ceeram/google-authenticate

CakePHP plugin with Google 2 step authentication class for AuthComponent.

dev-master 2012-09-13 15:48 UTC

This package is auto-updated.

Last update: 2024-10-13 10:11:17 UTC


README

Plugin containing Google 2 step authenticate class for AuthComponent.

Includes libs from https://github.com/chregu/GoogleAuthenticator.php with some minor adjustments

Requirements

  • PHP 5.3
  • CakePHP 2.x

Installation

[Manual]

  1. Download this: http://github.com/ceeram/GoogleAuthenticate/zipball/master
  2. Unzip that download.
  3. Copy the resulting folder to app/Plugin
  4. Rename the folder you just copied to GoogleAuthenticate

[GIT Submodule]

In your app directory type:

git submodule add git://github.com/ceeram/GoogleAuthenticate.git Plugin/GoogleAuthenticate
git submodule init
git submodule update

[GIT Clone]

In your plugin directory type

git clone git://github.com/ceeram/GoogleAuthenticate.git GoogleAuthenticate

Usage

In app/Config/bootstrap.php add: CakePlugin::load(‘GoogleAuthenticate’);

Configuration:

Setup the authentication class settings.
You dont need Form authenticate anymore, as it will only check the code if secret field in users table is not empty.
If secret field is empty, it will behave like normal Form authenticate.

If you would combine Google 2 step with Form, make sure you set a scope on your Form authenticate

'scope' => array('User.secret' => null)

Example for GoogleAuthenticate:


    //in $components
    public $components = array(
        'Auth' => array(
            'authenticate' => array(
                'GoogleAuthenticate.Google' => array(
                    'fields' => array(
			'username' => 'username',
			'password' => 'password',
			'code' => 'code',//fieldname in form
			'secret' => 'secret'//fieldname in table
		),
		'userModel' => 'User',
		'scope' => array()
                )
            )
        )
    );
    //Or in beforeFilter()
    $this->Auth->authenticate = array(
        'GoogleAuthenticate.Google' => array(
            'fields' => array(
			'username' => 'username',
			'password' => 'password',
			'code' => 'code',
			'secret' => 'secret'
		),
		'userModel' => 'User',
		'scope' => array()
        )
    );

Usage

Above configuration is what is needed to be able to login using the adapter.
You need to generate a secret code and store it in your users table.

You can show the secret code to the user, or display a QRcode.

Here is an example action in UsersController which handles all this:


/**
 * Displays secret code and QRcode for the user account.
 * Will create a secret, if not set in users table
 *
 * Also handles removal of secret from database with Form->postLink(), to allow normal login again.
 *
 * To generate a different secret, browse to http://domain.com/users/secret/renew
 *
 * @return void
 */
	public function secret($renew = null) {
		$this->User->id = $this->Auth->user('id');
		if ($this->request->is('post')) {
			$this->User->saveField('secret', null);
			$this->redirect(array('action' => 'view', $this->User->id));
		}

		App::uses('GoogleAuthenticator', 'GoogleAuthenticate.Lib');
		$Google = new GoogleAuthenticator();

		$secret = $this->User->field('secret');
		if (!$secret || $renew == 'renew') {
			$secret = $Google->generateSecret();
			$this->User->saveField('secret', $secret);
		}

		$url = $Google->getUrl($secret, $this->Auth->user('username'), 'example.com');

		$this->set(compact('secret', 'url'));
	}

And the secret.ctp view template for this action would be:


<div class="users secret">
	<h2><?php echo __('Google secret'); ?></h2>
	<div>Enter this code manually: <?php echo $secret;?></div>
	<div>Or scan the QRcode: <?php echo $this->Html->image($url);?></div>
</div>
<div class="actions">
	<h3><?php echo __('Actions'); ?></h3>
	<ul>
		<li><?php echo $this->Html->link('Generate different secret', array('action' => 'secret', 'renew'));?></li>
		<li><?php echo $this->Form->postLink('Remove secret');?></li>
	</ul>
</div>

License (unless otherwise stated in the files)

Copyright © 2012 Ceeram

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the “Software”), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

Other licenses:

Lib/GoogleAuthenticator.php
Apache License, Version 2.0