PHPackages yiirocks/voyti - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. yiirocks/voyti ActiveLibrary[Authentication & Authorization](/categories/authentication) yiirocks/voyti ============== Highly customizable and extensible user management, authentication, and authorization Yii3 extension 014↑2685.7%PHPCI failing Since Jun 18Pushed todayCompare [ Source](https://github.com/YiiRocks/voyti)[ Packagist](https://packagist.org/packages/yiirocks/voyti)[ RSS](/packages/yiirocks-voyti/feed)WikiDiscussions master Synced today READMEChangelogDependenciesVersions (1)Used By (0) Voyti — Yii3 User Management Extension ====================================== [](#voyti--yii3-user-management-extension) Highly customizable and extensible user management, authentication, and authorization extension for Yii3. Ported from [2amigos/yii2-usuario](https://github.com/2amigos/yii2-usuario) and rebuilt for Yii3 with PSR-15 middleware, PSR-11 DI, ActiveRecord entities, FormModel forms, and the `yiisoft/rbac` package. [![Packagist Version](https://camo.githubusercontent.com/900118be0aee064444ae24caa169b0e6e839e69628d27c14cf46da68a63fb2b0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f796969726f636b732f766f7974692e737667)](https://packagist.org/packages/yiirocks/voyti)[![PHP from Packagist](https://camo.githubusercontent.com/f4f1f93ca831081247a0c110b0a3c28558ecdb479ff69f865e21436a0902b823/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f796969726f636b732f766f7974692e737667)](https://php.net/)[![Packagist](https://camo.githubusercontent.com/e634af583e3dbc21094ff7d90ebc223727e20968d2648fdbe9a52731071d9c24/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f796969726f636b732f766f7974692e737667)](https://packagist.org/packages/yiirocks/voyti)[![GitHub](https://camo.githubusercontent.com/b1914024118e0f05721f27b48f2e13617ca7288c7c2f332b947c629b1ad49968/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f796969726f636b732f766f7974692e737667)](https://github.com/yiirocks/voyti/blob/master/LICENSE)[![GitHub Workflow Status](https://camo.githubusercontent.com/c95a26557c67b365cb51d213033783d65f3beadcbcf006b8ca77bdf30ba2de5a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f796969726f636b732f766f7974692f616e616c79736973)](https://github.com/yiirocks/voyti/actions) --- Features -------- [](#features) - **User Management** — Registration, email confirmation, login/logout, password recovery, password expiration - **Profile Management** — User profiles with gravatar, timezone, social links - **Social Authentication** — 9 built-in auth clients (Facebook, GitHub, Google, LinkedIn, Twitter, VKontakte, Yandex, Keycloak, Microsoft365) - **Two-Factor Authentication** — TOTP (authenticator app), email, and SMS 2FA with enforced-per-permission support - **RBAC Management** — Full admin UI for roles, permissions, and rules with parent-child hierarchy, assignment management, and filtering - **Session Management** — Session history tracking and termination - **GDPR Compliance** — Consent management, data export, anonymized deletion with admin notification - **Password Policies** — Minimum complexity requirements, max age enforcement via middleware - **Email Change Strategies** — Three modes: insecure (immediate), default (confirm new address), secure (confirm both old and new) - **REST API** — Optional JSON API for user CRUD - **CAPTCHA** — Optional reCAPTCHA v2/v3 integration via `yiirocks/recaptcha` - **i18n** — Built-in translations for English, German, Dutch, and Russian - **Themed Views** — Bootstrap 5 views shipped by default; mail templates separate and independently overridable Requirements ------------ [](#requirements) - PHP >= 8.2 - Yii3 packages (yiisoft/db, yiisoft/rbac, yiisoft/view, yiisoft/validator, etc.) Installation ------------ [](#installation) ``` composer require yiirocks/voyti ``` For reCAPTCHA support (optional): ``` composer require yiirocks/recaptcha ``` For 2FA TOTP support (optional): ``` composer require chillerlan/php-authenticator chillerlan/php-qrcode ``` Quick Start ----------- [](#quick-start) ### 1. Run migrations [](#1-run-migrations) ``` php yii migrate ``` Five migrations create the `user`, `profile`, `social_account`, `token`, and `session_history` tables with all columns (2FA, GDPR, password expiration, last login IP, etc.) included. ### 2. Configure the module (optional) [](#2-configure-the-module-optional) Sensible defaults are auto-registered via the [Yii3 config plugin](https://github.com/yiisoft/config) — no manual setup