andrej-griniuk/cakephp-two-factor-auth
Composer 安装命令:
composer require andrej-griniuk/cakephp-two-factor-auth
包简介
CakePHP auth component and provider fot two-factor authentication
关键字:
README 文档
README
TwoFactorAuth plugin for CakePHP
This plugin provides two factor authentication functionality using RobThree/TwoFactorAuth library.
Basically, it works similar way CakePHP FormAuthenticate does. After submitting correct username/password, if the user has secret field set, he will be asked to enter a one-time code.
Attention: it only provides authenticate provider and component and does not take care of users signup, management etc.
Requirements
- CakePHP 5.0+ (use ^1.3 version for CakePHP <3.7, ^2.0 version for CakePHP 3.x, ^3.0 version for CakePHP 4.x)
Installation
You can install this plugin into your CakePHP application using Composer.
composer require andrej-griniuk/cakephp-two-factor-auth
Usage
First of all you need to add secret field to your users table (field name can be changed to TwoFactorAuth.Form authenticator configuration).
ALTER TABLE `users` ADD `secret` VARCHAR(255) NULL;
Second, you need to load the plugin in your Application.php
$this->addPlugin('TwoFactorAuth');
Alternatively, execute the following line:
bin/cake plugin load TwoFactorAuth
You can see the default config values here and find out what do they mean here. To overwrite them, pass them as TwoFactorForm authenticator values.
Then you need to set up authentication in your Application.php as you would normally do it, but using TwoFactorForm authenticator instead of Form, e.g.:
class Application extends BaseApplication implements AuthenticationServiceProviderInterface { public function bootstrap(): void { // Call parent to load bootstrap from files. parent::bootstrap(); $this->addPlugin('TwoFactorAuth'); $this->addPlugin('Authentication'); } public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue { // Various other middlewares for error handling, routing etc. added here. // Create an authentication middleware object $authentication = new AuthenticationMiddleware($this); // Add the middleware to the middleware queue. // Authentication should be added *after* RoutingMiddleware. // So that subdirectory information and routes are loaded. $middlewareQueue->add($authentication); return $middlewareQueue; } public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface { $service = new AuthenticationService(); $service->setConfig([ 'unauthenticatedRedirect' => '/users/login', 'queryParam' => 'redirect', ]); // Load the authenticators, you want session first $service->loadAuthenticator('Authentication.Session'); $service->loadAuthenticator('TwoFactorAuth.TwoFactorForm', [ 'identifier' => 'Authentication.Password', 'loginUrl' => '/users/login', ]); return $service; } }
Next, in your AppController load the Authentication and TwoFactorAuth components:
// in src/Controller/AppController.php public function initialize() { parent::initialize(); $this->loadComponent('Authentication.Authentication'); $this->loadComponent('TwoFactorAuth.TwoFactorAuth'); }
Once you have the middleware applied to your application you’ll need a way for users to login. A simplistic UsersController would look like:
class UsersController extends AppController { public function beforeFilter(\Cake\Event\EventInterface $event) { parent::beforeFilter($event); $this->Authentication->allowUnauthenticated(['login', 'verify']); } public function login() { $result = $this->Authentication->getResult(); if ($result->isValid()) { // If the user is logged in send them away. $target = $this->Authentication->getLoginRedirect() ?? '/home'; return $this->redirect($target); } if ($this->request->is('post') && !$result->isValid()) { if ($result->getStatus() == \TwoFactorAuth\Authenticator\Result::TWO_FACTOR_AUTH_FAILED) { // One time code was entered and it's invalid $this->Flash->error('Invalid 2FA code'); return $this->redirect(['action' => 'verify']); } elseif ($result->getStatus() == \TwoFactorAuth\Authenticator\Result::TWO_FACTOR_AUTH_REQUIRED) { // One time code is required and wasn't yet entered - redirect to the verify action return $this->redirect(['action' => 'verify']); } else { $this->Flash->error('Invalid username or password'); } } } public function logout() { $this->Authentication->logout(); return $this->redirect(['action' => 'login']); } public function verify() { // This action is only needed to render a vew with one time code form } }
And verify.php would look like:
<div class="users form content"> <?= $this->Form->create(null, ['url' => ['action' => 'login']]) ?> <fieldset> <legend><?= __('Please enter your 2FA code') ?></legend> <?= $this->Form->control('code') ?> </fieldset> <?= $this->Form->button(__('Continue')); ?> <?= $this->Form->end() ?> </div>
Basically, it works same way CakePHP Authentication.Form authenticator does.
After entering correct username/password combination, if the user has secret field (can be overwritten via TwoFactorAuth.TwoFactorForm configuration) set he will be redirected to the verify action where he is asked to enter a one-time code.
There is no logic behind this action, it only renders the form that has to be submitted to the loginAction again with code field set.
You can access the RobThree\Auth\TwoFactorAuth instance from your controller via $this->TwoFactorAuth->getTfa() or call some of the methods directly on TwoFactorAuth component. For example, you can generate user's secret and get QR code data URI for it this way:
$secret = $this->TwoFactorAuth->createSecret(); $secretDataUri = $this->TwoFactorAuth->getQRCodeImageAsDataUri('CakePHP:user@email.com', $secret);
Then display it in your view:
<img src="<?= $secretDataUri ?>" />
See the library page for full documentation: https://github.com/RobThree/TwoFactorAuth
Bugs & Feedback
https://github.com/andrej-griniuk/cakephp-two-factor-auth/issues
Credits
https://github.com/RobThree/TwoFactorAuth
License
Copyright (c) 2020, Andrej Griniuk and licensed under The MIT License.
andrej-griniuk/cakephp-two-factor-auth 适用场景与选型建议
andrej-griniuk/cakephp-two-factor-auth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 111.64k 次下载、GitHub Stars 达 38, 最近一次更新时间为 2016 年 02 月 12 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「cakephp」 「auth」 「two-factor」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 andrej-griniuk/cakephp-two-factor-auth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 andrej-griniuk/cakephp-two-factor-auth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 andrej-griniuk/cakephp-two-factor-auth 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
CakePHP 4.x AdminLTE Theme.
Filament Two Factor Authentication: Google 2FA + Passkey Authentication
Laravel Multiauth package
Novactive eZ 2FA Bundle is an Ibexa bundle that provides two-factor authentication for your Ibexa project
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
Two-factor Authentication for WordPress
统计信息
- 总下载量: 111.64k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 38
- 点击次数: 36
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2016-02-12