Download the PHP package silverstripe/totp-authenticator without Composer
On this page you can find all versions of the php package silverstripe/totp-authenticator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download silverstripe/totp-authenticator
More information about silverstripe/totp-authenticator
Files in silverstripe/totp-authenticator
Package totp-authenticator
Short Description A TOTP authenticator for use with silverstripe/mfa
License BSD-3-Clause
Informations about the package totp-authenticator
Silverstripe TOTP Authenticator
Log in to Silverstripe with an authenticator app on your phone as a secondary factor, using a time-based one-time password (TOTP).
This module provides a TOTP authenticator that plugs in to the silverstripe/mfa module.
For more information about TOTP, see RFC 6238.
Installation
Configuration
Encryption key
You will need to define an environment variable named SS_MFA_SECRET_KEY
with a random secret key, which is used
for encrypting the TOTP secret. The authentication method will not be available for use until this is correctly defined.
Please note that existing registered TOTP methods for users will not be usable on environments with different values
for SS_MFA_SECRET_KEY
than they were registered in.
There are many ways to create a random secret key, the easiest
is by executing a php
command on the command line. The secret key length depends on your
specific information security controls, but 32 characters is a good baseline.
TOTP secret length
You can also configure the length of the TOTP secret. This is the code that is displayed to users when they register
to use TOTP, for example "alternatively, enter this code manually into your app." The default length is 16 characters.
If you do not want to support manual code entry in your project, you may want to increase the length in order to
increase the entropy of the TOTP secret, however removing the secret from the UI will require adjustments to the React
components. See the RegisterHandler.secret_length
configuration property.
TOTP code length
If you want to change the length of the TOTP codes the application accepts, you can adjust Method.code_length
. The
default length is 6 characters.
User help link
When this method is used on the website during the multi-factor login process, it may show a "find out more" link
to user documentation. You can disable this by nullifying the configuration property RegisterHandler.user_help_link
or you can change it to point to your own documentation instead:
TOTP issuer and label
The TOTP "issuer" is the Silverstripe site name (set in SiteConfig) by default, and the "label" is the member's email
address by default. These are the values that show up in your authenticator app. You can change these if you need
to use something else, by writing an extension on RegisterHandler
:
License
See License
Bugtracker
Bugs are tracked in the issues section of this repository. Before submitting an issue please read over existing issues to ensure yours is unique.
If the issue does look like a new bug:
- Create a new issue
- Describe the steps required to reproduce your issue, and the expected outcome. Unit tests, screenshots and screencasts can help here.
- Describe your environment as detailed as possible: Silverstripe version, Browser, PHP version, Operating System, any installed Silverstripe modules.
Please report security issues to the module maintainers directly. Please don't file security issues in the bug tracker.
Development and contribution
If you would like to make contributions to the module please ensure you raise a pull request and discuss with the module maintainers.
All versions of totp-authenticator with dependencies
silverstripe/mfa Version ^5
silverstripe/siteconfig Version ^5
spomky-labs/otphp Version ^11.1
paragonie/constant_time_encoding Version ^2.6