This package was a part of sicaboy/laravel-security. Later moved to this separated repository.
This package provides a Middleware to protect pages with MFA in your Laravel projects.
Requirements:
To get the latest version of Laravel MFA, simply run:
composer require sicaboy/laravel-mfa
Then do vendor publish:
php artisan vendor:publish --provider="Sicaboy\LaravelMFA\LaravelMFAServiceProvider"
After publishing, you can modify templates and config in:
app/config/laravel-mfa.php
resources/views/vendor/laravel-mfa/
If you're on Laravel < 5.5, you'll need to register the service provider. Open up config/app.php and add the following to the providers array:
Siaboy\LaravelMFA\LaravelMFAServiceProvider::class,Attach the middleware to your routes to protect your pages.
Route::middleware(['mfa'])->group(function () {
...
});If you use different Auth objects, for example user auth and admin auth, you can apply following to enable MFA for admin pages.
- Attach the middleware to your routes.
Route::middleware(['mfa:admin'])->group(function () {
...
});- Add a group in your config file
config/laravel-mfa.php
return [
'default' => [
...
],
'group'
'admin' => [ // Example, when using middleware 'mfa:admin'. Attributes not mentioned will be inherit from `default` above
'login_route' => 'admin.login',
'auth_user_closure' => function() {
return \Encore\Admin\Facades\Admin::user();
},
],
'other_name' => [ // Middleware 'mfa:other_name'
...
]
],If your application has a artisan queue:work daemon running, you can send auth code in a queue by changing the config.
return [
'default' => [
...
'email' => [
'queue' => true,
...
]
]
]- Switch on MFA on specific users (DB field-based)
Please see CHANGELOG for more information on what has changed recently.
Please feel free to fork this package and contribute by submitting a pull request to enhance the functionalities.
The MIT License (MIT). Please see License File for more information.