2017 © Pedro Peláez
 

yii2-extension yii2-mfa

Multi-factor authentication for Yii2 projects

image

hiqdev/yii2-mfa

Multi-factor authentication for Yii2 projects

  • Monday, March 19, 2018
  • by hiqdev
  • Repository
  • 3 Watchers
  • 3 Stars
  • 506 Installations
  • PHP
  • 2 Dependents
  • 0 Suggesters
  • 4 Forks
  • 1 Open issues
  • 3 Versions
  • 17 % Grown

The README.md

Yii2 MFA

Multi-factor authentication for Yii2 projects, (*1)

Latest Stable Version Total Downloads Build Status Scrutinizer Code Coverage Scrutinizer Code Quality Dependency Status, (*2)

This package provides:, (*3)

  • TOTP - Time-based One-time Password Algorithm used for two factor authentication
  • checking for user allowed IPs
  • generation and checking recovery codes (PLANNED)

Uses:, (*4)

Can be plugged into any exising Yii2 project. See how it is used in hiqdev/hiam., (*5)

Installation

The preferred way to install this yii2-extension is through composer., (*6)

Either run, (*7)

php composer.phar require "hiqdev/yii2-mfa"

or add, (*8)

"hiqdev/yii2-mfa": "*"

to the require section of your composer.json., (*9)

Configuration

This extension provides pluggable configuration to be used with composer-config-plugin., (*10)

Also you can use it usual way by copy-pasting config. See src/config/web.php for configuration example., (*11)

Available configuration parameters:, (*12)

  • organization.name

For more details please see src/config/params.php., (*13)

Usage

This plugin provides behavior and configuration attaches it to user component on beforeLogin event. And then the behavior validates IPs and TOTP on every login., (*14)

To use this plugin you have to instantiate your \Yii->app->user->identity class from hiqdev\yii2\mfa\base\MfaIdentityInterface and implement all of the methods, which will return or set MFA properties. For example:, (*15)

use hiqdev\yii2\mfa\base\MfaIdentityInterface;

class Identity implements MfaIdentityInterface
{
    ...

    /**
     * @inheritDoc
     */
    public function getUsername(): string
    {
        return $this->username;
    }

    /**
     * @inheritDoc
     */
    public function getTotpSecret(): string
    {
        return $this->totp_secret ?? '';
    }

    ...

IPs and TOTP functions are independent and you can provide just one of properties to have only corresponding functionality., (*16)

Usage with OAuth2

Also there is a configuration to provide MFA for OAuth2., (*17)

  • Require suggested "bshaffer/oauth2-server-php": '~1.7' package, (*18)

  • Use hiqdev\yii2\mfa\GrantType\UserCredentials for configuring /oauth/token command via totp code. For example:, (*19)

    'modules' => [ 'oauth2' => [ 'grantTypes' => [ 'user_credentials' => [ 'class' => \hiqdev\yii2\mfa\GrantType\UserCredentials::class, ], ], ], ], (*20)

  • Extend you Identity class from ApiMfaIdentityInterface., (*21)

  • Use actions:, (*22)

    POST /mfa/totp/api-temporary-secret - Proviedes temporary secret to generate QR-code POST /mfa/totp/api-enable - Enables totp POST /mfa/totp/api-disable - Disables totp, (*23)

Back redirection

For any MFA route, you can add a GET param ?back=https://some.site.com. It will redirect the user after a successful operation to the needed site. To avoid open redirect vulnerability, you need to validate the back param., (*24)

It should be done with \hiqdev\yii2\mfa\validator\BackUrlValidatorInterface which has a default implementation. You have to create your own and reinitialize it with the container definition:, (*25)

config/web.php:, (*26)

'container' => [
   'singletons' => [
       \hiqdev\yii2\mfa\validator\BackUrlValidatorInterface::class => \your\own\validator::class,
    ],
],

License

This project is released under the terms of the BSD-3-Clause license. Read more here., (*27)

Copyright © 2016-2018, HiQDev (http://hiqdev.com/), (*28)

The Versions

19/03 2018

dev-master

9999999-dev https://github.com/hiqdev/yii2-mfa

Multi-factor authentication for Yii2 projects

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

authentication yii2 two-factor totp rfc6238 multi-factor

03/10 2017

0.1.0

0.1.0.0 https://github.com/hiqdev/yii2-mfa

Multi-factor authentication for Yii2 projects

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

authentication yii2 two-factor totp rfc6238 multi-factor

24/10 2016

0.0.1

0.0.1.0 https://github.com/hiqdev/yii2-mfa

Yii2 module providing multi-factor authentication

  Sources   Download

BSD-3-Clause

The Requires

 

The Development Requires

authentication yii2 two-factor totp rfc6238 multi-factor