required. To customize, override `ModuleConfig` in your application's `config/params.php`: ``` use YiiRocks\Voyti\ModuleConfig; return [ YiiRocks\Voyti\ModuleConfig::class => new ModuleConfig( enableRegistration: true, enablePasswordRecovery: true, enableTwoFactorAuthentication: true, recaptchaVersion: 'v3', emailChangeStrategy: 1, enableGdprCompliance: true, maxPasswordAge: 90, enableRestApi: true, ), ]; ``` ### 3. Register routes [](#3-register-routes) The package exposes its routes under the `voyti-routes` config group. In your application's router DI definition, include them alongside your own routes: ``` // config/common/di/router.php use Yiisoft\Config\Config; use Yiisoft\Definitions\DynamicReference; use Yiisoft\Router\RouteCollection; use Yiisoft\Router\RouteCollectionInterface; use Yiisoft\Router\RouteCollector; /** @var Config $config */ return [ RouteCollectionInterface::class => [ 'class' => RouteCollection::class, '__construct()' => [ 'collector' => DynamicReference::to( static fn() => (new RouteCollector())->addRoute( ...$config->get('voyti-routes'), // ...your own routes ), ), ], ], ]; ``` Routes are prefixed with `user/` and are available at URLs like `/user/login`, `/user/register`, `/user/settings`, etc. REST API routes (under `/user/api/v1`) are enabled when `enableRestApi` is `true`. ### 4. That's it [](#4-thats-it) DI bindings, event listeners, and console commands are all auto-registered via the config plugin. Console commands: CommandDescription`voyti:create`Create a new user`voyti:delete`Delete a user`voyti:confirm`Confirm a user's email`voyti:password`Change a user's passwordConfiguration Reference ----------------------- [](#configuration-reference) `ModuleConfig` provides 40+ options: OptionTypeDefaultDescription`recaptchaVersion``?string``null``'v2'`, `'v3'`, or `null` to disable`enableSessionHistory``bool``false`Track session history`numberSessionHistory``int|false``false`Max sessions to keep per user`timeoutSessionHistory``int|false``false`Session timeout in seconds`enableGdprCompliance``bool``false`Enable GDPR features`gdprPrivacyPolicyUrl``?string``null`URL to privacy policy`gdprAnonymizePrefix``string``'GDPR'`Prefix for anonymized usernames`gdprRequireConsentToAll``bool``false`Require consent on all pages`enableTwoFactorAuthentication``bool``false`Enable 2FA`twoFactorAuthenticationForcedPermissions``array``[]`Permissions that require 2FA`twoFactorAuthenticationCycles``int``1`2FA code generation cycles`enableAutoLogin``bool``true`Auto-login after registration`enableRegistration``bool``true`Allow new user registration`enableSocialNetworkRegistration``bool``true`Allow social network registration`enableEmailConfirmation``bool``true`Require email confirmation`generatePasswords``bool``false`Auto-generate passwords on registration`allowUnconfirmedEmailLogin``bool``false`Allow login without email confirmation`allowPasswordRecovery``bool``true`Allow password recovery`allowAccountDelete``bool``false`Allow users to delete their account`emailChangeStrategy``int``1`0=insecure, 1=default, 2=secure`rememberLoginLifespan``int``1209600`Remember-me duration (seconds)`tokenConfirmationLifespan``int``86400`Confirmation token validity`tokenRecoveryLifespan``int``21600`Recovery token validity`administrators``array``[]`Admin user IDs/usernames`administratorPermissionName``?string``null`Permission name for admin access`blowfishCost``int``10`Bcrypt cost factor`maxPasswordAge``?int``null`Max password age in days`disableIpLogging``bool``false`Disable IP address logging`minPasswordRequirements``array``['lower'=>1,'digit'=>1,'upper'=>1]`Min character types`enableRestApi``bool``false`Enable REST API`adminRestPrefix``string``'api/v1'`REST API URL prefix`mailParams``array`(see below)Mail from address and subjectsViews ----- [](#views) ### Web Views [](#web-views) Web views are in `src/resources/views/bootstrap5/` and use the `@voytiViews` alias. They can be overridden via the Yii3 View theme `pathMap`: ``` // config/params.php 'yiisoft/view' => [ 'theme' => [ 'pathMap' => [ '@voytiViews' => [ '/path/to/your/custom/views', '@voyti/resources/views/bootstrap5', // fallback ], ], ], ], ``` To use a different CSS framework (e.g. Tailwind), create your view files and point `@voytiViews` at them via `pathMap`, falling back to the bundled Bootstrap 5 views: ``` 'yiisoft/view' => [ 'theme' => [ 'pathMap' => [ '@voytiViews' => [ '/path/to/your/tailwind/views', '@voyti/resources/views/bootstrap5', ], ], ], ], ``` ### Mail Views [](#mail-views) Mail templates are