Skip to content
Craft plugin for two-factor or two-step login using Time Based OTP.
PHP HTML
Branch: craft-3.1
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples
src
.gitignore
CHANGELOG.md
LICENSE.md
README.md
composer.json
login-verification.png
phpcs.xml.dist
plugin-icon.png
settings-turn-off.png
settings-turn-on.png

README.md

Two-Factor Authentication

Two-Factor Authentication

Craft 3 plugin for two-factor or two-step login using Time Based OTP (TOTP, like Google Authenticator). Every user can setup TOTP themselves, the plugin does not force users. Admins can list usage in user tables.

Inner working

Login works as usual for users without 2-factor auth.

When enabled, the user is redirected to the 2-factor verification page after login. This means the user is already logged in. When the user tries to visit an other Control Panel page than the public ones before verification, the logout is triggered. This blocks the user from visiting the CP unverified.

Requirements

  • Craft 3.0.0
  • PHP 7.x at least
  • userSessionDuration in the general.php config should be larger than 0 (by default)

Setting up front end 2FA

When using a login for front end users, the following steps add 2FA support.

  • Copy the two-factor-authentication.php file to your config/ folder.
  • Set verifyFrontEnd to true in the config file.
  • Define what urls should be protected with 2FA verification. Choose between using the frontEndPathWhitelist or frontEndPathBlacklist! Using both will block everything! See config for additional info.
  • Build a 2FA login-verify form accessible by url like the example twig.
  • Set the verifyPath. For our login-verify.twig example the path would be login-verify.
  • Allow users setting up 2FA in front end by building a template like the example twig.
  • Set the settingsPath. For our two-factor-settings.twig example the path would be two-factor-settings.

Setting up config

Copy the two-factor-authentication.php file to your config/ folder.

Resetting a user's 2FA

Simply remove the user's twofactorauthentication_user record. This disables 2FA for that user.

Screens

Setting screen when turning 2FA on

Setting screen when turning 2FA on

Setting screen when turning 2FA off

Setting screen when turning 2FA off

Login verification screen

Login verification screen

License

Copyright © Born05

See license

You can’t perform that action at this time.