xruff/totpauth

Nette extension for Time-Based One-Time Password Algorithm

TotpAuth

Nette extension for Time-Based One-Time Password Algorithm, _(*1)

Requirements

Package requires PHP 7.0 or higher, _(*2)

• tracy/tracy
• xruff/basedbmodel
• oops/totp-authenticator
• guzzlehttp/guzzle

Installation

The best way to install XRuff/TotpAuth is using Composer:, _(*3)

$ composer require xruff/totpAuth

Scenario

• logged user activate 2FA in account settings:
  • see QR core
  • scan it with mobile application
  • and click "Confirm Code" button
• next login to your application:
  • user log in standard way (login + password...) and see second login page with form with one field
  • provide code from Authenticator mobile aplication
  • pass through if provided code is right

Documentation

Assumptions:, _(*4)

• create table qr in database, use schema from file sql/qr.sql
• $user->indentity have to contain properties id and username

Configuration in config.neon., _(*5)

extensions:
    totpAuth: XRuff\TotpAuth\DI\TotpAuthExtension

totpAuth:
    issuer: NameOfMyApp  # mandatory
    identityKey: login   # optional, Default is 'login' eg $user->identity->login
    timeWindow: 1        # optional - time tolerance
    codeSize: '300x300'  # optional - size ofgenerated QR code

Presenter:, _(*6)

use XRuff\TotpAuth\Auth;
use Nette\Application\UI;

class HomepagePresenter extends Nette\Application\UI\Presenter
{
    /** @var Auth $auth */
    public $auth;

    public function __construct(Auth $auth)
    {
        $this->auth = $auth;
    }

    public function renderDefault() {
        $this->template->qrCode = $this->auth->getQrBase64();
    }

    public function handleSaveUrl()
    {
        $this->auth->saveSecret();
        $this->redirect('this');
    }

    public function handleResetUrl()
    {
        $this->auth->resetSecret();
        $this->redirect('this');
    }

    protected function createComponentCodeForm()
    {
        $form = new UI\Form;
        $form->addText('code', 'Code');
        $form->addSubmit('submit', 'Auth me');
        $form->onSuccess[] = [$this, 'codeFormSucceeded'];
        return $form;
    }

    public function codeFormSucceeded(UI\Form $form, $values)
    {
        if ($this->auth->verify($values->code)) {
            $this->flashMessage('Success!');
        } else {
            $this->flashMessage('Wrong code.');
        }
        $this->redirect('this');
    }
}

default.latte:, _(*7)

    ...
    {if $qrCode}
        <img src="{$qrCode|nocheck}" alt="">
        <br>
        <a n:href="saveUrl!" class="btn btn-success">Confirm Code (have been added to Mobile Authenticator App)</a>
    {else}
        {control codeForm}
        <a n:href="resetUrl!" class="btn btn-success">Reset auth code</a>
    {/if}
    ...

Repository https://github.com/XRuff/TotpAuth., _(*8)