[OUTDATED] Two-factor authentication for Symfony applications 🔐 (bunde version ≤ 4). Please use version 5 from https://github.com/scheb/2fa.

Overview

scheb/two-factor-bundle

Outdated version. Please use versions ≥ 5 from scheb/2fa.


This bundle provides two-factor authentication for your Symfony application.

Build Status Scrutinizer Code Quality Code Coverage Latest Stable Version Monthly Downloads Total Downloads License

Logo


It comes with the following two-factor authentication methods:

Additional features you will like:

  • Interface for custom two-factor authentication methods
  • Trusted IPs
  • Trusted devices (once passed, no more two-factor authentication on that device)
  • Single-use backup codes for when you don't have access to the second factor device
  • Multi-factor authentication (more than 2 steps)
  • CSRF protection
  • Whitelisted routes (accessible during two-factor authentication)

Installation

composer require scheb/two-factor-bundle

... and follow the installation instructions.

Documentation

Detailed documentation of all features can be found in the Resources/doc directory.

Version Guidance

If you have Symfony ≥ 4.4 and start using the bundle, please use bundle version 5, which is available as scheb/2fa-bundle from the scheb/2fa repository.

Version Status Symfony Version
1.x EOL >= 2.1, < 2.7
2.x EOL ^2.6, ^3.0, ^4.0
3.x EOL 3.4, ^4.0, ^5.0
4.x Security fixes until Nov 2021 3.4, ^4.0, ^5.0
5.x New features + Bug fixes 4.4, ^5.0

License

This bundle is available under the MIT license.

Security

For information about the security policy and know security issues, see SECURITY.md.

Contributing

Want to contribute to this project? See CONTRIBUTING.md.

Support Me

I'm developing this library since 2014. I love to hear from people using it, giving me the motivation to keep working on my open source projects.

If you want to let me know you're finding it useful, please consider giving it a star on GitHub.

If you love my work and want to say thank you, you can help me out for a beer 🍻️ via PayPal.

Comments
  • Integrate Two-Factor Authentication Into Security Layer

    Integrate Two-Factor Authentication Into Security Layer

    Excerpt from the documentation:

    Limitations

    After the initial login happened, the user is already fully authenticated to the Symfony security layer. The bundle then prevents access to secured and non-secured content by intercepting any request and showing the two-factor authentication form instead.

    If you execute code based on the authentication status, make sure to take the two-factor status into account. This can be done by checking access with isGranted (security voter has to be registered, see configuration).

    Warning: Just doing a getUser on security.token_storage (or the old security.context) is not secure. You will get a user object even when two-factor authentication is not complete yet.

    Overall, the current implementation causes some issues, which cannot really be solved, as long as two-factor authentication doesn't become part of the actual security layer.

    • #13 Two-factor authentication cannot be configured per firewall,
    • #60 & #62 Issues caused by the voter, which is there to prevent execution of code. This is necessary because in the current implementation the user already has all priviledges after login, even when two-factor authentication is not completed yet.
    • #70 & #71 - The bundle relies on intercepting the first kernel.request event, which causes problems in ESI environments,
    • #36 Two-factor authentication form doesn't have it's own route. Instead it is shown as a replacement for the actual content, which causes problems when the current route doesn't accept POST requests.
    BC break Help wanted 
    opened by scheb 36
  • Voter causes an infinite redirect for non-UsernamePasswordToken tokens

    Voter causes an infinite redirect for non-UsernamePasswordToken tokens

    If you configure a project with RememberMeToken then when user is re-authenticated using the RememberMe cookie - voter's return VoterInterface::ACCESS_DENIED; turn the authentication process into an infinite loop.

