Two Factor Authentication or 2-Step Verification provides stronger security for your Account by requiring a second step of verification when you sign in. In addition to your password, you’ll also need a code generated by the Google Authenticator app on your phone. This package implements TOTP defined in RFC 6238
Note: Current implementation is buggy using Authy as Google Authenticator uses SHA-1 with 128-bit keys whereas Authy uses SHA-2 with 256-bit keys. SHA-2 with 256-bit key is coming in verion 0.1.0
. But if wish to use Authy as well as Google Authenticator I'd suggest to go with default setting of period
, number_of_digits
and algorithm
.
1. Composer Install
$ composer require thecodework/two-factor-authentication
Note - If your're using Laravel 5.5 or newer version then auto-discovery-pacakge would automatically update the providers and you could skip to Step 3
2. Add Service Provider
After requiring the package add TwoFactorAuthenticationServiceProvider::class
into providors array in app.php
confi file
[
'providers' => [
//...
Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider::class
]
]
3. Publish the ConfigFile
Publish config file
$ php artisan vendor:publish --provider="Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider" --tag=config
Once the config file is published you can navigate to config directory of your application and look for 2fa-config.php
file and change configuration as you want.
4. Run Migrations
Now run the migration
$ php artisan migrate
It will use the default User model and adds two columns is_2fa_enabled
and secret_key
.
5. Add AuthenticatesUserWith2FA
trait in the LoginController
Now the config file is placed. The last thing to do is addding AuthenticatesUsersWith2FA
trait in the Http/Controllers/Auth/LoginController.php
file which helps to stop user at verify-2fa page to enter TOTP token after each login.
The final snippet will look like this.
use AuthenticatesUsers, AuthenticatesUsersWith2FA {
AuthenticatesUsersWith2FA::authenticated insteadof AuthenticatesUsers;
}
Note: Don't forget to include use statement use Thecodework\TwoFactorAuthentication\AuthenticatesUsersWith2FA
in the header.
6. Setup 2FA for user
• Enable 2FA
Now login to the application and visit /setup-2fa/
route, which will show a barcode which can be scanned either using Google Authenticator or Authy mobile application as described above.
Scan that code and click Enable Two Factor Authentication.
• Disable 2FA
To disable Two Factor, visit /setup-2fa
route, which will now show a Disable Two Factor Authentication button. Click to disable 2FA for your account.
7. Testing 2FA
Now to test 2FA, perform logout and log back in again, it will ask you to enter Token which can be obtain from the authenticator mobile application. Enter the token and you're logged in.
If you want to publish views, and migration as well along with config file then run
$ php artisan vendor:publish --provider="Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider"
Feel free to create issues, submit PRs and talk about features and enhancement through proposing issue. If you find any security consideration, instead of creating an issue send an email to [email protected].