• Stars
    star
    825
  • Rank 55,281 (Top 2 %)
  • Language
    PHP
  • License
    MIT License
  • Created over 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A One Time Password Authentication package, compatible with Google Authenticator for Laravel

Google2FA for Laravel

Latest Stable Version License Code Quality Build

Downloads Coverage StyleCI PHP

Google Two-Factor Authentication Package for Laravel

Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.

This package is a Laravel bridge to Google2FA's PHP package.

The intent of this package is to create QRCodes for Google2FA and check user typed codes. If you need to create backup/recovery codes, please check below.

Recovery/Backup codes

if you need to create recovery or backup codes to provide a way for your users to recover a lost account, you can use the Recovery Package.

Demos, Example & Playground

Please check the Google2FA Package Playground.

playground

Here's an demo app showing how to use Google2FA: google2fa-example.

You can scan the QR code on this (old) demo page with a Google Authenticator app and view the code changing (almost) in real time.

Compatibility

Laravel Google2FA Google2FA-Laravel
4.2 <= 1.0.1
5.0-5.1 <= 1.0.1
5.2-10.x >= 2.0.0 >= 0.2.0

Before Google2FA 2.0 (Laravel 5.1) you have to install pragmarx/google2fa:~1.0, because this package was both a Laravel package and a PHP (agnostic).

Demo

Click here to see the middleware demo:

middleware

Installing

Use Composer to install it:

composer require pragmarx/google2fa-laravel

Installing on Laravel

Laravel 5.5 and above

You don't have to do anything else, this package autoloads the Service Provider and create the Alias, using the new Auto-Discovery feature.

Laravel 5.4 and below

Add the Service Provider and Facade alias to your app/config/app.php (Laravel 4.x) or config/app.php (Laravel 5.x):

PragmaRX\Google2FALaravel\ServiceProvider::class,

'Google2FA' => PragmaRX\Google2FALaravel\Facade::class,

Publish the config file

php artisan vendor:publish --provider="PragmaRX\Google2FALaravel\ServiceProvider"

Using It

Use the Facade

use Google2FA;

return Google2FA::generateSecretKey();

In Laravel you can use the IoC Container

$google2fa = app('pragmarx.google2fa');

return $google2fa->generateSecretKey();

Middleware

This package has a middleware which will help you code 2FA on your app. To use it, you just have to:

Add the middleware to your Kernel.php:

protected $routeMiddleware = [
    ...
    '2fa' => \PragmaRX\Google2FALaravel\Middleware::class,
];

Using it in one or more routes:

Route::get('/admin', function () {
    return view('admin.index');
})->middleware(['auth', '2fa']);

QRCode

This package uses the Google2FA-QRCode package, please check it for more info on how to configure the proper QRCode generators for your use case.

Imagick QRCode Backend

There are three available: imagemagick (default), svg and eps.

You can change it via config:

/*
 * Which image backend to use for generating QR codes?
 *
 * Supports imagemagick, svg and eps
 */
'qrcode_image_backend' => \PragmaRX\Google2FALaravel\Support\Constants::QRCODE_IMAGE_BACKEND_IMAGEMAGICK,

Or runtime:

Google2FA::setQRCodeBackend('svg');

Configuring the view

You can set your 'ask for a one time password' view in the config file (config/google2fa.php):

/**
 * One Time Password View
 */
'view' => 'google2fa.index',

And in the view you just have to provide a form containing the input, which is also configurable:

/**
 * One Time Password request input name
 */
'otp_input' => 'one_time_password',

Here's a form example:

    <form action="/google2fa/authenticate" method="POST">
        <input name="one_time_password" type="text">

        <button type="submit">Authenticate</button>
    </form>

One Time Password Lifetime

Usually an OTP lasts forever, until the user logs off your app, but, to improve application safety, you may want to re-ask, only for the Google OTP, from time to time. So you can set a number of minutes here:

/**
* Lifetime in minutes.
* In case you need your users to be asked for a new one time passwords from time to time.
*/

'lifetime' => 0, // 0 = eternal

Keep in mind that this uses the Laravel sessions in the background. If this number exceeds the value set in config('session.lifetime') you will still be logged out, even if your OTP lifetime has not expired.