    It happens because:

    1. RememberMe listener authenticates a user
    2. On voter returns ACCESS_DENIED
    3. Symfony's Symfony\Component\Security\Http\Firewall\ExceptionListener exception handler checks the user is not fully authenticated and performs a redirect (through Symfony\Component\Security\Http\EntryPoint\FormAuthenticationEntryPoint::start()
    4. Go to step 2

    Temporary solution: disable Voter

    Permanent solution: the Voter implementation (and presence at all) should be reconsidered.

    opened by zerkms 32
  •   Unrecognized option

    Unrecognized option "two_factor" under "security.firewalls.main"

    I am getting this error when trying to use this library in symfony 3.4 and the library version is 2.14

    here is the code //security.yml

    security:

    providers:
        in_memory:
            memory: ~
    
    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
    
        main:
            anonymous: ~
            # activate different ways to authenticate
    
            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
            #http_basic: ~
    
            # https://symfony.com/doc/current/security/form_login_setup.html
            #form_login: ~
            two_factor:
                auth_form_path: 2fa_login    # The route name you have used in the routes.yaml
                check_path: 2fa_login_check  # The route name you have used in the routes.yaml
    
                
    access_control:
        - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
    

    and i just add the this code in AppKernel.php // AppKernal.php new Scheb\TwoFactorBundle\SchebTwoFactorBundle(),

    opened by shoaibhassan 30
  • Login doesnt redirect to 2fa, but everything else works

    Login doesnt redirect to 2fa, but everything else works

    Bundle version: 4.0.14 Symfony version: 3.4.35

    I installed everyhing and setup email support and when i login it redirects back to my apps home page. The token is set for your bundle and the user is partially logged in (it shows username in the dev bar). I cant get to any secure part of the site. If I visit mysite.com/2fa it will show me the 2fa and i can use it and it all works.

    So the only issue is that while logging in it redirects to the wrong place:

        secured_area:
            two_factor:
                auth_form_path: 2fa_login    # The route name you have used in the routes.yaml
                check_path: 2fa_login_check  # The route name you have used in the routes.yaml
            pattern:    ^/
            form_login: ~
            logout: true
            anonymous: ~
            logout_on_user_change: true
            user_checker: adminbundle.userchecker
    

    i am using the default routes you provide.

    Support 
    opened by mike240se 24
  • Preparation step not triggered

    Preparation step not triggered

    Bundle version: 4.x Symfony version: any

    Description When the login redirects directly to the 2fa form, the provider method prepareAuthentication() and event TwoFactorAuthenticationEvents::REQUIRE are never triggered. This is only executed when the bundle force-redirects to the 2fa form.

    For the email provider this means, an authentication code is not generated and no email is sent.

    Workaround On login, redirect to a page that requires a fully authenticated user.

    If you don't need lazy prepartion of the two-factor providers you can also use the 3.x version of the bundle.

    Bug 
    opened by scheb 21
  • Optimize RequestListener

    Optimize RequestListener

    Looks like RequestListener adds some latency, and not onCoreRequest as you'd expect, but just fetching the service from container can add ~25ms to each request.

    I tried to track down the dependency graph and it goes like this: scheb_two_factor.security.request_listener -> scheb_two_factor.trusted_filter -> scheb_two_factor.provider_registry -> scheb_two_factor.security.google.provider -> scheb_two_factor.security.google.backup_code_validator -> scheb_two_factor.backup_code_validator -> scheb_two_factor.persister.doctrine.

    If using lazy services and check FlagManager.isNotAuthenticated() earlier this can be optimized.

    I know FlagManager does not know about providers, but maybe it can be tweaked to pull a minimal set of dependencies if FlagManager.isNotAuthenticated() is false.

    opened by umpirsky 20
  • Support Google Authenticator digit lengths != 6

    Support Google Authenticator digit lengths != 6

    The default number of digits for Google Authenticator is 6. The service scheb_two_factor.security.google takes number of digits as the first parameter in two_factor_provider_google.xml. The default is 6. Now if one wants to use more than 6 digits, one has to jump through the following hoops:

