This Symfony bundle provides two-factor authentication for your website. Currently it is shipped with two authentication methods:
- Google Authenticator (via sonata-project/google-authenticator)
- Authentication code sent via email
In addition to this it provides an interface for implementing your own custom two-factor authentication methods.
Compatibility: Use bundle version 1.x for Symfony < 2.6.
In this version of the bundle it was possible to bypass two-factor authentication when the remember-me option is available on the login form. (#253)
After the initial login happened, the user is already fully authenticated to the Symfony security layer. The bundle then prevents access to secured and non-secured content by intercepting any request and showing the two-factor authentication form instead.
If you execute code based on the authentication status, make sure to take the two-factor status into account. This can
be done by checking access with isGranted (security voter has to be registered, see
configuration).
Warning: Just doing a getUser on security.token_storage (or the old security.context) is not secure. You will
get a user object even when two-factor authentication is not complete yet.
The documentation can be found in the Resources/doc directory.
You're welcome to contribute to this bundle by creating a pull requests or feature request in the issues section.
Besides new features, translations are highly welcome.
This bundle is available under the MIT license.