oops/google-authenticator
最新稳定版本:2.2.0
Composer 安装命令:
composer require oops/google-authenticator
包简介
Two-factor authenticator via TOTP algorithm.
README 文档
README
Oops/TotpAuthenticator implements the TOTP algorithm that lets you easily set up a two-factor authentication mechanism. The TOTP, in short, generates a pseudo-random six-digit number based on current Unix time and given seed (a base32 string of at least 16 characters). The seed is shared between you and mobile app and passed to the app via a QR code. Whenever you need to authenticate the user, ask them to enter the code generated by the application, and verify it against the code generated by your server.
Installation and requirements
$ composer require oops/totp-authenticator
Oops/TotpAuthenticator requires PHP >= 7.2.
Usage
If you use Nette's DI container, you can easily integrate Oops/TotpAuthenticator with a few lines of configuration:
extensions:
totp: Oops\TotpAuthenticator\DI\TotpAuthenticatorExtension
totp:
timeWindow: 1
issuer: MyApp
Otherwise, you can directly instantiate Oops\TotpAuthenticator\Security\TotpAuthenticator and optionally configure it:
$totpAuthenticator = (new Oops\TotpAuthenticator\Security\TotpAuthenticator) ->setIssuer('MyApp') ->setTimeWindow(1);
The timeWindow option sets a benevolence that compensates for possible differences between your server's time and the app's time. The default value is 1, which means the code for previous or next 30-second block would be also considered valid. You can set it to zero if you want to be super strict, but I'd strongly recommend not setting it to a higher value than one.
The issuer is optional, but is quite useful if you use some generic value as the user's account name, such as their email address. As multiple services can use that same value as a way of identifying the user, you should provide issuer to distinguish your app's code in the TOTP app.
Setting up 2FA
First, you need to generate a secret - a base32 string - that is shared between you and the application. TotpAuthenticator provides a method for that. The secret must be unique to the user and should thus be stored somewhere with other user data, e.g. in the database. Just remember to encrypt it as it is a very sensitive piece of information.
$secret = $totpAuthenticator->getRandomSecret();
Then, you can display the secret and unique account name (e.g. user's email address) to the user, or, more conveniently, provide them with a QR code containing the URI in a specific format. Again, TotpAuthenticator can build the URI for you:
$uri = $totpAuthenticator->getTotpUri($secret, $accountName);
Verification
Once the user has set up the account in their TOTP app, you can ask them to enter the 6-digit code and easily verify it against the secret:
if ($totpAuthenticator->verifyCode($code, $secret)) { // successfully verified } else { // incorrect code }
oops/google-authenticator 适用场景与选型建议
oops/google-authenticator 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 21 次下载、GitHub Stars 达 19, 最近一次更新时间为 2014 年 11 月 16 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「Authentication」 「totp」 「2fa」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 oops/google-authenticator 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 oops/google-authenticator 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 oops/google-authenticator 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
Provide a way to secure accesses to all routes of an symfony application.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
It's a barebone security class written on PHP
统计信息
- 总下载量: 21
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 19
- 点击次数: 28
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: BSD-3-Clause
- 更新时间: 2014-11-16