    • Override scheb_two_factor.security.google to set the first constructor parameter to != 6
    • Use this patch: https://github.com/sonata-project/GoogleAuthenticator/pull/103
    • Modify Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticator::getQRContent() to append the digits parameter (according to https://github.com/google/google-authenticator/wiki/Key-Uri-Format, keep in mind the "not yet implemented" comment is incorrect, Google Authenticator supports the digits parameter nowadays)

    Example:

    public function getQRContent(TwoFactorInterface $user): string
    {
        return parent::getQRContent($user) . '&digits=' . $this->passCodeLength;
    }
    

    It would be nice if this could be a configuration setting. What do you think?

    opened by lstrojny 19
  • 2fa form is not being shown

    2fa form is not being shown

    Bundle version: 4.18.4 Symfony version: 3.4.49 PHP version: 3.4.0

    Description

    After login in with username and password I expect to see the 2fa default form. What I get is a user logged in and the url bar showing "my_ domain/login". The page I'm seeing has the main layout so I expeted to get "my_ domain/" in the url bar. I can see the user menu and I can logout.

    I checked the troubleshooting guide and it got me here after verifying that I have a TwoFactorToken after the login but answering "no" to the second question.

    Additional Context

    security:
        # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
        providers:
            users_in_memory: { memory: null }
        firewalls:
            dev:
                pattern: ^/(_(profiler|wdt)|css|images|js)/
                security: false
            main:
                pattern: ^/
                provider: users_in_memory
                two_factor:
                    auth_form_path: 2fa_login   
                    check_path: 2fa_login_check 
    
                # activate different ways to authenticate
                # https://symfony.com/doc/current/security.html#firewalls-authentication
    
                # https://symfony.com/doc/current/security/impersonating_user.html
                # switch_user: true
    
        # Easy way to control access for large sections of your site
        # Note: Only the *first* access control that matches will be used
        access_control:
            # - { path: ^/admin, roles: ROLE_ADMIN }
            # - { path: ^/profile, roles: ROLE_USER }
    
            # This makes the logout route accessible during two-factor authentication. Allows the user to
            # cancel two-factor authentication, if they need to.
            - { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY }
            # This ensures that the form can only be accessed when two-factor authentication is in progress.
            - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
    

    I dumped the $token and $user objects after login. ROLE_ADMIN is lost after login.

    TwoFactorToken {#485 ▼
      -authenticatedToken: UsernamePasswordToken {#520 ▼
        -credentials: "*******"
        -providerKey: "main"
        -user: Users {#523 ▼
          #id: 2
          #name: null
          #lastname: null
          #channelbrandIsolation: false
          #userschannelbrand: PersistentCollection {#550 ▶}
          -googleAuthenticatorSecret: "FBMNU3YOZMUS3VTH5DULOMKAATRAC7M5O4OJ2P5BR6OW4QYP4HMA"
          #username: "*******"
          #usernameCanonical: "********"
          #email: "*************@gmail.com"
          #emailCanonical: "************@gmail.com"
          #enabled: true
          #salt: null
          #password: *******************************************************************"
          #plainPassword: null
          #lastLogin: DateTime @1623091323 {#521 ▶}
          #confirmationToken: null
          #passwordRequestedAt: null
          #groups: ArrayCollection {#517 ▶}
          #roles: array:1 [▼
            0 => "ROLE_ADMIN"
          ]
        }
        -roles: array:2 [▶]
        -authenticated: true
        -attributes: []
      }
      -credentials: null
      -providerKey: "main"
      -attributes: []
      -twoFactorProviders: array:1 [▶]
    }
    
    Users {#523 ▼
      #id: 2
      #name: null
      #lastname: null
      #channelbrandIsolation: false
      #userschannelbrand: PersistentCollection {#550 ▶}
      -googleAuthenticatorSecret: "FBMNU3YOZMUS3VTH5DULOMKAATRAC7M5O4OJ2P5BR6OW4QYP4HMA"
      #username: "miguel"
      #usernameCanonical: "******"
      #email: "********@gmail.com"
      #emailCanonical: "*********@gmail.com"
      #enabled: true
      #salt: null
      #password: "*****************************************************"
      #plainPassword: null
      #lastLogin: DateTime @1623091323 {#521 ▶}
      #confirmationToken: null
      #passwordRequestedAt: null
      #groups: ArrayCollection {#517 ▶}
      #roles: array:1 [▼
        0 => "ROLE_ADMIN"
      ]
    }
    

