Popularity
5.0
Growing
Activity
7.8
Declining
362
19
113

Description

This bundle provides two-factor authentication for your Symfony application. It comes with the following two-factor authentication methods: Google Authenticator Email authentication code

Monthly Downloads: 38,190
Programming language: PHP
License: MIT License
Latest version: v4.16.0

scheb/two-factor-bundle alternatives and similar libraries

Based on the "Security" category

Do you think we are missing an alternative of scheb/two-factor-bundle or a related project?

Add another 'Security' Library

README

scheb/two-factor-bundle

This bundle provides two-factor authentication for your Symfony application.

Build Status Scrutinizer Code Quality Code Coverage Latest Stable Version Total Downloads License

ℹ️ The repository contains bundle versions 1-4, versions ≥ 5 are located in scheb/2fa.


It comes with the following two-factor authentication methods:

Additional features you will like:

  • Interface for custom two-factor authentication methods
  • Trusted IPs
  • Trusted devices (once passed, no more two-factor authentication on that device)
  • Single-use backup codes for when you don't have access to the second factor device
  • Multi-factor authentication (more than 2 steps)
  • CSRF protection
  • Whitelisted routes (accessible during two-factor authentication)

Installation

composer require scheb/two-factor-bundle

... and follow the [installation instructions](Resources/doc/installation.md).

Documentation

Detailed documentation of all features can be found in the [Resources/doc](Resources/doc/index.md) directory.

Version Guidance

Version Status Symfony Version
1.x EOL >= 2.1, < 2.7
2.x EOL 2.6, 3.0, 4.0
3.x EOL 3.4, 4.0, 5.0
4.x Maintained 3.4, 4.0, 5.0
5.x In Development 4.4, 5.0

Security Issues

If you think that you have found a security issue in the bundle, don't use the bug tracker and don't publish it publicly. Instead, please report via email to me@christianscheb.de.

Known security issues:

  • Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. (#143)

  • Before versions 3.26.0 / 4.11.0 it was possible to bypass two-factor authentication when the remember-me option is available on the login form. (#253)

Contributing

See [CONTRIBUTING.md](CONTRIBUTING.md).

License

This bundle is available under the [MIT license](LICENSE).


*Note that all licence references and agreements mentioned in the scheb/two-factor-bundle README section above are relevant to that project's source code only.