• Extensions

  • 2FA - Two Factor Authentication with TOTP

2FA

License Latest Stable Version Total Downloads

A Flarum extension. 2FA for Flarum

Requirements

This extension requires a minimum of PHP 8.1, due to a 3rd party library constraint.

Features

  • Enforces admin accounts to have 2FA enabled for increased security
  • Configure which additional user groups should also be enforced
  • Supports all common authentication apps
  • Protects login, forgot password endpoints
  • Integrates with fof/oauth to protect OAuth logins to protected accounts
  • 2FA Enabled/Disabled notifications
  • 2FA Status page
  • Backup/recovery codes

Installation

Install with composer:

composer require ianm/twofactor:"*"

Updating

composer update ianm/twofactor
php flarum migrate
php flarum cache:clear

Screenshots

QR Code setup

qr-code-setup

Manual setup

manual setup

Security tab integration

security tab integration

Enabled/Disabled notifications

notifications

Admin user list status icon

userlist

Links

    Just downloaded it but I am getting an issue, where if I click on verify, the account gets verified but the window for verification and the banner doesn't disappear without refreshing the page.

    Also, the logo should be taken as the favicon, so that it's transparent instead of a screenshot.

    @IanM

    • IanM replied to this.

      Derbosik yes, I found this a few minutes ago as well. I'm already working on a fix.

      This only happens when you start the setup from the banner on the forum, if you start from the user security page, all is fine.

      An update will follow ASAP

          IanM Will you implement the icon that is set when using the adminpanel too? ( I am unable to scan the QR code with the logo so big because of the background there 😃 )

          • IanM replied to this.

              IanM The icon used for the icon setting is taken like a screenshot? It seems like it.
              It's not transparent and takes up 90% of the QR code as it's a square for me, because of my icon being square-shaped.

              • IanM replied to this.

                  Derbosik Oh I see.

                  The icon is rendered as part of the SVG generation for the QR code. We can set height/width limits for this, so we can account for different icon sizes/shapes. I'll include those settings

                    1.0.1

                    Fixes
                    • Unable to close/complete the setup 2FA model when starting from the ContainerAlert (Derbosik )
                    • Unable to specify the size of the forum logo used on the QR code
                    Updating
                    composer update ianm/twofactor
php flarum cache:clear

                      HD3D Thanks for the wonderful extension

                      You're welcome 🙂

                      HD3D Is it possible to migrate from https://github.com/Nearata/flarum-ext-twofactor ?

                      The short answer is "no", but the longer answer is "probably"...

                      Having a brief look at the code for that extension, it should be technically possible to migrate the data over by creating a custom CLI command to take the values stored by that extension, convert them to the format expected by this one, then store the revised data.

                      If you are only talking a handful of users, then it may be easier to simply get those users to setup 2FA again once you've disabled the old extension and enabled this one. If on the other hand we are talking 100's, 1000's or more users, then it would be worth perhaps looking at getting this tool implemented.

                          Any way to make the logo transparent?

                          Also, the fix for the menu not disappearing after verifying is not working. Tried updating and reinstalling.

                          @IanM

                          • IanM replied to this.

                            1.0.2

                            Updating
                            composer update ianm/twofactor
php flarum cache:clear

                            Derbosik Any way to make the logo transparent?

                            Why would you want the logo transparent, when it's supposed to punch out the centre of the QR code?

                            Anyhow, I've created an issue (imorland/flarum-ext-twofactor8) to implement an image uploader for the QR logo, rather than re-using the forum logo. I'll implement that as soon as I have time.

                            Derbosik Also, the fix for the menu not disappearing after verifying is not working. Tried updating and reinstalling.

                            I cannot replicate the problem anymore (since 1.0.1 anyway). Are you sure you cleared the cache?

                            If that does not help, please provide exact steps to replicate the issue and I'll take another look at it.

                                Nice!

                                Hopefully we will get Yubikey/Hardwallets support in the future as well.

                                  1.0.3

                                  Updating
                                  composer update ianm/twofactor
php flarum cache:clear

                                  It works now, but after closing the Backup Codes popup, the banner is not removed.

                                  batato Hopefully we will get Yubikey/Hardwallets support in the future as well.

                                  this would be great!

                                    a month later

                                    after i installed this my flarum site is not working
                                    im getting this error

                                    Flarum encountered a boot error. Details have been logged to the Flarum log file.

                                    may i know how i can uninstall this ?

                                    • IanM replied to this.

                                      1.0.4

                                      This was caused by an issue with the Conditional extender in flarum/core instantiating the conditional extenders when the condition was false. A fix for this will be made available soon (flarum/framework3898)

                                      Updating
                                      composer update ianm/twofactor
php flarum cache:clear
                                      • IanM replied to this.

                                        Abhinaytrader

                                        Without seeing the logfile, it's difficult to say what the issue is, but my guess would be that you don't have fof/oauth installed on your forum? This is an optional dependency, but was causing a boot error when not installed.

                                        If that's the case, then updating 2FA to the latest version 1.0.4 will solve your issue, otherwise you can remove 2FA with this command:

                                        composer remove ianm/twofactor

                                        Please provide the error from your logfile if you'd like me to look into the problem further..