    My routing.yml has:

    2fa_login:
        path: /2fa
        defaults:
            # "scheb_two_factor.form_controller" references the controller service provided by the bundle.
            # You don't HAVE to use it, but - except you have very special requirements - it is recommended.
            _controller: "scheb_two_factor.form_controller:form"
    

    In my config.yml:

    scheb_two_factor:
        google:
            enabled: true
            server_name: ddd               # Server name used in QR code
            issuer: ddd              # Issuer name used in QR code
            digits: 6                      # Number of digits in authentication code
            window: 1                      # How many codes before/after the current one would be accepted as valid
        security_tokens:
            - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
            - Acme\AuthenticationBundle\Token\CustomAuthenticationToken
    
    Support 
    opened by miguelmsoler 16
  • Two-factor authentication form is not shown after login

    Two-factor authentication form is not shown after login

    Bundle version: 4.16.0 and also tried downgrading to 3.29.0 Symfony version: 4.3.3

    Description

    Followed Troubleshooting guide and reached at step 5 which returns email as one value in array.

    config\packages\security.yaml

    security:
        # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
        encoders:
            FOS\UserBundle\Model\UserInterface: bcrypt
    
        role_hierarchy:
            ROLE_ADMIN:       ROLE_USER
            ROLE_SUPER_ADMIN: ROLE_ADMIN
    
        providers:
    #        in_memory: { memory: ~ }
            fos_userbundle:
                id: fos_user.user_provider.username
        firewalls:
            dev:
                pattern: ^/(_(profiler|wdt)|css|images|js)/
                security: false
            main:
                provider: fos_userbundle
                pattern: ^/
                user_checker: fos_user.user_checker
                form_login:
                    provider: fos_userbundle
                    csrf_token_generator: security.csrf.token_manager
                logout:
                    handlers: [app_logoutlistener]
                anonymous:    true
                access_denied_handler: App\Security\AccessDeniedHandler
                two_factor:
                    provider: fos_userbundle
                    auth_form_path: /2fa                  # Path or route name of the two-factor form
                    check_path: /2fa_check                # Path or route name of the two-factor code check
                    #post_only: false                      # If the check_path should accept the code only as a POST request
                    default_target_path: /                # Where to redirect by default after successful authentication
                    always_use_default_target_path: false # If it should always redirect to default_target_path
                    auth_code_parameter_name: _auth_code  # Name of the parameter for the two-factor authentication code
                    trusted_parameter_name: _trusted      # Name of the parameter for the trusted device option
                    multi_factor: false                   # If ALL active two-factor methods need to be fulfilled
                                                          # (multi-factor authentication)
    
                # activate different ways to authenticate
    
                # http_basic: true
                # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
    
                # form_login: true
                # https://symfony.com/doc/current/security/form_login_setup.html
    
        # Easy way to control access for large sections of your site
        # Note: Only the *first* access control that matches will be used
        access_control:
            - { path: ^/api/mobile/, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/api/backend/, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/application$, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/notification/add, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/user/enroll, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
            - { path: ^/, role: ROLE_USER }
            # - { path: ^/admin, roles: ROLE_ADMIN }
            # - { path: ^/profile, roles: ROLE_USER }
    

    config\routes.yaml

    filter_sidebar:
        path: /filter_sidebar
        controller: Symfony\Bundle\FrameworkBundle\Controller\TemplateController
        defaults:
            # the path of the template to render
            template:  'filter_sidebar.html.twig'
    
    fos_user:
        resource: "@FOSUserBundle/Resources/config/routing/all.xml"
    
    css_route:
           path: /agenda_dynamic_style
           controller: App\Controller\StyleController::style
    
