Say Hello to SchebTwoFactorBundle

I’ve recently done some posts about how to integrate two-factor authentication and Google Authenticator into Symfony2. I thought to myself “Why not make a bundle from it?” and that’s what i did: Say hello to SchebTwoFactorBundle. Now it’s dead simple to add two-factor authentication to your own website. Add the bundle via Composer and enable the authentication method you want.

Currently it supports both the email and the Google Authenticator method I’ve blogged about. It already has some features for customization, but I’m thinking about making it more flexible. Maybe some generic two-factor implementation, which allows you to plug in different kinds of two-factor modules.

 

19 thoughts on “Say Hello to SchebTwoFactorBundle

  • January 22, 2014 at 01:49
    Permalink

    Hi – I tried to use your Bundle: SchebTwoFactorBundle

    Does it work with FOS User Bundle?

    I have installed and configured correctly but nothing happens after usual login form.

    Any tips?

    Thanks

    Walter

    Reply
  • January 22, 2014 at 20:16
    Permalink

    FOSUserBundle works for me.

    Maybe you forgot to implement an interfaces (from the Scheb\TwoFactorBundle\Model namespace) in your user class?

    If that’s not the problem, does your user entity have two-factor authentication enabled? To enable Google Authenticator getGoogleAuthenticatorSecret() has to return a secret. To enable the email authenticator the method isEmailAuthEnabled() must return true.

    Hope one of those can fix it.

    Reply
    • March 8, 2014 at 00:21
      Permalink

      is there anything else i need to do besides follow the installation/configuration documentation when using FOSUserBundle?

      I get my login screen just as it used to be but once I try to login I get the following message:
      Fatal error: Uncaught exception ‘Symfony\Component\Routing\Exception\RouteNotFoundException’ with message ‘Unable to generate a URL for the named route “_security_logout” as such route does not exist.’

      That is not the entire message but the rest only referes to some cache files. Do you know what could have gone wrong?

      Reply
      • March 8, 2014 at 16:05
        Permalink

        You have to define a route named “_security_logout”, which directs to your logout URL. Well, I should make that route name configureable…

        Another solution is overwriting the template SchebTwoFactorBundle:Authentication:form.html.twig

        Reply
        • March 10, 2014 at 20:15
          Permalink

          jep both solutions work thanks!

          Reply
    • September 10, 2019 at 16:25
      Permalink

      Dear Christian

      I have the same problem, I get on the route /2fa the error “User is not in a two-factor authentication process.” I use FOSUserBundle and try to integrate your SchebTwoFactorBundle.
      In the FormController, $token denies to be an instance of TwoFactorTokenInterface. But why? Could you show me, how the $token should looks like? Or give me another hint? I found different settings for the config.yml, can you show me an example of the config with using the FOSUserBundle and SchebTwoFactorBundle?
      Thanks a lot!

      Beste regards
      Michael

      Reply
      • September 10, 2019 at 19:14
        Permalink

        If you’re not in a two-factor authentication process, then how’s the application redirecting to the /2fa route? The bundle would only do that if a TwoFactorToken is present. Could it be that you’re always redirecting to that route after the login, even when the user doesn’t need to do two-factor authentication?

        Reply
  • March 7, 2014 at 16:04
    Permalink

    Wenn ich das ganze über composer installiert habe (ins vendor verzeichnis) bekomme ich folgende nachricht beim versuch das ganze in die AppKernel.php zu integrieren:

    Fatal error: Class ‘Scheb\TwoFactorBundle\SchebTwoFactorBundle’ not found in

    Any suggestions?
    Betriebssystem ist Windows

    Reply
  • March 7, 2014 at 17:47
    Permalink

    Ist Composer up-to-date? Das Bundle verwendet den PSR-4 Autoloader, der erst kürzlich in Composer integriert wurde.

    Ansonsten mal

    composer dump-autoload

    ausführen, vielleicht hilft das ja.

    Reply
    • March 8, 2014 at 00:12
      Permalink

      war wahrscheinlich die alte version. danke

      Reply
  • July 9, 2014 at 09:50
    Permalink

    Hi Christian,

    Great bundle, thanks so much.

    For a new project that I am working on, the user data is not stored in the database; user information is accessed via an external webservice and then pushed into the user object for authentication.

    I understand that data, such as authorisation code, needs to be persisted for the two factor authentication to work. I was just wondering if you have any advice on the approach I could take to implement this?

    Thanks,
    Matt

    Reply
  • August 4, 2014 at 19:18
    Permalink

    Hey Christian, I run into a problem when trying to cancel the authentication. I used the form override method and let the cancel button direct the user to \logout. however, this does not result in the user being shown the login page again. in fact, I cannot get rid of the authentication secreen from that moment on, no matter to what I change the URL. \login, \logout etc. all show the authentication screen where I have to put in the code.

    Reply
    • August 4, 2014 at 19:44
      Permalink

      Well, that’s strange. Usually the logout security listener should be invoked before two-factor listener. Must have something to do with the security configuration. Or maybe they changed something on the listener priorities. Which version of Symfony are you using? Which version of the SchebTwoFactorBundle?

      You could try upgrading to version 1.2.0 and exclude the logout route with the exclude_path configuration option.

      Reply
      • August 5, 2014 at 14:09
        Permalink

        symfony: 2.3.18
        schebtwofactorBundle: 1.2.0

        Reply
        • August 6, 2014 at 18:51
          Permalink

          Tested in my local environment with the same configuration and it worked.

          From what I can see in the log, the event propagation of kernel.request is stopped by the firewall. Then the RequestListener of the bundle won’t be called. So you have to find out why this isn’t working the same way in your environment. I don’t know what it is, but I guess it must be something with the firewall configuration in security.yml.

          DEBUG - Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request".
          DEBUG - Listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest" was not called for event "kernel.request".
          DEBUG - Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request".
          DEBUG - Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request".
          DEBUG - Listener "Prezent\Doctrine\TranslatableBundle\EventListener\LocaleListener::onKernelRequest" was not called for event "kernel.request".
          DEBUG - Listener "Scheb\TwoFactorBundle\Security\TwoFactor\EventListener\RequestListener::onCoreRequest" was not called for event "kernel.request".
          DEBUG - Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". 
          
          Reply
  • September 21, 2016 at 01:20
    Permalink

    hi.
    How the user can turn on and off in the settings of your account two-factor authorization?

    Reply
    • September 21, 2016 at 01:24
      Permalink

      I think I understand.

      But how can I use multiple parallel two-factor?

      That is, the user sequentially through several checks.

      Reply

Leave a Reply to Michael Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.