Skip to content
Two-factor authentication for Symfony applications (bunde version ≤ 4)
PHP HTML
Branch: master
Clone or download

Latest commit

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update issue templates Apr 26, 2020
Controller Code optimizations from Psalm Apr 29, 2020
DependencyInjection Add method to easily re-send the email with the authentication code May 17, 2020
Mailer Enforce strict_types declaration via phpcs Feb 15, 2020
Model Code optimizations from Psalm Apr 29, 2020
Resources Make PHP syntax highlighting work on GitHub May 20, 2020
Security Add method to easily re-send the email with the authentication code May 17, 2020
Tests Add method to easily re-send the email with the authentication code May 17, 2020
.editorconfig Added configuration for php-cs-fixer Dec 31, 2015
.gitattributes Add CONTRIBUTING.md Feb 15, 2020
.gitignore Allow PHPUnit 8 Apr 8, 2019
.php_cs.dist Disable php-cs-fixer phpdoc_align Apr 29, 2020
.scrutinizer.yml Update Scrutinizer config May 2, 2020
.travis.yml Better build pipeline Apr 29, 2020
CONTRIBUTING.md Better build pipeline Apr 29, 2020
LICENSE Update year Jan 28, 2018
README.md Version hint Apr 18, 2020
SchebTwoFactorBundle.php Code optimizations from Psalm Apr 29, 2020
UPGRADE.md Upgrade note on translations being moved to its own domain Apr 11, 2019
composer.json Update keywords May 17, 2020
php_cs.xml Enforce strict_types declaration via phpcs Feb 15, 2020
phpunit.xml.dist Update composer for Symfony 3.0 Dec 31, 2015
psalm.xml Code optimizations from Psalm Apr 29, 2020

README.md

scheb/two-factor-bundle

This bundle provides two-factor authentication for your Symfony application.

Build Status Scrutinizer Code Quality Code Coverage Latest Stable Version Total Downloads License

Logo

ℹ️ The repository contains bundle versions 1-4, versions ≥ 5 are located in scheb/2fa.


It comes with the following two-factor authentication methods:

Additional features you will like:

  • Interface for custom two-factor authentication methods
  • Trusted IPs
  • Trusted devices (once passed, no more two-factor authentication on that device)
  • Single-use backup codes for when you don't have access to the second factor device
  • Multi-factor authentication (more than 2 steps)
  • CSRF protection
  • Whitelisted routes (accessible during two-factor authentication)

Installation

composer require scheb/two-factor-bundle

... and follow the installation instructions.

Documentation

Detailed documentation of all features can be found in the Resources/doc directory.

Version Guidance

Version Status Symfony Version
1.x EOL >= 2.1, < 2.7
2.x EOL ^2.6, ^3.0, ^4.0
3.x EOL 3.4, ^4.0, ^5.0
4.x Maintained 3.4, ^4.0, ^5.0
5.x In Development 4.4, ^5.0

Security Issues

If you think that you have found a security issue in the bundle, don't use the bug tracker and don't publish it publicly. Instead, please report via email to me@christianscheb.de.

Known security issues:

  • Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. (#143)

  • Before versions 3.26.0 / 4.11.0 it was possible to bypass two-factor authentication when the remember-me option is available on the login form. (#253)

Contributing

See CONTRIBUTING.md.

License

This bundle is available under the MIT license.

You can’t perform that action at this time.