in `src/resources/mail/` and use the `@voytiMail` alias — separate from web views so they can be overridden independently: ``` 'yiisoft/view' => [ 'theme' => [ 'pathMap' => [ '@voytiMail' => [ '/path/to/your/custom/mail', '@voyti/resources/mail', // fallback ], ], ], ], ``` Middleware ---------- [](#middleware) The extension ships three PSR-15 middleware classes for access control: MiddlewareDescription`AccessRuleMiddleware`Redirects non-admin users; checks `administratorPermissionName``PasswordAgeEnforceMiddleware`Redirects to password change when `maxPasswordAge` is exceeded`TwoFactorAuthenticationEnforceMiddleware`Redirects to 2FA setup when required permissions are assignedRegister them in your application's middleware pipeline as needed. RBAC ---- [](#rbac) Built on [`yiisoft/rbac`](https://github.com/yiisoft/rbac). The extension provides: - **Admin UI** for managing permissions, roles, and rules (create, update, delete, filter) - **Assignment management** — assign/revoke roles and permissions per user from the admin panel - **Parent-child hierarchy** — roles can have child permissions/roles - **Rule management** — register and manage custom `RuleInterface` classes Default roles are configured in `config/rbac.php`: ``` return [ 'rbac' => [ 'guest' => [], 'user' => [], 'admin' => [], ], ]; ``` Social Authentication --------------------- [](#social-authentication) Nine auth clients are included. Each implements the auth client interface and maps provider attributes to the `SocialNetworkAccount` entity: - Facebook, GitHub, Google, Keycloak, LinkedIn, Microsoft365, Twitter, VKontakte, Yandex The `SocialNetworkAuthenticateService` handles account lookup, creation, and user login. The `SocialNetworkAccountConnectService` links a social account to an existing user. Testing ------- [](#testing) ``` # Unit tests (264 tests, 3509 assertions) composer phpunit # Mutation testing (275 mutants, 100% MSI) composer infection # Code style composer php-cs-fixer # Static analysis composer psalm # Mess detector composer phpmd ``` Project Structure ----------------- [](#project-structure) ``` src/ ├── AuthClient/ 9 social auth clients ├── Command/ 4 console commands ├── Controller/ 11 web controllers + 1 API controller ├── Entity/ 5 ActiveRecord entities (User, Profile, Token, SocialNetworkAccount, SessionHistory) ├── Event/ 11 event classes ├── Factory/ TokenFactory, MailFactory ├── Form/ 9 form models (Login, Registration, Recovery, Resend, Settings, Rule, Permission, Role, Assignment, GdprDelete) ├── Helper/ 5 helpers (Auth, Gravatar, Recaptcha, Security, Timezone) ├── Listener/ 4 event listeners ├── Middleware/ 3 PSR-15 middleware ├── Migration/ 5 table-creation migrations ├── Repository/ 6 repositories (User, Profile, Token, SocialNetworkAccount, SessionHistory + RepositoryTrait) ├── Service/ 22 services + 5 session history services ├── Strategy/ 3 email-change strategies + factory + interface ├── Validator/ 5 validators ├── Widget/ 4 widgets ├── resources/ │ ├── mail/ 5 mail templates (independently overridable) │ ├── messages/ 4 locales (en, de, nl, ru) │ └── views/ │ └── bootstrap5/ 33 web views └── ModuleConfig.php 40+ configuration options ``` Credits ------- [](#credits) Originally based on [2amigos/yii2-usuario](https://github.com/2amigos/yii2-usuario) by 2amigOS. License ------- [](#license) [MIT](LICENSE) ### Health Score 23 — LowBetter than 26% of packages Maintenance65 Regular maintenance activity Popularity8 Limited adoption so far Community8 Small or concentrated contributor base Maturity11 Early-stage or recently created project Bus Factor1 Top contributor holds 96.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/1957a3dc890165f142079565dc6b0ef59c26838a36fba5f052985e34612ce269?d=identicon)[mr42](/maintainers/mr42) --- Top Contributors [![Mister-42](https://avatars.githubusercontent.com/u/68641750?v=4)](https://github.com/Mister-42 "Mister-42 (27 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)") ### Embed Badge ![Health badge](/badges/yiirocks-voyti/health.svg) ``` [![Health](https://phpackages.com/badges/yiirocks-voyti/health.svg)](https://phpackages.com/packages/yiirocks-voyti) ``` ### Alternatives [kartik-v/yii2-password Useful password strength validation utilities for Yii Framework 2.0 761.2M17](/packages/kartik-v-yii2-password)[better-futures-studio/filament-local-logins This is my package filament-local-logins 1334.6k](/packages/better-futures-studio-filament-local-logins) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)