fleetfoot/otp

Laravel5 OTP manager

laravel-otp

Laravel 5 OTP Generation., _(*1)

The module generates OTPs and validates them. You can plug your own notifier (such as AWS SNS) to send the OTPs to various channels., _(*2)

Several configuration options are provided: - Expiration duration - Maximum OTPs allowed for a client during the expiration time - Length of OTP - Blacklisting clients - Dafault length of OTP - Allowed validation OTP attempts - Validation OTP attempts count time, _(*3)

Installation

Via composer

1. Run composer require fleetfoot/otp
2. Add Fleetfoot\OTP\OTPServiceProvider to your providers array in config/app.php
3. Run composer dump-autoload
4. Run php artisan vendor:publish
5. Run php artisan migrate

Done!, _(*4)

Configuration options

The package publishes config/otp.php. It is well documented., _(*5)

Usage

The package provides with the following helpers: 1. Manager 2. Generator 3. Validator, _(*6)

You can use Manager to interact with the whole module. It acts as a wrapper for the complete functionality. However, you are free to use other helpers to generate and validate the OTPs., _(*7)

Generate an OTP

To generate an OTP, call generate method of Manager. This takes two mandatory arguments: module and ID. Both are strings. You can pass anything here, but keep in mind that this combination will be used to validate the OTP. For e.g. $manager->generate('users', '1') will return an OTP for the combination of 'users' module and ID '1'. If you want change default OTP length you can set optional third param $manager->generate('users', '1', 6), _(*8)

Validate an OTP

To validate, call isValid() of the manager. It will return boolean based on the validity of the OTP. Validation makes sure the module + ID is not blocked, the token is not expired and validation attemts is not еxceeded, _(*9)

Blocking and Unblocking

You won't be able to validate OTP and generate anymore OTPs for blocked module + ID combination., _(*10)

To block use: $manager->block('users', '1'), _(*11)

To unblock use: $manager->unblock('users', '1'), _(*12)

Notifications

The manager gives notify() method which accepts any implementation of Notifier interface. You can implement this interface as per your business logic., _(*13)

You might want to call useOtp() of the manager after the varification process completes. If you do not call this method, OTP will remain valid till it reaches its expiry limit., _(*14)

Clean outdated OTPs and validation attemps

You can clean up outdated OTPs and validation attempts by running: php artisan otp:clean, _(*15)

You can do it in schedule: $schedule->command('otp:clean')->daily();, _(*16)

Contributions

All contributions are welcome! Create a fork, create PRs, discuss!, _(*17)

TODO

1. Add option for numeric/alphanumeric code generation
2. Provide example implementation(s) for Notifier
3. Find a better way to remove expired OTPs from DB