And you can decide whether your OTP will be kept alive while your users are browsing the site or not:

/**
 * Renew lifetime at every new request.
 */

'keep_alive' => true,

Manually logging out from 2Fa

This command will logout your user and redirect he/she to the 2FA form on the next request:

Google2FA::logout();

If you don't want to use the Facade, you may:

use PragmaRX\Google2FALaravel\Support\Authenticator;

(new Authenticator(request()))->logout();

Throttling / Lockout after X attempts

Unless you need something really fancy, you can probably use Laravel's route throttle middleware for that:

Route::get('/admin', function () {
    return view('admin.index');
})->middleware(['auth', '2fa', 'throttle']);

Stateless usage

$authenticator = app(Authenticator::class)->bootStateless($request);

if ($authenticator->isAuthenticated()) {
    // otp auth success!
}

You can also use a stateless middleware:

protected $routeMiddleware = [
    ...
    '2fa' => \PragmaRX\Google2FALaravel\MiddlewareStateless::class,
];

Events

The following events are fired:

  • EmptyOneTimePasswordReceived
  • LoggedOut
  • LoginFailed
  • LoginSucceeded
  • OneTimePasswordExpired
  • OneTimePasswordRequested

Documentation

Check the ReadMe file in the main Google2FA repository.

Tests

The package tests were written with phpspec.

Author

Antonio Carlos Ribeiro

License

Google2FA is licensed under the MIT License - see the LICENSE file for details

Contributing

Pull requests and issues are more than welcome.

More Repositories

1

tracker

Laravel Stats Tracker
PHP
2,824
star
2

health

Laravel Health Panel
PHP
1,879
star
3

countries

Laravel countries and currencies
PHP
1,741
star
4

google2fa

A One Time Password Authentication package, compatible with Google Authenticator.
PHP
1,684
star
5

firewall

Firewall package for Laravel applications
PHP
1,362
star
6

tddd

A Laravel Continuous Integration Package
Vue
727
star
7

version

Laravel App versioning
PHP
565
star
8

laravelcs

Laravel PHP_CodeSniffer
PHP
236
star
9

deeployer

Deploy your Laravel applications via Github or Bitbucket Hooks
PHP
146
star
10

countries-laravel

Countries for Laravel
PHP
141
star
11

yaml

A Laravel YAML parser and config loader
PHP
110
star
12

zipcode

Zip code searcher
PHP
97
star
13

steroids

Laravel 4 Blade on Steroids
PHP
95
star
14

coollection

Laravel Collection Objectified
PHP
87
star
15

google2fa-qrcode

QRCode for Google2FA
PHP
84
star
16

recovery

Create recovery/backup codes for 2FA
PHP
72
star
17

random

Generate random strings or numeric values
PHP
70
star
18

glottos

A PHP 5.3+ Translation/Localization System
PHP
69
star
19

sqli

A Laravel Artisan SQL Interactive Interface
PHP
60
star
20

support

Support Classes
PHP
58
star
21

ia-arr

Laravel Illuminate Agnostic Arr
PHP
49
star
22

ia-str

Laravel Illuminate Agnostic Str
PHP
46
star
23

ia-collection

Laravel Illuminate Agnostic Collection
PHP
43
star
24

artisan-anywhere

Execute Artisan from anywhere in your Laravel project tree
43
star
25

dev-box

Development Box Provisioning in Ansible
Shell
41
star
26

artisan-tool

Nova Artisan Tool
PHP
35
star
27

glottosAdmin

Glottos Admin Panel and Starter
JavaScript
27
star
28

laravel-installer

Laravel Framework Installer Script for Unlix-Like Systems
Shell
26
star
29

google2fa-starter

Google2FA Starter App
PHP
26
star
30

tddd-starter

Laravel TDDD Starter App
PHP
23
star
31

nova-boolean-datetime-field

A Laravel Nova Boolean DateTime field
PHP
20
star
32

skel

A PHP Package Creator & Skeleton
Shell
12
star
33

health-docker

App Health Panel for Docker Environments
PHP
8
star
34

google2fa-php

A One Time Password Authentication PHP class, compatible with Google Authenticator
PHP
6
star
35

lumen-image-processor

Lumen Image Processor
PHP
5
star
36

http-basic-auth

HTTP Basic Auth middleware for Laravel
Shell
3
star
37

trivia

Trivia database
PHP
3
star
38

vanhack-agentbot

Vanhack Agent Bot
PHP
3
star
39

pragmarx.com

Source of pragmarx.com
PHP
3
star
40

zsh

zsh
Shell
3
star
41

backup-server

backup-server
PHP
3
star
42

googleforms

Post to Google Form Spreadsheets
PHP
2
star
43

sdk

sdk
PHP
1
star
44

fluxbb-style

The FluxBB style for the Laravel forums.
1
star
45

core-libraries

core libraries
PHP
1
star
46

veveystore

Vevey Store
HTML
1
star
47

a17ex

Area 17 Exercice
PHP
1
star
48

church.api

Church API
PHP
1
star