{"id":21372999,"url":"https://github.com/hiqdev/yii2-mfa","last_synced_at":"2025-06-27T06:39:35.687Z","repository":{"id":47858356,"uuid":"71390022","full_name":"hiqdev/yii2-mfa","owner":"hiqdev","description":"Yii2 module providing multi-factor authentication","archived":false,"fork":false,"pushed_at":"2021-08-12T09:50:56.000Z","size":85,"stargazers_count":9,"open_issues_count":2,"forks_count":5,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-05-28T05:17:30.644Z","etag":null,"topics":["hacktoberfest"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hiqdev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-19T19:02:21.000Z","updated_at":"2025-03-15T20:58:31.000Z","dependencies_parsed_at":"2022-08-31T17:14:42.381Z","dependency_job_id":null,"html_url":"https://github.com/hiqdev/yii2-mfa","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/hiqdev/yii2-mfa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hiqdev%2Fyii2-mfa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hiqdev%2Fyii2-mfa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hiqdev%2Fyii2-mfa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hiqdev%2Fyii2-mfa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hiqdev","download_url":"https://codeload.github.com/hiqdev/yii2-mfa/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hiqdev%2Fyii2-mfa/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262209660,"owners_count":23275471,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest"],"created_at":"2024-11-22T08:24:29.963Z","updated_at":"2025-06-27T06:39:35.661Z","avatar_url":"https://github.com/hiqdev.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Yii2 MFA\n\n**Multi-factor authentication for Yii2 projects**\n\n[![Latest Stable Version](https://poser.pugx.org/hiqdev/yii2-mfa/v/stable)](https://packagist.org/packages/hiqdev/yii2-mfa)\n[![Total Downloads](https://poser.pugx.org/hiqdev/yii2-mfa/downloads)](https://packagist.org/packages/hiqdev/yii2-mfa)\n[![Build Status](https://img.shields.io/travis/hiqdev/yii2-mfa.svg)](https://travis-ci.org/hiqdev/yii2-mfa)\n[![Scrutinizer Code Coverage](https://img.shields.io/scrutinizer/coverage/g/hiqdev/yii2-mfa.svg)](https://scrutinizer-ci.com/g/hiqdev/yii2-mfa/)\n[![Scrutinizer Code Quality](https://img.shields.io/scrutinizer/g/hiqdev/yii2-mfa.svg)](https://scrutinizer-ci.com/g/hiqdev/yii2-mfa/)\n[![Dependency Status](https://www.versioneye.com/php/hiqdev:yii2-mfa/dev-master/badge.svg)](https://www.versioneye.com/php/hiqdev:yii2-mfa/dev-master)\n\nThis package provides:\n\n- [TOTP] - Time-based One-time Password Algorithm used for two factor authentication\n- checking for user allowed IPs\n- generation and checking recovery codes (PLANNED)\n\nUses:\n\n- [robthree/twofactorauth] for TOTP\n- [hiqdev/php-confirmator] for confirmation tokens\n\nCan be plugged into any exising Yii2 project.\nSee how it is used in [hiqdev/hiam].\n\n[TOTP]: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm\n[robthree/twofactorauth]: https://github.com/robthree/twofactorauth\n[hiqdev/php-confirmator]: https://github.com/hiqdev/php-confirmator\n[hiqdev/hiam]: https://github.com/hiqdev/hiam\n\n## Installation\n\nThe preferred way to install this yii2-extension is through [composer](http://getcomposer.org/download/).\n\nEither run\n\n```sh\nphp composer.phar require \"hiqdev/yii2-mfa\"\n```\n\nor add\n\n```json\n\"hiqdev/yii2-mfa\": \"*\"\n```\n\nto the require section of your composer.json.\n\n## Configuration\n\nThis extension provides pluggable configuration to be used with [composer-config-plugin].\n\nAlso you can use it usual way by copy-pasting config.\nSee [src/config/web.php] for configuration example.\n\nAvailable configuration parameters:\n\n- `organization.name`\n\nFor more details please see [src/config/params.php].\n\n[composer-config-plugin]: https://github.com/hiqdev/composer-config-plugin\n[src/config/params.php]: src/config/params.php\n[src/config/web.php]: src/config/web.php\n\n## Usage\n\nThis plugin provides behavior and configuration attaches it\nto user component on `beforeLogin` event.\nAnd then the behavior validates IPs and TOTP on every login.\n\nTo use this plugin you have to instantiate your `\\Yii-\u003eapp-\u003euser-\u003eidentity` class from\n`hiqdev\\yii2\\mfa\\base\\MfaIdentityInterface` and implement all of the methods,\nwhich will return or set MFA properties. For example:\n\n use hiqdev\\yii2\\mfa\\base\\MfaIdentityInterface;\n\n class Identity implements MfaIdentityInterface\n {\n ...\n\n /**\n * @inheritDoc\n */\n public function getUsername(): string\n {\n return $this-\u003eusername;\n }\n\n /**\n * @inheritDoc\n */\n public function getTotpSecret(): string\n {\n return $this-\u003etotp_secret ?? '';\n }\n\n ...\n\nIPs and TOTP functions are independent and you can provide just one of properties to have only\ncorresponding functionality.\n\n## Usage with OAuth2\n\nAlso there is a configuration to provide MFA for OAuth2.\n\n - Require suggested `\"bshaffer/oauth2-server-php\": '~1.7'` package\n\n - Use `hiqdev\\yii2\\mfa\\GrantType\\UserCredentials` for configuring `/oauth/token` command via totp code.\nFor example:\n\n\n 'modules' =\u003e [\n 'oauth2' =\u003e [\n 'grantTypes' =\u003e [\n 'user_credentials' =\u003e [\n 'class' =\u003e \\hiqdev\\yii2\\mfa\\GrantType\\UserCredentials::class,\n ],\n ],\n ],\n ]\n\n - Extend you `Identity` class from `ApiMfaIdentityInterface`.\n\n - Use actions:\n\n\n POST /mfa/totp/api-temporary-secret - Proviedes temporary secret to generate QR-code\n POST /mfa/totp/api-enable - Enables totp\n POST /mfa/totp/api-disable - Disables totp\n\n\n## Back redirection\n\nFor any MFA route, you can add a GET param `?back=https://some.site.com`.\nIt will redirect the user after a successful operation to the needed site.\nTo avoid open redirect vulnerability, you need to validate the `back` param.\n\nIt should be done with `\\hiqdev\\yii2\\mfa\\validator\\BackUrlValidatorInterface` which has a default implementation.\nYou have to create your own and reinitialize it with the container definition:\n\nconfig/web.php:\n\n\u003cpre\u003e\n'container' =\u003e [\n 'singletons' =\u003e [\n \\hiqdev\\yii2\\mfa\\validator\\BackUrlValidatorInterface::class =\u003e \\your\\own\\validator::class,\n ],\n],\n\u003c/pre\u003e\n\n## License\n\nThis project is released under the terms of the BSD-3-Clause [license](LICENSE).\nRead more [here](http://choosealicense.com/licenses/bsd-3-clause).\n\nCopyright © 2016-2018, HiQDev (http://hiqdev.com/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhiqdev%2Fyii2-mfa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhiqdev%2Fyii2-mfa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhiqdev%2Fyii2-mfa/lists"}