Description
This bundle provides two-factor authentication for your Symfony application. It comes with the following two-factor authentication methods: Google Authenticator Email authentication code
scheb/two-factor-bundle alternatives and similar libraries
Based on the "Security" category
-
random_compat
PHP 5.x support for random_bytes() and random_int() -
SensioLabs Security Check
A web tool to check your Composer dependencies for security advisories. -
CIDRAM
CIDRAM: Classless Inter-Domain Routing Access Manager. -
VAddy
A continuous security testing platform for web applications.
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest. Visit our partner's website for more details.
Do you think we are missing an alternative of scheb/two-factor-bundle or a related project?
README
scheb/two-factor-bundle
This bundle provides two-factor authentication for your Symfony application.
ℹ️ The repository contains bundle versions 1-4, versions ≥ 5 are located in scheb/2fa.
It comes with the following two-factor authentication methods:
- TOTP authentication
- Google Authenticator
- Authentication code via email
Additional features you will like:
- Interface for custom two-factor authentication methods
- Trusted IPs
- Trusted devices (once passed, no more two-factor authentication on that device)
- Single-use backup codes for when you don't have access to the second factor device
- Multi-factor authentication (more than 2 steps)
- CSRF protection
- Whitelisted routes (accessible during two-factor authentication)
Installation
composer require scheb/two-factor-bundle
... and follow the [installation instructions](Resources/doc/installation.md).
Documentation
Detailed documentation of all features can be found in the [Resources/doc](Resources/doc/index.md) directory.
Version Guidance
| Version | Status | Symfony Version |
|---|---|---|
| 1.x | EOL | >= 2.1, < 2.7 |
| 2.x | EOL | 2.6, 3.0, 4.0 |
| 3.x | EOL | 3.4, 4.0, 5.0 |
| 4.x | Maintained | 3.4, 4.0, 5.0 |
| 5.x | In Development | 4.4, 5.0 |
Security Issues
If you think that you have found a security issue in the bundle, don't use the bug tracker and don't publish it publicly. Instead, please report via email to me@christianscheb.de.
Known security issues:
Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. (#143)
Before versions 3.26.0 / 4.11.0 it was possible to bypass two-factor authentication when the remember-me option is available on the login form. (#253)
Contributing
See [CONTRIBUTING.md](CONTRIBUTING.md).
License
This bundle is available under the [MIT license](LICENSE).
*Note that all licence references and agreements mentioned in the scheb/two-factor-bundle README section above
are relevant to that project's source code only.