kelunik/two-factor

双因素认证。

维护者

详细信息

github.com/kelunik/two-factor

源代码

问题

安装数: 1,799

依赖项: 3

建议者: 0

安全性: 0

星标: 36

关注者: 3

分支: 4

开放问题: 0

v1.1.3 2021-06-21 18:45 UTC

Requires

Requires (Dev)

MIT 2cb44e3cd558f867ad55312ccf7953c02098bfad

  • Niklas Keller <me.woop@kelunik.com>

Authenticationtwo-factorhotptotpoath2fa

This package is auto-updated.

Last update: 2024-09-22 02:13:45 UTC

README

Build Status CoverageStatus License

kelunik/two-factor 是一个兼容 Google Authenticator 的 OATH 实现。

需求

  • PHP 5.5+

安装

composer require kelunik/two-factor

演示

此存储库包含一个可运行的 演示

用法

为每个用户生成一个密钥

$oath = new Oath;

// this generates a key in binary format
$key = $oath->generateKey();

// store key for user

让用户设置双因素设备

$oath = new Oath;
$key = "..."; // load user key from storage

// Use the URI to provide an easy to scan QR code
$uri = $oath->getUri($key);

// Alternatively display the key for manual input
$secret = $oath->encodeKey($key);

您可以使用您喜欢的 JavaScript 或 PHP 库生成 QR 码。作为一个工作示例,我们使用 qr.js

<form action="/2fa/setup" method="POST">
    Scan the following QR code and click continue once you're ready.
    <input type="hidden" value="{{$uri}}" id="2fa-uri">

    <canvas id="qr-code"></canvas>
    <script src="/js/qr.min.js"></script>
    <script>
        qr.canvas({
            canvas: document.getElementById("qr-code"),
            value: document.getElementById("2fa-uri").value
        });
    </script>

    <button type="submit">Continue</button>
</form>

验证 TOTP 值

$oath = new Oath;
$key = "..."; // load user key from storage
$isValid = $oath->verifyTotp($key, $totpValue);
// If the token is valid, ensure that it can't be used again.
// Because we use the default grace window size of two,
// we have to store the used TOTP value for at least 90 seconds,
// to prevent its usage explicitly.