    2fa_login:
        path: /2fa
        defaults:
            # "scheb_two_factor.form_controller" references the controller service provided by the bundle.
            # You don't HAVE to use it, but - except you have very special requirements - it is recommended.
            _controller: "scheb_two_factor.form_controller:form"
    
    2fa_login_check:
        path: /2fa_check
    

    config\packages\scheb_two_factor.yaml

    scheb_two_factor:
        security_tokens:
            - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
            # If you're using guard-based authentication, you have to use this one:
            # - Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken
        
        email:
            enabled: true                  # If email authentication should be enabled, default false
            #mailer: app.custom_mailer_service  # Use alternative service to send the authentication code
            #code_generator: app.custom_code_generator_service  # Use alternative service to generate authentication code
            sender_email: "%env(resolve:MAILER_USER)%"   # Sender email address
            sender_name: "%env(resolve:MAILER_USER)%"       # Sender name
            digits: 6                      # Number of digits in authentication code
            template: security/2fa_form.html.twig   # Template used to render the authentication form
        
        trusted_device:
            enabled: false                 # If the trusted device feature should be enabled
            #manager: acme.custom_trusted_device_manager  # Use a custom trusted device manager
            lifetime: 5184000              # Lifetime of the trusted device token
            extend_lifetime: false         # Automatically extend lifetime of the trusted cookie on re-login
            cookie_name: trusted_device    # Name of the trusted device cookie
            cookie_secure: false           # Set the 'Secure' (HTTPS Only) flag on the trusted device cookie
            cookie_same_site: "lax"        # The same-site option of the cookie, can be "lax", "strict" or null
            cookie_domain: ".example.com"  # Domain to use when setting the cookie, fallback to the request domain if not set
            cookie_path: "/"               # Path to use when setting the cookie
        
        backup_codes:
            enabled: false                 # If the backup code feature should be enabled
            #manager: acme.custom_backup_code_manager  # Use a custom backup code manager
    
        # The service which is used to persist data in the user object. By default Doctrine is used. If your entity is
        # managed by something else (e.g. an API), you have to implement a custom persister
        #persister: acme.custom_persister
    
        # If your Doctrine user object is managed by a model manager, which is not the default one, you have to
        # set this option. Name of entity manager or null, which uses the default one.
        model_manager_name: ~
    
        # A list of IP addresses or netmasks, which will not trigger two-factor authentication.
        # Supports IPv4, IPv6 and IP subnet masks.
        ip_whitelist:
            #- 127.0.0.1 # One IPv4
            #- 192.168.0.0/16 # IPv4 subnet
            #- 2001:0db8:85a3:0000:0000:8a2e:0370:7334 # One IPv6
            #- 2001:db8:abcd:0012::0/64 # IPv6 subnet
    
        # If you want to have your own implementation to retrieve the whitelisted IPs.
        # The configuration option "ip_whitelist" becomes meaningless in such a case.
        #ip_whitelist_provider: acme.custom_ip_whitelist_provider
    
        # If you want to exchange/extend the TwoFactorToken class, which is used by the bundle, you can have a factory
        # service providing your own implementation.
        #two_factor_token_factory: acme.custom_two_factor_token_factory
    
    

    src\Entity\User.php

    <?php
    
    namespace App\Entity;
    
    use Doctrine\Common\Collections\ArrayCollection;
    use Doctrine\Common\Collections\Collection;
    use Doctrine\ORM\Mapping as ORM;
    use Symfony\Component\Validator\Constraints as Assert;
    use Doctrine\ORM\Mapping\AttributeOverrides;
    use Doctrine\ORM\Mapping\AttributeOverride;
    use FOS\UserBundle\Model\User as BaseUser;
    ...
    use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;
    
    class User extends BaseUser implements TwoFactorInterface
    {
         /**
         * @ORM\Column(type="integer", nullable=true)
         */
        private $authCode;
    
    ...
        public function isEmailAuthEnabled(): bool
        {
            return true; // This can be a persisted field to switch email code authentication on/off
        }
    
        public function getEmailAuthRecipient(): string
        {
            return $this->email;
        }
    
        public function getEmailAuthCode(): string
        {
            return $this->authCode;
        }
    
        public function setEmailAuthCode(string $authCode): void
        {
            $this->authCode = $authCode;
        }
    

    Additional Context

    Using FOSUserBundle for authentication. Using Doctrine2 behavioral extension for soft-delete (just for the info, because another extension, audit logger extension, I once used had event subscriber priority related issue, could that be the case?).

