❗ This package is no longer maintained. Its functionality has been superceded by laravel's jetstream package in newer versions of laravel. It will remain up for a while to satisfy a few straggler projects that are still depending on it, but expect it to be officially archived at some point, probably by or during 2022.
Wanting to learn how packaging for Laravel works and after integrating two-factor authentication for a project at work, I made a little weekend project of building this zero-effort two-factor package for apps using Laravel with the core auth system.
Strictly speaking, I've more or less accomplished my goal of a zero setup install. To make the feature useful to your users, of course, you need to put an element somewhere, but I've provided a drop-in blade fragment you can copy or use as a guide to make your own.
php >= 7.2laravel/framework >= 6google2fa-laravel
This package is intended for use in apps using basic Laravel Auth support
and could pose problems alongside other packages or app customizations which
modify the normal handling of the App\Http\Controllers\Auth\LoginController
methods.
All of the migrations, routes and views are sourced at runtime dynamically so no publishing is required, just install and run the migration(s).
composer require jrebs/rapid2fa
php artisan migrate
You can override all config settings with environmental vars, but if you want to override the default values used by the config you can publish the config file to your application's config folder and then modify.
php artisan vendor:publish --provider=Jrebs\\Rapid2FA\\Providers\\Rapid2FAServiceProviderIt's not required, but for safety, I recommend adding google2fa_secret to
your App\User::$hidden array. This will tell Eloquent not to include this
field when serializing objects, such as in the case of JSON responses.
You can define environmental variables to prevent this package from
overloading your application's /login routes as well as define custom
strings to use for validation errors and other small feedback responses.
| config | env | type | effect |
|---|---|---|---|
rapid2fa.app_login_form |
RAPID2FA_APP_LOGIN_FORM |
bool |
Set true to allow the app to route the login form render |
rapid2fa.app_login_post |
RAPID2FA_APP_LOGIN_POST |
bool |
Set true to allow the app to route the login handler |
rapid2fa.failed_text |
RAPID2FA_STR_FAILED |
string |
Overrides the default validation message returned on two-factor failure |
rapid2fa.enabled_text |
RAPID2FA_STR_ENABLED |
string |
Override the default two-factor enabled notice |
rapid2fa.disabled_text |
RAPID2FA_STR_ENABLED |
string |
Override the default two-factor disabled notice |
rapid2fa.denied_text |
RAPID2FA_STR_DENIED |
string |
Override the default message when a user redirected because of require2fa middleware |
It's ready to use. All you need is to offer your users a way to enable or disable two-factor. Either include this fragment into a view template or come up with your own display method.
@include('rapid2fa::toggle')A simple middleware layer is available so that you can require a user to be using two-factor authentication to be able to access particular routes.
Route::middleware(['requires2fa'])->get('/personal', function () {
// this stuff is extra secret!
});This package provides a login form view and a basic view for showing QR codes
to enable two-factor. To modify these views for your application, copy to
resources/views/vendor/rapid2fa and then season to taste.
- Make configurable text strings translatable
- Possibly refactor to downgrade dependence from
google2fa-laravelto justgoogle2fa.
This package is merely a connector for a bunch of pre-existing functionality which was graciously made available to us all. Thanks are due to many, but especially to Taylor Otwell for Laravel and Antonio Ribeiro for Google2FA.