PHPackages                             astrotomic/laravel-auth-recovery-codes - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. astrotomic/laravel-auth-recovery-codes

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

astrotomic/laravel-auth-recovery-codes
======================================

This package provides Laravel bindings and a Eloquent/Model trait for pragmarx/recovery package.

0.2.0(5y ago)824.9k2MITPHPPHP ^7.4 || ^8.0

Since Jul 31Pushed 4y ago1 watchersCompare

[ Source](https://github.com/Astrotomic/laravel-auth-recovery-codes)[ Packagist](https://packagist.org/packages/astrotomic/laravel-auth-recovery-codes)[ Docs](https://github.com/astrotomic/laravel-auth-recovery-codes)[ Fund](https://offset.earth/treeware)[ GitHub Sponsors](https://github.com/Gummibeer)[ RSS](/packages/astrotomic-laravel-auth-recovery-codes/feed)WikiDiscussions main Synced yesterday

READMEChangelog (3)Dependencies (7)Versions (4)Used By (0)

Laravel Auth Recovery-Codes
===========================

[](#laravel-auth-recovery-codes)

[![Latest Version](https://camo.githubusercontent.com/b2229547d38902c04088fa3629485c635af025add35e70d864dcc6ac8f718e8d/687474703a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f617374726f746f6d69632f6c61726176656c2d617574682d7265636f766572792d636f6465732e7376673f6c6162656c3d52656c65617365267374796c653d666f722d7468652d6261646765)](https://packagist.org/packages/astrotomic/laravel-auth-recovery-codes)[![MIT License](https://camo.githubusercontent.com/e4c385d3ba1b2438f70d6d469449cd388533ce62ea20bb702bad63761c24b2fa/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f417374726f746f6d69632f6c61726176656c2d617574682d7265636f766572792d636f6465732e7376673f6c6162656c3d4c6963656e736526636f6c6f723d626c7565267374796c653d666f722d7468652d6261646765)](https://github.com/Astrotomic/laravel-auth-recovery-codes/blob/master/LICENSE)[![Offset Earth](https://camo.githubusercontent.com/d204555ebe1fb0ae82d10c97b4f4ffc2dfdd2ba1489f98be7f7e8708333a0466/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f54726565776172652d2546302539462538432542332d677265656e3f7374796c653d666f722d7468652d6261646765)](https://plant.treeware.earth/Astrotomic/laravel-auth-recovery-codes)[![Larabelles](https://camo.githubusercontent.com/a2c8d5126ddd8c5ddc627176d1d2e0568f8399b50038e71fd7f774c3e24dbe4b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726162656c6c65732d2546302539462541362538342d6c6967687470696e6b3f7374796c653d666f722d7468652d6261646765)](https://www.larabelles.com/)

[![GitHub Workflow Status](https://camo.githubusercontent.com/e703fa1b627d62a93d033d69cb923ca8bec741424b0c19369ee9ca4d8b5311ce/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f417374726f746f6d69632f6c61726176656c2d617574682d7265636f766572792d636f6465732f72756e2d74657374733f7374796c653d666c61742d737175617265266c6f676f436f6c6f723d7768697465266c6f676f3d676974687562266c6162656c3d5465737473)](https://github.com/Astrotomic/laravel-auth-recovery-codes/actions?query=workflow%3Arun-tests)[![StyleCI](https://camo.githubusercontent.com/5c8d7301b6e72cd6f2cbaa7a24fbd9d760abfcfafd660bb55c96fc885b043f51/68747470733a2f2f7374796c6563692e696f2f7265706f732f3238343030383333312f736869656c64)](https://styleci.io/repos/284008331)[![Total Downloads](https://camo.githubusercontent.com/52d29b20423e43d0f7667ec107f8ef91ec2bc43ace0fb6ce200cb789c5d76a19/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f617374726f746f6d69632f6c61726176656c2d617574682d7265636f766572792d636f6465732e7376673f6c6162656c3d446f776e6c6f616473267374796c653d666c61742d737175617265)](https://packagist.org/packages/astrotomic/laravel-auth-recovery-codes)

This package provides Laravel bindings and a Eloquent/Model trait for [pragmarx/recovery](https://github.com/antonioribeiro/recovery) package. It allows you to easily handle recovery codes, needed for 2FA setups and only care about the app logic.

Installation
------------

[](#installation)

You can install the package via composer:

```
composer require astrotomic/laravel-auth-recovery-codes
```

And publish the config via artisan:

```
php artisan vendor:publish --provider="Astrotomic\AuthRecoveryCodes\AuthRecoveryCodesServiceProvider" --tag=config
```

Usage
-----

[](#usage)

### Model

[](#model)

You will have to add the `Recoverable` trait to your model you want to have recovery codes and should add a `json` or `array` cast to the attribute holding the recovery codes.

```
use Illuminate\Database\Eloquent\Model;
use Astrotomic\AuthRecoveryCodes\Recoverable;

class User extends Model
{
    use Recoverable;

    protected $casts = [
        'recovery_codes' => 'array',
    ];
}
```

By default the trait uses a `recovery_codes` attribute/column - you can change this by setting `$recoveryCodesName` property:

```
class User extends Model
{
    use Recoverable;

    protected string $recoveryCodesName = 'mfa_recovery_codes';

    protected $casts = [
        'mfa_recovery_codes' => 'array',
    ];
}
```

To set the new recovery codes to your model you should use the `setRecoveryCodes()` method because this method automatically hashes the recovery codes, if not already hashed. This step is important for security because with this step only the user has access to the recovery codes and no one else. The following snippet is an example of a possible controller action

- generating the codes
- setting and saving the codes on the user model
- responding with the codes to the user (the one and only time anyone can get/read the plaintext recovery codes)

```
$codes = User::generateRecoveryCodes();

$user->setRecoveryCodes($codes)->save();

return response()->json($codes);
```

If you want to use the default model attribute without the need to use `setRecoveryCodes()` method you should add your own accessor and mutator, keep in mind to call the `Recoverable::hashRecoveryCodes()` method on set and that you have to do the JSON casting by your own.

### Migration

[](#migration)

After setting up your model you will have to add the new column to your database table, there aren't much requirements - the `json` column type would only help to prevent invalid content, but the recovery codes JSON isn't really queryable (only an array of hashes), but the column should be `nullable` if you don't setup recovery codes on user create/register.

```