    Support 
    opened by hardiksinh 16
  • Never ending redirect after update to 4.7.0

    Never ending redirect after update to 4.7.0

    Bundle version: 4.7.0 Symfony version: 4.3.4

    Description After updating from 4.6.0 to 4.7.0 I get never ending redirects after submitting the verify code. Any idea what it could be?

    Bug 
    opened by bytehead 16
  • Integrating with Symfony 4 and FOSUserBundle

    Integrating with Symfony 4 and FOSUserBundle

    Hey there Scheb, after a few days I decided I should make an issue here to ask for some clarifications. I consider the steps for the integration of your package to not be so clear when it comes to Symfony 4.

    What I have done so far:

    1. Added the appropriate variables to my User entity (with getters and setters).
    2. Used Symfony Flex for the scheb_two_factor configuration files.
    3. Since I want to use google authenticator (I did setup google in my configuration file 'enabled: true').
    4. Went to my security file and added the path ^/2fa;

    Now... I have already updated my user registration process in order for them to have a secret key generated and I also generated the QR codes in the backend (even though I am going to use React as a frontend engine).

    What I am missing is this:

    1. How do I use your twig template in a controller?
    2. How do I get to check the code the user gets from google authenticator?

    When I go to localhost:8000/2fa I get the following error: "A Token was not found in the TokenStorage".

    I am kind of a newbie to Symfony and backend overall and I am either missing steps or the documentation is not very beginner friendly. I intend to make a tutorial for beginners once I get it up and running with React (since there are no tutorials regarding this).

    Thank you for your time (I would also love to talk with you in private chat if you want to).

    opened by AmbushIV 15
Releases(v4.18.4)
  • v4.18.4(Oct 30, 2020)

  • v4.18.3(Sep 21, 2020)

  • v4.18.2(Aug 13, 2020)

  • v4.18.1(Aug 3, 2020)

    The main branch was changed to 4.x.

    Besides that, some minor fixes and optimizations worth mentioning:

    • Provide license in export 6aadc7e
    • PHP version constraint >=7.1.3 to allow PHP8 0f91a18
    Source code(tar.gz)
    Source code(zip)
  • v4.18.0(Jun 3, 2020)

  • v4.17.0(Jun 1, 2020)

    • Added support for the PUBLIC_ACCESS attribute, which was introduced in Symfony 5.1 to replace IS_AUTHENTICATED_ANONYMOUSLY, thanks to @wouterj
    • Added a method to easily re-send the email with the authentication code https://github.com/scheb/two-factor-bundle/commit/85f25ad1839aab559c750dda4734b1bad245e796
    Source code(tar.gz)
    Source code(zip)
  • v4.16.0(May 8, 2020)

    • Add option post_only to allow only POST requests to check_path (default false)
    • Code optimizations from Psalm https://github.com/scheb/two-factor-bundle/commit/d85ddf71ab35acdd23a3b39efc82ce4a905756b5
    • Add leading \ before function invocation to speed up resolving https://github.com/scheb/two-factor-bundle/commit/134b247b5b195a4046ade60e68493b143f32b041
    Source code(tar.gz)
    Source code(zip)
  • v4.15.0(Apr 29, 2020)

  • v4.14.0(Feb 15, 2020)

    • Use of NullLogger when no logger is set #268, thanks to @Spomky
    • Use null coalescing operator instead of ternary if #269, thanks to @jdreesen
    Source code(tar.gz)
    Source code(zip)
  • v3.29.0(Feb 15, 2020)

