ianm / twofactor
2FA for Flarum
Fund package maintenance!
www.buymeacoffee.com/ianm1
Installs: 3 991
Dependents: 0
Suggesters: 0
Security: 0
Stars: 4
Watchers: 1
Forks: 1
Open Issues: 8
Type:flarum-extension
Requires
- php: ^8.1
- endroid/qr-code: ^4.8
- flarum/core: ^1.8.3
- spomky-labs/otphp: ^11.2
Requires (Dev)
- blomstra/turnstile: *
- flarum/gdpr: dev-main
- flarum/phpstan: ^1.8
- flarum/testing: ^1.8.0
- fof/oauth: *
- sycho/flarum-private-facade: ^0.1.16
README
A Flarum extension. 2FA for Flarum
Requirements
This extension requires a minimum of PHP 8.1, due to a 3rd party library constraint.
Features
- Enforces
admin
accounts to have 2FA enabled for increased security - Configure which additional user groups should also be enforced
- Supports all common authentication apps
- Protects
login
,forgot password
endpoints - Integrates with
fof/oauth
to protect OAuth logins to protected accounts - 2FA Enabled/Disabled notifications
- 2FA Status page
- Backup/recovery codes
- Option to revoke dormant access tokens after X days of no usage
Permissions
This extension provides the ability to view the status of 2FA of other users (intended for admin and/or moderator use). In order for this to function correctly, you must also set the permission Moderate Access Tokens
to at least the same group as you require for View 2FA status of other users
.
Installation
Install with composer:
composer require ianm/twofactor:"*"
Updating
composer update ianm/twofactor php flarum migrate php flarum cache:clear
Usage
CLI
Independantly of the setting, you may remove dormant access tokens using the CLI. The days setting defaults to 30 days, and the CLI will still respect this value from the extension settings, as well as the developer token setting:
php flarum twofactor:kill-inactive-tokens
TODO
Screenshots
QR Code setup
Manual setup
Security tab integration
Enabled/Disabled notifications
Admin user list status icon
Links
Support
Please consider supporting my extension development and maintenance work.