I’ve recently done some posts about how to integrate two-factor authentication and Google Authenticator into Symfony2. I thought to myself “Why not make a bundle from it?” and that’s what i did: Say hello to SchebTwoFactorBundle. Now it’s dead simple to add two-factor authentication to your own website. Add the bundle via Composer and enable the authentication method you want.
Currently it supports both the email and the Google Authenticator method I’ve blogged about. It already has some features for customization, but I’m thinking about making it more flexible. Maybe some generic two-factor implementation, which allows you to plug in different kinds of two-factor modules.
19 thoughts on “Say Hello to SchebTwoFactorBundle”
Hi – I tried to use your Bundle: SchebTwoFactorBundle
Does it work with FOS User Bundle?
I have installed and configured correctly but nothing happens after usual login form.
FOSUserBundle works for me.
Maybe you forgot to implement an interfaces (from the
Scheb\TwoFactorBundle\Modelnamespace) in your user class?
If that’s not the problem, does your user entity have two-factor authentication enabled? To enable Google Authenticator
getGoogleAuthenticatorSecret()has to return a secret. To enable the email authenticator the method
isEmailAuthEnabled()must return true.
Hope one of those can fix it.
is there anything else i need to do besides follow the installation/configuration documentation when using FOSUserBundle?
I get my login screen just as it used to be but once I try to login I get the following message:
Fatal error: Uncaught exception ‘Symfony\Component\Routing\Exception\RouteNotFoundException’ with message ‘Unable to generate a URL for the named route “_security_logout” as such route does not exist.’
That is not the entire message but the rest only referes to some cache files. Do you know what could have gone wrong?
You have to define a route named “_security_logout”, which directs to your logout URL. Well, I should make that route name configureable…
Another solution is overwriting the template SchebTwoFactorBundle:Authentication:form.html.twig
jep both solutions work thanks!
I have the same problem, I get on the route /2fa the error “User is not in a two-factor authentication process.” I use FOSUserBundle and try to integrate your SchebTwoFactorBundle.
In the FormController, $token denies to be an instance of TwoFactorTokenInterface. But why? Could you show me, how the $token should looks like? Or give me another hint? I found different settings for the config.yml, can you show me an example of the config with using the FOSUserBundle and SchebTwoFactorBundle?
Thanks a lot!
If you’re not in a two-factor authentication process, then how’s the application redirecting to the /2fa route? The bundle would only do that if a TwoFactorToken is present. Could it be that you’re always redirecting to that route after the login, even when the user doesn’t need to do two-factor authentication?
Wenn ich das ganze über composer installiert habe (ins vendor verzeichnis) bekomme ich folgende nachricht beim versuch das ganze in die AppKernel.php zu integrieren:
Fatal error: Class ‘Scheb\TwoFactorBundle\SchebTwoFactorBundle’ not found in
Betriebssystem ist Windows
Ist Composer up-to-date? Das Bundle verwendet den PSR-4 Autoloader, der erst kürzlich in Composer integriert wurde.
ausführen, vielleicht hilft das ja.
war wahrscheinlich die alte version. danke
Great bundle, thanks so much.
For a new project that I am working on, the user data is not stored in the database; user information is accessed via an external webservice and then pushed into the user object for authentication.
I understand that data, such as authorisation code, needs to be persisted for the two factor authentication to work. I was just wondering if you have any advice on the approach I could take to implement this?
unfortunately the bundle depends on the user entity being stored by Doctrine. I’ve already thought about decoupling the bundle from Doctrine, but this is not done yet. I’ll take a look at it.
Hope this helps:
Hey Christian, I run into a problem when trying to cancel the authentication. I used the form override method and let the cancel button direct the user to \logout. however, this does not result in the user being shown the login page again. in fact, I cannot get rid of the authentication secreen from that moment on, no matter to what I change the URL. \login, \logout etc. all show the authentication screen where I have to put in the code.
Well, that’s strange. Usually the logout security listener should be invoked before two-factor listener. Must have something to do with the security configuration. Or maybe they changed something on the listener priorities. Which version of Symfony are you using? Which version of the SchebTwoFactorBundle?
You could try upgrading to version 1.2.0 and exclude the logout route with the
Tested in my local environment with the same configuration and it worked.
From what I can see in the log, the event propagation of
kernel.requestis stopped by the firewall. Then the RequestListener of the bundle won’t be called. So you have to find out why this isn’t working the same way in your environment. I don’t know what it is, but I guess it must be something with the firewall configuration in security.yml.
How the user can turn on and off in the settings of your account two-factor authorization?
I think I understand.
But how can I use multiple parallel two-factor?
That is, the user sequentially through several checks.