LifeOnScreen/nova-google2fa
This package enforces 2FA for Laravel Nova.
Upgrade from 0.0.7 to 1.0.0
Upgrade guide is available Here.
Flow
Activation
- User gets recovery codes.
- User activates 2FA on his device.
Verification
- User verifies login with 2FA.
Recovery
- If user enters invalid code, recovery button is shown.
- User enters recovery code.
- User is redirected to activation process.
Installation
Install via composer
$ composer require lifeonscreen/nova-google2faPublish config and migrations
$ php artisan vendor:publish --provider="Lifeonscreen\Google2fa\ToolServiceProvider"Run migrations
$ php artisan migrateAdd relation to User model
use Lifeonscreen\Google2fa\Models\User2fa;
...
/**
* @return HasOne
*/
public function user2fa(): HasOne
{
return $this->hasOne(User2fa::class);
}Add middleware to nova.config.
[
...
'middleware' => [
...
\Lifeonscreen\Google2fa\Http\Middleware\Google2fa::class,
...
],
]Config
return [
/**
* Disable or enable middleware.
*/
'enabled' => env('GOOGLE_2FA_ENABLED', true),
'models' => [
/**
* Change this variable to path to user model.
*/
'user' => 'App\User',
/**
* Change this if you need a custom connector
*/
'user2fa' => User2fa::class,
],
'tables' => [
/**
* Table in which users are stored.
*/
'user' => 'users',
],
'recovery_codes' => [
/**
* Number of recovery codes that will be generated.
*/
'count' => 8,
/**
* Number of blocks in each recovery code.
*/
'blocks' => 3,
/**
* Number of characters in each block in recovery code.
*/
'chars_in_block' => 16,
/**
* The following algorithms are currently supported:
* - PASSWORD_DEFAULT
* - PASSWORD_BCRYPT
* - PASSWORD_ARGON2I // available from php 7.2
*/
'hashing_algorithm' => PASSWORD_BCRYPT,
],
];Security
If you discover any security-related issues, please email the author instead of using the issue tracker.
Credits
License
MIT license. Please see the license file for more information.