antonioribeiro / google2fa-laravel

A One Time Password Authentication package, compatible with Google Authenticator for Laravel
MIT License
941 stars 182 forks source link

is there any stp-by-step doc? #189

Open realtebo opened 1 year ago

realtebo commented 1 year ago

I appreciate your work a lot

But we cannot understand what to do after installation.

Aren't there any migration to run'

How to create routes? and how to intercept login to force redirect to view ?

Is there any public repo with a working laravel repo where is already integrated your package?

yvomenezes commented 9 months ago

Hi. The package provides a middleware that you can add to the routes you want to enforce for the 2fa. You have to provide to the package a view to ask for the code and update its name in the config file, google2fa.php.

It is up to you to create the way for the user to activate the 2fa. You will need to add a column at the users table to store the secret. This column’s name should be added to the config file mentioned before.

realtebo commented 9 months ago

I added the middleware to all protected routes. and the view for asking the OTP. I added the column to users table and, when creating a user, a new google2fa_secret is generated for the user

But how can I intercept that user has not initialized it's authenticator app with the qr? Because actually the app after the login is requiring the otp, but not showing the qr

but if the google2fa_secret is NULL, the middleware go on without asking for 2FA at all. How tell the middleware to redirect to a 'setup' page where the user is instructed to scan QR and insert first OTP?

This parte is undocumented, please, give me a direction.

yvomenezes commented 9 months ago

That’s true. What you could do is to add a second column that tells whether the user has activated it or not and update the middleware to redirect for a view that shows the qrcode to scan in case it has not been activated.

realtebo commented 9 months ago

ok, I understand. I did it.

Now ... I cannot understand if your package includes OR NOT a qr code generator.

Could you give me a simple example ?


use PragmaRX\Google2FAQRCode\Google2FA;
use PragmaRX\Google2FAQRCode\QRCode\Chillerlan;

...

        $google2fa = new Google2FA(
            new Chillerlan()
        );

        $qrCodeUrl = $google2fa->getQRCodeInline(
            config('app.name'),
            config($this->email),
            $this->google2fa_secret
        );
realtebo commented 9 months ago

Ok, found !!! Installed the QR code package 'chillerlan/php-qrcode' in addition

composer require pragmarx/google2fa-laravel
composer require chillerlan/php-qrcode

In the user class

use PragmaRX\Google2FAQRCode\Google2FA;
use PragmaRX\Google2FAQRCode\QRCode\Chillerlan;

    public function getQrCodeUrlAttribute() {

        $google2fa = new Google2FA(
            new Chillerlan()
        );

        $qrCodeUrl = $google2fa->getQRCodeInline(
            config('app.name'),
            $this->email,
            $this->google2fa_secret
        );

        return $qrCodeUrl;
    }

in the blade

                    @unless(auth()->user()->google2fa_enabled)
                    <div class="form-group">
                        Scansiona il codice QR con l'app Google Authenticator

                        <br>
                        <img src="{{ auth()->user()->qr_code_url }}">
                    </div>
                    @endif