  • v4.13.0(Feb 2, 2020)

    • Add attributes to 2fa input field for better user experience #262, thanks to @Seldaek
    • Missing TotpConfigurationInterface in the documentation #267, thanks to @cbastienbaron
    • Ensure session is saved and closed when preparation is executed, fixes #257
    • Add .gitattributes with export-ignore, thanks to @Spomky
    Source code(tar.gz)
    Source code(zip)
  • v3.28.0(Feb 2, 2020)

    • Add attributes to 2fa input field for better user experience #262, thanks to @Seldaek
    • Add .gitattributes with export-ignore, thanks to @Spomky
    Source code(tar.gz)
    Source code(zip)
  • v4.12.0(Jan 12, 2020)

  • v3.27.0(Jan 12, 2020)

  • v4.11.1(Dec 19, 2019)

  • v3.26.1(Dec 19, 2019)

  • v4.11.0(Dec 8, 2019)

    Security update

    • Fix bypassing two-factor authentication when the login form has a remember-me option #253
    • Suppress security.authentication.success event when two-factor authentication is required
    Source code(tar.gz)
    Source code(zip)
  • v3.26.0(Dec 8, 2019)

    Security update

    • Fix bypassing two-factor authentication when the login form has an remember-me option #253
    • Suppress security.authentication.success event when two-factor authentication is required
    Source code(tar.gz)
    Source code(zip)
  • v4.10.0(Nov 24, 2019)

  • v4.9.0(Nov 20, 2019)

    This release is compatible with Symfony5

    • Symfony5 compatibility changes
    • Fix FC/BC layer for EventDispatcher, thanks to @maxhelias
    • DI removeAlias takes a string, thanks to @maxhelias
    • Add autofocus to the authentication form, thanks to @pavlakis
    • Update TotpAuthenticator to let Base32 handle the padding, thanks to @CoalaJoe
    Source code(tar.gz)
    Source code(zip)
  • v3.25.0(Nov 20, 2019)

    This release is compatible with Symfony5

    • Symfony5 compatibility changes
    • Fix FC/BC layer for EventDispatcher, thanks to @maxhelias
    • DI removeAlias takes a string, thanks to @maxhelias
    • Add autofocus to the authentication form, thanks to @pavlakis
    Source code(tar.gz)
    Source code(zip)
  • v4.8.0(Nov 7, 2019)

  • v3.24.0(Nov 7, 2019)

  • v4.7.1(Sep 2, 2019)

  • v4.7.0(Aug 24, 2019)

    • Fix: Validation code re-generated and sent each time you try to go on another location will validating 2FA #223
    • Fix: Preparation step not triggered #212

    The bundle now remembers perpared two-factor providers in the session. Per default, preparation is only executed when the two-factor form is shown. New firewall configuration options prepare_on_login and prepare_on_access_denied have been introduced to influence additional events when the preparation is executed.

    Thanks to @soullivaneuh for proposing the initial solution which did the groundwork for this release.

    Source code(tar.gz)
    Source code(zip)
  • v4.6.0(Aug 22, 2019)

    • Fix deprecated listener for Symfony < 4.3 #225 closed via #231, thanks to @maxhelias
    • Fix logout route not matched when a base path is used #234
    Source code(tar.gz)
    Source code(zip)
  • v3.23.0(Aug 22, 2019)

    • Fix deprecated listener for Symfony < 4.3 #225 closed via #231, thanks to @maxhelias
    • Fix logout route not matched when a base path is used #234
    Source code(tar.gz)
    Source code(zip)
  • v4.5.0(Aug 7, 2019)

    • Provide auto-wiring for CodeGeneratorInterface #228
    • Change order of EventDispatcher::dispatch arguments in Symfony >= 4.3 to avoid deprecation notices #225, thanks to @maxhelias
    Source code(tar.gz)
    Source code(zip)
  • v3.22.0(Aug 7, 2019)

