PHPackages netgen/ibexa-2fa-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. netgen/ibexa-2fa-bundle ActiveIbexa-bundle[Authentication & Authorization](/categories/authentication) netgen/ibexa-2fa-bundle ======================= Netgen ibexa 2FA Bundle is an ibexa bundle that provides two-factor authentication for your ezplatform project 0.1.0-alpha4(2y ago)0985↓50%1MITPHPPHP ^8.1 Since Oct 24Pushed 2y agoCompare [ Source](https://github.com/netgen/ibexa-2fa-bundle)[ Packagist](https://packagist.org/packages/netgen/ibexa-2fa-bundle)[ Docs](https://github.com/netgen/NovaIbexa2FABundle)[ RSS](/packages/netgen-ibexa-2fa-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (8)Versions (9)Used By (0) Netgen Ibexa 2FA Bundle ======================= [](#netgen-ibexa-2fa-bundle) ### This bundle is in the alpha stage and is not recommended for production use. [](#this-bundle-is-in-the-alpha-stage-and-is-not-recommended-for-production-use) --- This repository is forked from Novactive/NovaeZ2FABundle and upgraded to work with Ibexa 4.x --- Netgen Ibexa 2FA Bundle provides two-factor authentication for your ibexa project. Installation ------------ [](#installation) ### Requirements [](#requirements) - Ibexa 4.x - PHP 8.1 ### Use Composer [](#use-composer) Add the lib to your composer.json, run `composer require netgen/ibexa2fabundle` to refresh dependencies. ### Register the bundle [](#register-the-bundle) Then inject the bundle in the `config\bundles.php` of your application. ``` return [ // ... Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true], Netgen\Bundle\Ibexa2FABundle\NetgenIbexa2FABundle::class => [ 'all'=> true ], ]; ``` ### Add routes [](#add-routes) Make sure you add this route to your routing: ``` # config/app/routes.yaml _netgen_ibexa2fa_routes: resource: '@NetgenIbexa2FABundle/Resources/config/routing.yaml' ``` ### Update Configuration [](#update-configuration) ``` # config/security.yaml security: ... firewalls: ... ibexa_front: pattern: ^/ user_checker: Ibexa\Core\MVC\Symfony\Security\UserChecker anonymous: ~ ibexa_rest_session: ~ form_login: require_previous_session: false csrf_token_generator: security.csrf.token_manager logout: ~ two_factor: auth_form_path: 2fa_login # The route name you have used in the routes.yaml check_path: 2fa_login_check # The route name you have used in the routes.yaml default_target_path: / # Where to redirect by default after successful authentication always_use_default_target_path: true # If it should always redirect to default_target_path ... access_control: - { path: ^/_fos_user_context_hash, role: PUBLIC_ACCESS } - { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/logout, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } - { path: 2fa_setup$, role: ROLE_USER } - { path: 2fa_reset$, role: ROLE_USER } - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } - { path: ^/admin/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } - { path: ^/_fos_user_context_hash, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } ``` ### Add new configuration [](#add-new-configuration) The values can be updated according to the project specification ``` # config/packages/scheb_two_factor.yaml scheb_two_factor: backup_codes: enabled: '%netgen_ibexa2fa.backup_codes.enabled%' # Reading the value from the nova_ez2fa.backup_codes.enabled value in parameters section manager: Netgen\Bundle\Ibexa2FABundle\Core\BackupCodeManager # This should either remain or be replaced with another one developed for that purpose google: enabled: true server_name: Local Ibexa Server # Server name used in QR code issuer: IbexaIssuer # Issuer name used in QR code digits: 6 # Number of digits in authentication code window: 1 # How many codes before/after the current one would be accepted as valid template: "@ibexadesign/2fa/auth.html.twig" # Template for the 2FA login page # TOTP Authenticator config totp: enabled: true # If TOTP authentication should be enabled, default false server_name: Server Name # Server name used in QR code issuer: TOTP Issuer # Issuer name used in QR code window: 1 # How many codes before/after the current one would be accepted as valid template: "@ibexadesign/2fa/auth.html.twig" # Template used to render the authentication form # Trusted device feature trusted_device: enabled: true # If the trusted device feature should be enabled # manager: acme.custom_trusted_device_manager # Use a custom trusted device manager lifetime: 259200 # Lifetime of the trusted device token, in seconds extend_lifetime: false # Automatically extend lifetime of the trusted cookie on re-login cookie_name: trusted_device # Name of the trusted device cookie cookie_secure: true # Set the 'Secure' (HTTPS Only) flag on the trusted device cookie cookie_same_site: "lax" # The same-site option of the cookie, can be "lax", "strict" or null # cookie_domain: "" # Domain to use when setting the cookie, fallback to the request domain if not set cookie_path: "/" # Path to use when setting the cookie email: enabled: true # If email authentication should be enabled, default false mailer: Netgen\Bundle\Ibexa2FABundle\Core\AuthCodeMailer # Use alternative service to send the authentication code code_generator: Netgen\Bundle\Ibexa2FABundle\Core\EmailCodeGenerator # Use alternative service to generate authentication code sender_email: me@example.com # Sender email address sender_name: John Doe # Sender name digits: 6 # Number of digits in authentication code template: "@ibexadesign/2fa/auth.html.twig" # Template used to render the authentication form # The security token classes, which trigger two-factor authentication. # By default the bundle only reacts to Symfony's username+password authentication. If you want to enable # two-factor authentication for other authentication methods, add their security token classes. # See the configuration reference at https://github.com/scheb/two-factor-bundle/blob/4.x/Resources/doc/configuration.md security_tokens: - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken # If you're using guard-based authentication, you have to use this one: # - Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken # If you're using authenticator-based security (introduced in Symfony 5.1), you have to use this one: # - Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken # Whether to use the backup codes or not should be specified here in parameters section, then used in scheb_two_factor.backup_codes # It's done this way in order to let the user customize if the backup codes should be generated or not parameters: nova_ez2fa.backup_codes.enabled: true ``` If email method is enabled then **MAILER\_DSN** env variable should be specified in the .env file For full **scheb\_two\_factor** reference visit the following resource: > **Note to keep in mind**: This bundle is Siteaccess aware so each Siteaccess can have different authentication method. ``` # config/packages/nova_ez2fa.yaml netgen_ibexa2fa: system: # Available mobile methods - google, totp, microsoft or null. # If microsoft is selected the totp mechanism is still used but the config is forced and static so Microsoft Authenticator app can be used. # Email method can also be enabled or disabled for each siteaccess # If 2fa_force_setup is true then the User must always set up 2FA upon authentication and reset function is off default: 2fa_mobile_method: google 2fa_email_method_enabled: true 2fa_force_setup: false site: 2fa_mobile_method: totp # if microsoft method set - the config is forced to: algorithm: sha1, period: 30, digits: 6 config: algorithm: sha1 #(md5, sha1, sha256, sha512) period: 30 digits: 6 2fa_email_method_enabled: true 2fa_force_setup: false parameters: netgen_ibexa2fa.backup_codes.enabled: true ``` ### Create the table in DB: [](#create-the-table-in-db) See the file `bundle/Resources/sql/schema.sql` ### Especial instructions for HTTP Cache [](#especial-instructions-for-http-cache) **Important!**: For the HTTP Cache system (e.g. Varnish or Fastly) the following logic should be implemented: ``` if (req.url ~ "^/2fa") { return (pass); } ``` and it should be added before the `call ez_user_context_hash` line. We need it in order to avoid triggering the X User Hash mechanism when /2fa request is sent, so the `/_fos_user_context_hash` request would not return 302 redirect response because of this bundle. ### Manually removing 2FA record for specific User: [](#manually-removing-2fa-record-for-specific-user) If some User needs its 2FA record in the database removed to be able to login without entering 2FA code run the following command `acx:users:remove-2fa` with specifying user's login: ``` php ezplatform/bin/console nova:2fa:remove-secret-key user_login ``` > **Note to keep in mind**: If you have the 2FA already set up for the user and you're going to reset it by following the corresponding link on the 2FA Setup page don't change the method for the current Siteaccess before that! Because in this case the secret key will be supposed to be removed for the new method not for the old one and hence the reset won't work! ### Health Score 25 — LowBetter than 37% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity19 Limited adoption so far Community11 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 69.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~31 days Total 4 Last Release 843d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/362286?v=4)[Edi Modrić](/maintainers/emodric)[@emodric](https://github.com/emodric) ![](https://avatars.githubusercontent.com/u/594589?v=4)[Netgen](/maintainers/netgen)[@netgen](https://github.com/netgen) --- Top Contributors [![maximstrukov](https://avatars.githubusercontent.com/u/15006962?v=4)](https://github.com/maximstrukov "maximstrukov (25 commits)")[![ludwig031](https://avatars.githubusercontent.com/u/30387773?v=4)](https://github.com/ludwig031 "ludwig031 (9 commits)")[![Plopix](https://avatars.githubusercontent.com/u/313532?v=4)](https://github.com/Plopix "Plopix (2 commits)") --- Tags Authenticationtwo-factorezpublishnovactiveezplatform ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/netgen-ibexa-2fa-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/netgen-ibexa-2fa-bundle/health.svg)](https://phpackages.com/packages/netgen-ibexa-2fa-bundle) ``` ### Alternatives [laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[scheb/2fa-google-authenticator Extends scheb/2fa-bundle with two-factor authentication using Google Authenticator 298.2M30](/packages/scheb-2fa-google-authenticator)[scheb/2fa-trusted-device Extends scheb/2fa-bundle with trusted devices support 355.1M16](/packages/scheb-2fa-trusted-device)[scheb/2fa-email Extends scheb/2fa-bundle with two-factor authentication via email 354.3M16](/packages/scheb-2fa-email)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[contao/core-bundle Contao Open Source CMS 1231.6M2.4k](/packages/contao-core-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)