YII2 extension for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm)
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
tests
.gitignore
.travis.yml
LICENSE
README.md
codeception.yml
composer.json

README.md

yii2-otp

Code Climate SensioLabsInsight

Latest Version Software License

Build Status

YII2 extension for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm)

Installation

The preferred way to install this extension is through composer.

Either run

composer require sam002/yii2-otp:~2.0.0

or add

"sam002/yii2-otp" : "~2.0.0"

to the require section of your application's composer.json file.

Usage

After extension is installed you need to setup auth client collection application component:

Configure

<?php
use sam002\otp\Otp;

...

'components' => [
    'otp' => [
        'class' => Otp::className(),
        // 'totp' only now
        'algorithm' => sam002\otp\Otp::ALGORITHM_TOTP,
        
        // length of code
        'digits' => 6,
        
        //  Algorithm for hashing
        'digest' => 'sha1',
        
        // Label of application
        'label' => 'yii2-otp',
        
        // Uri to image (application icon)
        'imgLabelUrl' => Yii::to('/icon.png'),
        
        // Betwen 8 and 1024
        'secretLength' => 64,
        // Time interval in seconds, must be at least 1
        'interval'
    ],
...
]

Add behavior Add any model column for storing secure code. //My case: the use of two-factor authentication

<?php
use sam002\otp\behaviors\OtpBehavior;

...

'behavior' => [
    'otp' => [
        'class' => OtpBehavior::className(),
        // Component name
        'component' => 'otp',
        
        // column|property name for get and set secure phrase
        //'secretAttribute' => 'secret'
        // column|property name for get code and confirm secret
        //'codeAttribute' => 'secret'
        
        //Window in time for check authorithation (current +/- window*interval) 
        //'window' => 0
    ],
...
]

Widget use Widget for generate init QR-code. Read more about QrParams in the qrcode-library.

use sam002\otp\widgets\OtpInit;

<?php echo $form->field($model, 'secret')->widget(
                    OtpInit::className() ,[
                        'component'=>'otp',
                        
                        // link text
                        'link' => 'ADD OTP BY LINK',
                        
                        'QrParams' => [
                            // pixels width
                            'size' => 300,
                            
                            // margin around QR-code
                            'margin' => 10,
                            
                            // Path to logo on image
                            'logo' => '/icon.png',
                            
                            // Width logo on image
                            'logoWidth' => 50,
                            
                            // RGB color
                            'foregroundColor' => [0,0,0],
                            
                            // RGB color
                            'backgroundColor' => [255,255,255],
                            
                            // Qulity of QR: LOW, MEDIUM, HIGHT, QUARTILE
                            'level' => ErrorCorrectionLevelInterface::HIGH,
                            
                            // Image format: PNG, JPG, SVG, EPS
                            'type' => PngWriter::class,
                            
                            // Locale
                            'encoding' => 'UTF-8',
                            
                            // Text on image under QR code
                            'label' => 'QR code',
                            
                            // by default image create and save at Yii::$app->runtimePath . '/temporaryQR/'
                            'outfile' => '/tmp/'.uniqid(),
                            
                            // save or delete after generate
                            'save' => false,
                        ]
                ]); ?>

Further Information

Credits

License

The LGPLv3 License. Please see License File for more information.