定制 andrej-griniuk/cakephp-two-factor-auth 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

andrej-griniuk/cakephp-two-factor-auth

Composer 安装命令:

composer require andrej-griniuk/cakephp-two-factor-auth

包简介

CakePHP auth component and provider fot two-factor authentication

README 文档

README

Build Status codecov License

TwoFactorAuth plugin for CakePHP

This plugin provides two factor authentication functionality using RobThree/TwoFactorAuth library. Basically, it works similar way CakePHP FormAuthenticate does. After submitting correct username/password, if the user has secret field set, he will be asked to enter a one-time code. Attention: it only provides authenticate provider and component and does not take care of users signup, management etc.

Requirements

  • CakePHP 5.0+ (use ^1.3 version for CakePHP <3.7, ^2.0 version for CakePHP 3.x, ^3.0 version for CakePHP 4.x)

Installation

You can install this plugin into your CakePHP application using Composer.

composer require andrej-griniuk/cakephp-two-factor-auth

Usage

First of all you need to add secret field to your users table (field name can be changed to TwoFactorAuth.Form authenticator configuration).

ALTER TABLE `users` ADD `secret` VARCHAR(255) NULL;

Second, you need to load the plugin in your Application.php

$this->addPlugin('TwoFactorAuth');

Alternatively, execute the following line:

bin/cake plugin load TwoFactorAuth

You can see the default config values here and find out what do they mean here. To overwrite them, pass them as TwoFactorForm authenticator values.

Then you need to set up authentication in your Application.php as you would normally do it, but using TwoFactorForm authenticator instead of Form, e.g.:

class Application extends BaseApplication implements AuthenticationServiceProviderInterface
{
    public function bootstrap(): void
    {
        // Call parent to load bootstrap from files.
        parent::bootstrap();

        $this->addPlugin('TwoFactorAuth');
        $this->addPlugin('Authentication');
    }

    public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
    {
        // Various other middlewares for error handling, routing etc. added here.

        // Create an authentication middleware object
        $authentication = new AuthenticationMiddleware($this);

        // Add the middleware to the middleware queue.
        // Authentication should be added *after* RoutingMiddleware.
        // So that subdirectory information and routes are loaded.
        $middlewareQueue->add($authentication);

        return $middlewareQueue;
    }

    public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
    {
        $service = new AuthenticationService();
        $service->setConfig([
            'unauthenticatedRedirect' => '/users/login',
            'queryParam' => 'redirect',
        ]);

        // Load the authenticators, you want session first
        $service->loadAuthenticator('Authentication.Session');
        $service->loadAuthenticator('TwoFactorAuth.TwoFactorForm', [
           'identifier' => 'Authentication.Password',
           'loginUrl' => '/users/login',
        ]);

        return $service;
    }
}

Next, in your AppController load the Authentication and TwoFactorAuth components:

// in src/Controller/AppController.php
public function initialize()
{
    parent::initialize();

    $this->loadComponent('Authentication.Authentication');
    $this->loadComponent('TwoFactorAuth.TwoFactorAuth');
}

Once you have the middleware applied to your application you’ll need a way for users to login. A simplistic UsersController would look like:

class UsersController extends AppController
{
    public function beforeFilter(\Cake\Event\EventInterface $event)
    {
        parent::beforeFilter($event);

        $this->Authentication->allowUnauthenticated(['login', 'verify']);
    }

    public function login()
    {
        $result = $this->Authentication->getResult();
        if ($result->isValid()) {
            // If the user is logged in send them away.
            $target = $this->Authentication->getLoginRedirect() ?? '/home';

            return $this->redirect($target);
        }

        if ($this->request->is('post') && !$result->isValid()) {
            if ($result->getStatus() == \TwoFactorAuth\Authenticator\Result::TWO_FACTOR_AUTH_FAILED) {
                // One time code was entered and it's invalid
                $this->Flash->error('Invalid 2FA code');

                return $this->redirect(['action' => 'verify']);
            } elseif ($result->getStatus() == \TwoFactorAuth\Authenticator\Result::TWO_FACTOR_AUTH_REQUIRED) {
                // One time code is required and wasn't yet entered - redirect to the verify action
                return $this->redirect(['action' => 'verify']);
            } else {
                $this->Flash->error('Invalid username or password');
            }
        }
    }

    public function logout()
    {
        $this->Authentication->logout();

        return $this->redirect(['action' => 'login']);
    }

    public function verify()
    {
        // This action is only needed to render a vew with one time code form
    }
}

And verify.php would look like:

<div class="users form content">
    <?= $this->Form->create(null, ['url' => ['action' => 'login']]) ?>
    <fieldset>
        <legend><?= __('Please enter your 2FA code') ?></legend>
        <?= $this->Form->control('code') ?>
    </fieldset>
    <?= $this->Form->button(__('Continue')); ?>
    <?= $this->Form->end() ?>
</div>

Basically, it works same way CakePHP Authentication.Form authenticator does. After entering correct username/password combination, if the user has secret field (can be overwritten via TwoFactorAuth.TwoFactorForm configuration) set he will be redirected to the verify action where he is asked to enter a one-time code. There is no logic behind this action, it only renders the form that has to be submitted to the loginAction again with code field set.

You can access the RobThree\Auth\TwoFactorAuth instance from your controller via $this->TwoFactorAuth->getTfa() or call some of the methods directly on TwoFactorAuth component. For example, you can generate user's secret and get QR code data URI for it this way:

$secret = $this->TwoFactorAuth->createSecret();
$secretDataUri = $this->TwoFactorAuth->getQRCodeImageAsDataUri('CakePHP:user@email.com', $secret);

Then display it in your view:

<img src="<?= $secretDataUri ?>" />

See the library page for full documentation: https://github.com/RobThree/TwoFactorAuth

Bugs & Feedback

https://github.com/andrej-griniuk/cakephp-two-factor-auth/issues

Credits

https://github.com/RobThree/TwoFactorAuth

License

Copyright (c) 2020, Andrej Griniuk and licensed under The MIT License.

andrej-griniuk/cakephp-two-factor-auth 适用场景与选型建议

andrej-griniuk/cakephp-two-factor-auth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 111.64k 次下载、GitHub Stars 达 38, 最近一次更新时间为 2016 年 02 月 12 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「cakephp」 「auth」 「two-factor」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 andrej-griniuk/cakephp-two-factor-auth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 andrej-griniuk/cakephp-two-factor-auth 我们能提供哪些服务?
定制开发 / 二次开发

基于 andrej-griniuk/cakephp-two-factor-auth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 111.64k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 38
  • 点击次数: 36
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 38
  • Watchers: 6
  • Forks: 15
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2016-02-12