PHPackages yeebase/twofactorauthentication - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. yeebase/twofactorauthentication ActiveNeos-package yeebase/twofactorauthentication =============================== Two-Factor-Authentication (2FA) for Neos Flow 3.0.0(6y ago)718.7k4[1 PRs](https://github.com/yeebase/Yeebase.TwoFactorAuthentication/pulls)MITPHP Since Nov 28Pushed 4y ago3 watchersCompare [ Source](https://github.com/yeebase/Yeebase.TwoFactorAuthentication)[ Packagist](https://packagist.org/packages/yeebase/twofactorauthentication)[ RSS](/packages/yeebase-twofactorauthentication/feed)WikiDiscussions master Synced 2mo ago READMEChangelog (7)Dependencies (4)Versions (11)Used By (0) Yeebase.TwoFactorAuthentication =============================== [](#yeebasetwofactorauthentication) The Yeebase.TwoFactorAuthentication Flow package contains extensions to the Flow authentication mechanism that let you implement Two-Factor-Authentication (2FA) easily. It provides a new [Authentication Provider](https://flowframework.readthedocs.io/en/stable/TheDefinitiveGuide/PartIII/Security.html#authentication)that can be used in addition to existing providers in order to enable 2FA via One-time Passwords (OTP). Installation ------------ [](#installation) This package can be installed via [composer](https://getcomposer.org): ``` composer require yeebase/twofactorauthentication ``` This package requires a new database table `yeebase_twofactorauthentication_secret` that can be added via: ``` ./flow doctrine:migrate ``` Configuration ------------- [](#configuration) The following part describes the integration of the Two-Factor-Authentication package into an existing Flow Application. After installation Two-Factor-Authentication is considered to be disabled for all accounts in the system. ### Authentication Provider [](#authentication-provider) This package provides a `TwoFactorAuthenticationProvider` that has to be configured *in addition* to already existing providers. Furthermore the *authenticationStrategy* has to be set to `allTokens` in order to make sure that both providers are taken into account. #### Example: [](#example) `Settings.yaml`: ``` Neos: Flow: security: authentication: authenticationStrategy: 'allTokens' providers: 'Some.Package:Default': # That assumes that the "PersistedUsernamePasswordProvider" is used as base authentication: provider: 'PersistedUsernamePasswordProvider' 'Some.Package:2FA': provider: 'Yeebase\TwoFactorAuthentication\Security\Authentication\Provider\TwoFactorAuthenticationProvider' ``` ### Application name and Routes [](#application-name-and-routes) If a `TwoFactorAuthenticationProvider` `Settings.yaml`: ``` Yeebase: TwoFactorAuthentication: # This is the "issuer" that will be displayed in the authenticator app like: () applicationName: 'Some Application' routes: login: '@package': 'Some.Package' '@controller': 'Login' '@action': 'twoFactor' ``` `Login/TwoFacor.html` ``` ... 2FA Code ... ``` Instead of using the default UsernamePasswordProvider, adapt your settings to use the following provider instead: `Yeebase\TwoFactorAuthentication\Security\Authentication\Provider\TwoFactorAuthenticationProvider` ### Force Two-Factor Authentication [](#force-two-factor-authentication) By default 2FA can be enabled per account and it is not required if it is not enabled for the account that is authenticated. In order to *require* users to log in with Two-Factor Authentication the `Yeebase.TwoFactorAuthentication.requireTwoFactorAuthentication` flag can be set. With that in place the One-time Password *has to be specified* whenever an account is authenticated. To avoid this to leading to an exception when 2FA is not yet enabled for the given account, a *setup* can be configured that allows the user to initialize the 2FA. `Settings.yaml`: ``` Yeebase: TwoFactorAuthentication: requireTwoFactorAuthentication: true routes: # ... setup: '@package': 'Some.Package' '@controller': 'TwoFactorAuthenticationSetup' '@action': 'index' ``` And the corresponding Setup Controller (example): `TwoFactorAuthenticationSetupController.php` ```