In the last days SchebTwoFactorBundle has received some major updates. The current version is v0.3.0. I want to give you a brief overview of what has changed and how to use those features.
The biggest change so far was the refactoring of the authentication layer. I’ve removed a bunch of duplicate code and implemented an abstract interface for the two-factor authentication, which can be extended with any kind of authentication method. This enables the users of the bundle to implement their own authentication methods quite easily. Take a look at the documentation how it works.
Besides this I’ve added a “trusted computer” feature, that has been suggested by a contributor. An optional checkbox is shown in the authentication form, which makes it possible to flag your machine as “trusted”. Then the whole two-factor process will be skipped once you’ve completed the authentication process. The feature supports multiple computers and multiple users on the same machine.
I hope those features are useful and they help to secure your projects with an two-factor mechanism that’s easy to implement.
9 thoughts on “New features in my two-factor authentication bundle”
Hi, this looks pretty good, and easy to use. I plan on using this to integrate google authenticator into my employers’ application. I do however run into an issue where the QR code does not load when using https and a referer is set. When i replace http://www.google.com with chart.googleapis.com the image does load properly. I implemented a quick and dirty fix by using str_replace in the controller, but i am wondering if i am missing something here.
Strangely this is working for me in my local dev environment, even when I’m using HTTPS. The URL is accually generated by sonata-project/google-authenticator-bundle, so maybe they have an issue about this. As a quick fix your solution with str_replace seems to be sufficient.
Have fun with the bundle.
first off, thanks for you great work, I’m testing your bundle and really loving it.
I’m now writing a new provider, I registered it with the following YML:
but I get this error:
InvalidConfigurationException in ArrayNode.php line 317:
Unrecognized option “multiple” under “scheb_two_factor”
Could you tell me what am I doing wrong?
You need to put the configuration into the “services” node, not the “scheb_two_factor” node. Like this:
Hello and thank you for having build this bundle.
I have installed it. I’m using FOSUserbundle.
I’m sorry for this question but now what Have I to do to make it working ?
I have edited my config.yml file to enable Google Authentificator.
I have editer my User class as it should be according to the doc of your bundle.
and now what Have I to do to make it working ? I don’t hope a detailled answer from you but if you can throw me on the good way it would be nice. Have I to create a Helper class or an activeLoginListener ?
Thank you for any help.
The main question I’m asking to my self is: Have I to overide the FOSUser loginAction to add some logic for generating a secret code etc ? Or the bundle does it for me ?
Thank you in advance for any help
You have to something to the account settings for the user to enable the Google Authenticator if they want to. When the user wants to enable it, you should generate a secret code, show it to the user so they can add it in the Google Authenticator app and permanently store that secret code in the user entity. The secret code then needs to be returned from the getGoogleAuthenticatorSecret() method, which comes with the interface that you need to implement in the user entity class. Then, when the user has enabled it and the secret is returned properly from that method, the bundle should automatically request two-factor authentication from the user after login.
Quick question for you. I’m trying to implement U2F (using r/u2f-two-factor-bundle), which in turn uses the scheb/two-factor-bundle. Is it possible to setup a “fallback” so that if the user isn’t using Chrome or doesn’t have their U2F device, that I could fall back to Google Auth? Right now, if I setup both, that means both have to be entered at login.
It would be awesome to have the option of using U2F, or if that won’t work, fallback to Google Auth, and if that doesn’t work, fallback to SMS, for example.
switching the authentication method is not supported by the bundle. I planning to do a rewrite of the bundle, so let’s see what I can do.