the TWO_FACTOR_AUTH_DRIVER variable in your .env.

From Laravel 7 and onwards you will also need to install the laravel/ui package:
Add the service provider to the 'providers' array in config/app.php:
Run the following artisan command to publish the configuration, language and view files:

If you want to publish only one of these file groups, for instance if you don't need the views or language files, you can append one of the following commands to the artisan command: --tag=config, --tag=lang or --tag-views.
Important: Make sure you do this step before you run any migrations for this package, as otherwise it might give you unexpected results.

From Laravel 5.8 and on, the default is to use bigIncrements instead of increments for the id column on the users table. As such, the default for this package is to use the same convention for the user_id column on the two_factor_auths table. If this is not what you want, you can modify the published migration files for this package.
Run the following artisan command to run the database migrations

This will add a mobile column to the users table and create a two_factor_auths table.
Add the following trait to your User model:

Optionally, you might want to add 'mobile' to your $fillable array.

Changes to the Login Process

The following two-factor authentication routes will be added automatically:

The first route is the route the user will be redirected to once the two-factor authentication process has been initiated. The second route is used to verify the two-factor authentication token that is to be entered by the user. The showTwoFactorForm controller method does exactly what it says. There do exist cases where you might want to respond differently however. For instance, instead of loading a view you might just want to return a json response. In that case you can simply overwrite showTwoFactorForm in the TwoFactorAuthController to be discussed below.

Add the following import to LoginController:

and also add the following functions:

and

and lastly

You can discard the third function if you do not want to send a two-factor authentication token automatically after a successful login attempt. Instead, you might want the user to instantiate this process from the form him/herself. In that case you would have to add the required route and controller method to trigger this function yourself. The best place for this would be the TwoFactorAuthController to be discussed next.
Add a TwoFactorAuthController in app/Http/Controllers/Auth with the following content:
If you want to give textual feedback to the user when two-factor authentication fails due to an expired token or when throttling kicks in you may want to add this to resources/views/auth/login.blade.php:

Failed Verification Attempt Handling

The default behaviour is to redirect to the previous view with an error message in case token verification fails. However, there most likely are instances where you would like to handle a failed token verification attempt differently. For instance, in the case of MessageBird a token can only be verified once. Any attempt with the same token after a first failed attempt will always throw a TokenAlreadyProcessedException and hence, it would make more sense to either redirect to the /login route again to start the entire authentication process from scratch or to redirect to a view where a new token can be requested.

In order to change the default behaviour it is possible to specify either a $redirectToAfterFailure property or a protected redirectToAfterFailure method on your TwoFactorAuthController. If one of these is present (the method taking precedence over the property), the default behaviour is bypassed and the user will be redirected to the specified route. To give a simple example, suppose you simply want to redirect to the /login route after a failed verification attempt you would structure your TwoFactorAuthController like:

Redirecting a user to a route for generating a fresh authentication token would require a bit more work, but certainly is possible this way.

Using a Custom Provider

Since the v2.1.0 release it is possible to user your own custom provider. To do so your provider needs to implement MichaelDzjap\TwoFactorAuth\Contracts\TwoFactorProvider (and possibly MichaelDzjap\TwoFactorAuth\Contracts\SMSToken if you want to send the authentication token via SMS).

Assuming the name of your custom provider is 'dummy', you should register it with TwoFactorAuthManager from a service provider (could be \App\Providers\AppServiceProvider):
Add an entry for you custom provider in the 'provider' array in app/config/twofactor-auth.php:
Lastly, don't forget to change the name of the provider in your .env:

Errors and Exceptions

Unfortunately the MessageBird php api throws rather generic exceptions when the verification of a token fails. The only way to distinguish an expired token from an invalid token is by comparing their error messages, which obviously is not a very robust mechanism. The reason this is rather unfortunate is because in the case of an invalid token we want to give the user at least a few (3) changes to re-enter the token before throttling kicks in, whereas in the case of an expired token we just want to redirect to the login screen right away.

Testing

An example project including unit and browser tests can be found here.

All versions of twofactor-auth with dependencies

PHP Build Version

Package Version

Version v3.4.0 Release 01. Sep 2024
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of twofactor-auth from vendor michaeldzjap

Requires illuminate/support Version ^8.0 || ^9.0 || ^10.0 || ^11.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package michaeldzjap/twofactor-auth contains the following files

Loading the files please wait ....