netsells/nova-google2fa

This package enforces 2FA for Laravel Nova.

Dependencies

• PHP 7.4 or higher
• Imagik

Flow

Activation

• User gets recovery codes.

• User activates 2FA on his device.

Verification

• User verifies login with 2FA.

Recovery

• If user enters invalid code, recovery button is shown.

• User enters recovery code.

• User is redirected to activation process.

• Optional use

If the GOOGLE_2FA_OPTIONAL environment parameter is set to true, 2fa will only be used if the user has configured their account to use it. In this case, you should provide a link to '/los/2fa/recovery' to allow the user to enable 2fa.

Installation

Install via composer

$ composer require netsells/nova-google2fa

Publish config

$ php artisan vendor:publish --provider="Lifeonscreen\Google2fa\ToolServiceProvider" --tag=lifeonscreen2fa.config

Publish migrations

$ php artisan vendor:publish --provider="Lifeonscreen\Google2fa\ToolServiceProvider" --tag=migrations

Publish views (optional)

$ php artisan vendor:publish --provider="Lifeonscreen\Google2fa\ToolServiceProvider" --tag=views

Or publish all in one go (optional)

$ php artisan vendor:publish --provider="Lifeonscreen\Google2fa\ToolServiceProvider"

Run migrations

$ php artisan migrate

Add relation to User model

use Lifeonscreen\Google2fa\Models\User2fa;

...

/**
 * @return HasOne
 */
public function user2fa(): HasOne
{
    return $this->hasOne(User2fa::class);
}

Add middleware to config/nova.

[
    ...
    'middleware' => [
        ...
        \Lifeonscreen\Google2fa\Http\Middleware\Google2fa::class,
        ...
    ],
]

Config

return [
    /**
     * Disable or enable middleware.
     */
    'enabled' => env('GOOGLE_2FA_ENABLED', true),
    
    /**
     * Use only if user has configured to do so
     */
    'optional' => env('GOOGLE_2FA_OPTIONAL', false),

    /**
     * Display the secret code as an alternative to using the QR code
     */
    'display_secret_code' => env('GOOGLE_DISPLAY_SECRET_CODE', false),

    'models' => [
        /**
         * Change this variable to path to user model.
         */
        'user' => 'App\User',
        
        /**
         * Change this if you need a custom connector
         */
        'user2fa' => User2fa::class,
    ],
    'tables' => [
        /**
         * Table in which users are stored.
         */
        'user' => 'users',
    ],

    'recovery_codes' => [
        /**
         * Number of recovery codes that will be generated.
         */
        'count'          => 8,

        /**
         * Number of blocks in each recovery code.
         */
        'blocks'         => 3,

        /**
         * Number of characters in each block in recovery code.
         */
        'chars_in_block' => 16,

        /**
         * The following algorithms are currently supported:
         *  - PASSWORD_DEFAULT
         *  - PASSWORD_BCRYPT
         *  - PASSWORD_ARGON2I // available from php 7.2
         */
        'hashing_algorithm' => PASSWORD_BCRYPT,
    ],
];

Security

If you discover any security-related issues, please email the author instead of using the issue tracker.

Credits

• Jani Cerar

License

MIT license. Please see the license file for more information.

Fork created and maintained by the Netsells team