README

This Symfony bundle provides two-factor authentication for your website. Currently it is shipped with two authentication methods:

• Google Authenticator (via sonata-project/google-authenticator)
• Authentication code sent via email

In addition to this it provides an interface for implementing your own custom two-factor authentication methods.

Compatibility: Use bundle version 1.x for Symfony < 2.6.

Limitations

After the initial login happened, the user is already fully authenticated to the Symfony security layer. The bundle then prevents access to secured and non-secured content by intercepting any request and showing the two-factor authentication form instead.

If you execute code based on the authentication status, make sure to take the two-factor status into account. This can be done by checking access with isGranted (security voter has to be registered, see configuration).

Warning: Just doing a getUser on security.token_storage (or the old security.context) is not secure. You will get a user object even when two-factor authentication is not complete yet.

Documentation

The documentation can be found in the Resources/doc directory.

Contribute

You're welcome to contribute to this bundle by creating a pull requests or feature request in the issues section.

Besides new features, translations are highly welcome.

License

This bundle is available under the MIT license.