    • Provide auto-wiring for CodeGeneratorInterface #228
    • Change order of EventDispatcher::dispatch arguments in Symfony >= 4.3 to avoid deprecation notices #225, thanks to @maxhelias
    Source code(tar.gz)
    Source code(zip)
  • v4.4.0(Jul 12, 2019)

Owner
Christian Scheb
Building internet stuff since 2000 🧑‍💻🌐. Nowadays, mostly helping other devs to do their best work. Beer enthusiast and homebrewer 🍺
Christian Scheb
Laravel Sail plugin to enable SSL (HTTPS) connection with Nginx.

Laravel Sail plugin to enable SSL (HTTPS) connection with Nginx.

Ryo Kobayashi 51 Dec 19, 2022
Github Action which checks Security issues scanning package manager files

security-checker-action This action checks your composer.lock for known vulnerabilities in your package dependencies. Inputs lock optional The path to

Druid 0 May 5, 2022
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

[sCRiPTz-TEAM] 3 Dec 31, 2021
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
Honeypot spam prevention for Laravel applications

Honeypot spam prevention for Laravel applications How does it work? "Honeypot" method of spam prevention is a simple and effective way to defer some o

Maksim Surguy 420 Jan 1, 2023
SyCaptchaBundle is a form protection bundle made for Symfony, including a set of CAPTCHA challenges that should stop any malicious requests from submitting your forms.

SyCaptchaBundle is a form protection bundle made for Symfony, including a set of CAPTCHA challenges that should stop any malicious requests from submitting your forms.

Matt 1 Oct 4, 2022
PHP frontend for security.symfony.com

SensioLabs Security Checker WARNING: Don't use this piece of software anymore as the underlying web service will stop working at the end of January 20

SensioLabs 2k Dec 25, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Jan 6, 2023
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
A modern, portable, easy to use crypto library.

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, i

Frank Denis 10.7k Jan 1, 2023
A PHP library for counting short DNA sequences for use in Bioinformatics

Helix A PHP library for counting short DNA sequences for use in Bioinformatics. Helix consists of tools for data extraction as well as an ultra-low me

Andrew DalPino 2 Jan 25, 2022
Javascript code scanner to use with gettext/gettext

Javascript code scanner to use with gettext/gettext

Gettext 4 Feb 14, 2022
Rinvex Authy is a simple wrapper for @Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest API for developers and a strong authentication platform for the enterprise.

Rinvex Authy Rinvex Authy is a simple wrapper for Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest AP

Rinvex 34 Feb 14, 2022
PHP library for Two Factor Authentication (TFA / 2FA)

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Rob Janssen 896 Dec 30, 2022
Redirects any user which hasn't setup two factor authentication yet to /2fa/

force-two-factor Redirects any user which hasn't setup two factor authentication yet to /2fa/. Use together with the forked two-factor plugin at https

Aiwos 0 Dec 24, 2021
PHP library for Two Factor Authentication (TFA / 2FA)

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Rob Janssen 896 Dec 30, 2022
A simple two factor authentication for laravel applications

Laravel 2fa A simple two factor authentication for laravel applications. Installation Require via composer Update database Replace authentication trai

Rezkonline 1 Feb 9, 2022
API stubs for developing a plugin that provides a 2FA authentication factor in JobRouter®.

Authentication Factor API JobRouter® is a scalable digitisation platform which links processes, data and documents. Starting with JobRouter® 5.2, a se

JobRouter 4 Nov 4, 2021
Vendor-Agnostic Two-Factor Authentication

Multi-Factor Designed to be a vendor-agnostic implementation of various Two-Factor Authentication solutions. Developed by Paragon Initiative Enterpris

Paragon Initiative Enterprises 139 Dec 21, 2022
Two Factor Authentication for Magento 2

Important notice This module has officially moved to the Magento2 github repo as part of Magento2 itself. Please check here: https://github.com/magent

MageSpecialist 45 Nov 28, 2022