Best laravel framework open-source packages.

Updated 3 months ago

h1. GoogleAuthenticate plugin

Plugin containing Google 2 step authenticate class for AuthComponent.

Includes libs from https://github.com/chregu/GoogleAuthenticator.php with some minor adjustments

h2. Requirements

  • PHP 5.3
  • CakePHP 2.x

h2. Installation

[Manual]

Unzip that download.

Copy the resulting folder to app/Plugin

Rename the folder you just copied to GoogleAuthenticate

[GIT Submodule]

In your app directory type:

git submodule add git://github.com/ceeram/GoogleAuthenticate.git Plugin/GoogleAuthenticate
git submodule init
git submodule update

[GIT Clone]

In your plugin directory type

git clone git://github.com/ceeram/GoogleAuthenticate.git GoogleAuthenticate

h2. Usage

In app/Config/bootstrap.php add: CakePlugin::load('GoogleAuthenticate');

h2. Configuration:

Setup the authentication class settings. You dont need Form authenticate anymore, as it will only check the code if secret field in users table is not empty. If secret field is empty, it will behave like normal Form authenticate.

If you would combine Google 2 step with Form, make sure you set a scope on your Form authenticate

'scope' => array('User.secret' => null)

Example for GoogleAuthenticate:


    //in $components
    public $components = array(
        'Auth' => array(
            'authenticate' => array(
                'GoogleAuthenticate.Google' => array(
                    'fields' => array(
			'username' => 'username',
			'password' => 'password',
			'code' => 'code',//fieldname in form
			'secret' => 'secret'//fieldname in table
		),
		'userModel' => 'User',
		'scope' => array()
                )
            )
        )
    );
    //Or in beforeFilter()
    $this->Auth->authenticate = array(
        'GoogleAuthenticate.Google' => array(
            'fields' => array(
			'username' => 'username',
			'password' => 'password',
			'code' => 'code',
			'secret' => 'secret'
		),
		'userModel' => 'User',
		'scope' => array()
        )
    );

h2. Usage

Above configuration is what is needed to be able to login using the adapter. You need to generate a secret code and store it in your users table.

You can show the secret code to the user, or display a QRcode.

Here is an example action in UsersController which handles all this:


/**
 * Displays secret code and QRcode for the user account.
 * Will create a secret, if not set in users table
 *
 * Also handles removal of secret from database with Form->postLink(), to allow normal login again.
 *
 * To generate a different secret, browse to http://domain.com/users/secret/renew
 *
 * @return void
 */
	public function secret($renew = null) {
		$this->User->id = $this->Auth->user('id');
		if ($this->request->is('post')) {
			$this->User->saveField('secret', null);
			$this->redirect(array('action' => 'view', $this->User->id));
		}

		App::uses('GoogleAuthenticator', 'GoogleAuthenticate.Lib');
		$Google = new GoogleAuthenticator();

		$secret = $this->User->field('secret');
		if (!$secret || $renew == 'renew') {
			$secret = $Google->generateSecret();
			$this->User->saveField('secret', $secret);
		}

		$url = $Google->getUrl($secret, $this->Auth->user('username'), 'example.com');

		$this->set(compact('secret', 'url'));
	}

And the secret.ctp view template for this action would be:


Enter this code manually:
Or scan the QRcode: Html->image($url);?>

  • Html->link('Generate different secret', array('action' => 'secret', 'renew'));?>
  • Form->postLink('Remove secret');?>

h2. License (unless otherwise stated in the files)

Copyright (c) 2012 Ceeram

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

h2. Other licenses:

Lib/GoogleAuthenticator.php Apache License, Version 2.0