Skip to content
/ rapid2fa Public

Seamlessly integrate Google two-factor support into Laravel's basic Auth package

Notifications You must be signed in to change notification settings

jrebs/rapid2fa

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Rapid2FA Package for Laravel

This package is no longer maintained. Its functionality has been superceded by laravel's jetstream package in newer versions of laravel. It will remain up for a while to satisfy a few straggler projects that are still depending on it, but expect it to be officially archived at some point, probably by or during 2022.

Wanting to learn how packaging for Laravel works and after integrating two-factor authentication for a project at work, I made a little weekend project of building this zero-effort two-factor package for apps using Laravel with the core auth system.

Strictly speaking, I've more or less accomplished my goal of a zero setup install. To make the feature useful to your users, of course, you need to put an element somewhere, but I've provided a drop-in blade fragment you can copy or use as a guide to make your own.

Requirements

  • php >= 7.2
  • laravel/framework >= 6
  • google2fa-laravel

This package is intended for use in apps using basic Laravel Auth support and could pose problems alongside other packages or app customizations which modify the normal handling of the App\Http\Controllers\Auth\LoginController methods.

Installation

All of the migrations, routes and views are sourced at runtime dynamically so no publishing is required, just install and run the migration(s).

composer require jrebs/rapid2fa
php artisan migrate

You can override all config settings with environmental vars, but if you want to override the default values used by the config you can publish the config file to your application's config folder and then modify.

php artisan vendor:publish --provider=Jrebs\\Rapid2FA\\Providers\\Rapid2FAServiceProvider

It's not required, but for safety, I recommend adding google2fa_secret to your App\User::$hidden array. This will tell Eloquent not to include this field when serializing objects, such as in the case of JSON responses.

Configuration

You can define environmental variables to prevent this package from overloading your application's /login routes as well as define custom strings to use for validation errors and other small feedback responses.

config env type effect
rapid2fa.app_login_form RAPID2FA_APP_LOGIN_FORM bool Set true to allow the app to route the login form render
rapid2fa.app_login_post RAPID2FA_APP_LOGIN_POST bool Set true to allow the app to route the login handler
rapid2fa.failed_text RAPID2FA_STR_FAILED string Overrides the default validation message returned on two-factor failure
rapid2fa.enabled_text RAPID2FA_STR_ENABLED string Override the default two-factor enabled notice
rapid2fa.disabled_text RAPID2FA_STR_ENABLED string Override the default two-factor disabled notice
rapid2fa.denied_text RAPID2FA_STR_DENIED string Override the default message when a user redirected because of require2fa middleware

Usage

It's ready to use. All you need is to offer your users a way to enable or disable two-factor. Either include this fragment into a view template or come up with your own display method.

@include('rapid2fa::toggle')

Middleware

A simple middleware layer is available so that you can require a user to be using two-factor authentication to be able to access particular routes.

Route::middleware(['requires2fa'])->get('/personal', function () {
    // this stuff is extra secret!
});

Customization

This package provides a login form view and a basic view for showing QR codes to enable two-factor. To modify these views for your application, copy to resources/views/vendor/rapid2fa and then season to taste.

TODO

  • Make configurable text strings translatable
  • Possibly refactor to downgrade dependence from google2fa-laravel to just google2fa.

Thanks

This package is merely a connector for a bunch of pre-existing functionality which was graciously made available to us all. Thanks are due to many, but especially to Taylor Otwell for Laravel and Antonio Ribeiro for Google2FA.

About

Seamlessly integrate Google two-factor support into Laravel's basic Auth package

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published