1 頁 (共 1 頁)

pragmarx/google2fa

發表於 : 2015-03-08 09:13:51
yehlu
http://packalyst.com/packages/package/p ... /google2fa

Google2FA
Latest Stable Version License Downloads

Google Two-Factor Authentication for PHP Package
Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.

This package is agnostic, but also supports the Laravel Framework.

Requirements
PHP 5.3.7+
Compatibility
You don't need Laravel to use it, but it's compatible with

Laravel 4.1+
Laravel 5+
Installing
Use Composer to install it:

composer require pragmarx/google2fa
Installing on Laravel
Add the Service Provider and Facade alias to your app/config/app.php (Laravel 4.x) or config/app.php (Laravel 5.x):

'PragmaRX\Google2FA\Vendor\Laravel\ServiceProvider',

'Google2FA' => 'PragmaRX\Google2FA\Vendor\Laravel\Facade',
Usign It
Instantiate it directly

use PragmaRX\Google2FA\Google2FA;

$google2fa = new Google2FA();

return $google2fa->generateSecretKey()
In Laravel you can use the IoC Container and the contract

$google2fa = app()->make('PragmaRX\Google2FA\Contracts\Google2FA');

return $google2fa->generateSecretKey()
Or Method Injection, in Laravel 5

use PragmaRX\Google2FA\Contracts\Google2FA;

class WelcomeController extends Controller {

public function generateKey(Google2FA $google2fa)
{
return $google2fa->generateSecretKey();
}

}
Or the Facade

return Google2FA::generateSecretKey()
How To Generate And Use Two Factor Authentication
Generate a secret key for your user and save it:

$user = User::find(1);

$user->google2fa_secret = Google2FA::generateSecretKey();

$user->save();
Show the QR code to your user:

$google2fa_url = Google2FA::getQRCodeGoogleUrl(
'YourCompany',
$user->email,
$user->google2fa_secret
);

{{ HTML::image($google2fa_url) }}
And they should see and scan the QR code to their applications:

QRCode

And to verify, you just have to:

$secret = Input::get('secret');

$valid = Google2FA::verifyKey($user->google2fa_secret, $secret);
Server Time
It's really important that you keep your server time in sync with some NTP server, on Ubuntu you can add this to the crontab:

ntpdate ntp.ubuntu.com
Demo
You can scan the QR code on this page with a Google Authenticator app and view view the code changing (almost) in real time.

Google Authenticator Apps:
To use the two factor authentication, your user will have to install a Google Authenticator compatible app, those are some of the currently available:

Authy for iOS, Android, Chrome, OS X
FreeOTP for iOS, Android and Peeble
FreeOTP for iOS, Android and Peeble
Google Authenticator for iOS
Google Authenticator for Android
Google Authenticator for Blackberry
Google Authenticator (port) on Windows app store
Tests
The package tests were written with phpspec.

Author
Antonio Carlos Ribeiro

License
Google2FA is licensed under the BSD 3-Clause License - see the LICENSE file for details

Contributing
Pull requests and issues are more than welcome.