This bundle provides two-factor authentication for your Symfony application. It comes with the following two-factor authentication methods:
- Google Authenticator
- Email authentication code
Additional features you will like:
- Interface for custom two-factor authentication methods
- Trusted IPs
- Trusted devices (once passed, no more two-factor authentication on that device)
- Single-use backup codes for when you don't have access to the second factor device
- Multi-factor authentication
- CSRF protection
- Whitelisted routes (accessible during two-factor authentication)
composer require scheb/two-factor-bundle
... and follow the installation instructions.
Detailed documentation of all features can be found in the Resources/doc directory.
- Use bundle version 4.x for Symfony 3.4 and 4.x (Recommended version)
- Use bundle version 2.x for Symfony < 3.4
- Use bundle version 1.x for Symfony < 2.6
Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication.
You're welcome to contribute to this bundle by creating a pull requests or feature request in the issues section. For pull requests, please follow these guidelines:
- Symfony code style
- PHP7.1 type hints for everything (including: return types,
void
, nullable types) declare(strict_types=1)
must be used- Please add/update test cases
- Test methods should be named
[method]_[scenario]_[expected result]
Besides new features, translations are highly welcome.
To run the test suite install the dependencies with composer install
and then execute bin/phpunit
.
This bundle is available under the MIT license.