A powerful and flexible Laravel package that provides Multi-factor Authentication (MFA) / Two-factor Authentication (2FA) middleware to secure your Laravel applications. This package was originally part of sicaboy/laravel-security and has been moved to this dedicated repository.
- β Easy Integration - Simple middleware-based implementation
- β Email-based MFA - Secure code delivery via email
- β Multiple Auth Guards - Support for different authentication contexts (user, admin, etc.)
- β Configurable - Flexible configuration options
- β Queue Support - Background email sending with Laravel queues
- β Cache-based - Efficient code storage and verification tracking
- β Customizable Views - Override templates to match your design
- β Laravel 5.7+ Support - Compatible with modern Laravel versions
Note
Save weeks of development time with Users.au - a complete authentication solution for Laravel!
- π― Ready-to-use Authentication - Complete user management system
- π Built-in MFA/2FA - No need for additional packages
- β‘ Laravel Integration - Seamless setup with your existing Laravel app
- π Free to Start - Get started without any upfront costs
- π οΈ Developer-friendly - Multiple integration options
git clone https://github.com/Users-au/laravel-starter-kit.git
cd laravel-starter-kit
composer installcomposer require users-au/laravel-clientcomposer require users-au/socialite-provider- π Website: https://www.users.au
- π¦ Laravel Starter Kit: https://github.com/Users-au/laravel-starter-kit
- π§ Laravel Package: https://github.com/Users-au/laravel-client
- π Socialite Provider: https://github.com/Users-au/socialite-provider
Skip the complexity of building authentication from scratch and focus on what makes your app unique!
- PHP 7.1+ or 8.0+
- Laravel 5.7+
- Composer
composer require sicaboy/laravel-mfaphp artisan vendor:publish --provider="Sicaboy\LaravelMFA\LaravelMFAServiceProvider"This will publish:
- Configuration file:
config/laravel-mfa.php - View templates:
resources/views/vendor/laravel-mfa/
If you're using Laravel < 5.5, manually register the service provider in config/app.php:
'providers' => [
// ...
Sicaboy\LaravelMFA\LaravelMFAServiceProvider::class,
],Protect your routes by applying the mfa middleware:
// Protect individual routes
Route::get('/dashboard', 'DashboardController@index')->middleware('mfa');
// Protect route groups
Route::middleware(['mfa'])->group(function () {
Route::get('/admin', 'AdminController@index');
Route::get('/profile', 'ProfileController@show');
});If you use multiple authentication guards (e.g., separate user and admin authentication), specify the guard group:
// For admin routes
Route::middleware(['mfa:admin'])->group(function () {
Route::get('/admin/dashboard', 'Admin\DashboardController@index');
});Configure the corresponding group in config/laravel-mfa.php:
return [
'default' => [
// Default configuration...
],
'group' => [
'admin' => [ // Example, when using middleware 'mfa:admin'. Attributes not mentioned will be inherit from `default` above
'login_route' => 'admin.login',
'auth_user_closure' => function() {
return \Encore\Admin\Facades\Admin::user();
},
],
'other_name' => [ // Middleware 'mfa:other_name'
...
]
],
];Configure email settings in config/laravel-mfa.php:
'email' => [
'queue' => true, // Enable queue for background sending
'template' => 'laravel-mfa::emails.authentication-code',
'subject' => 'Your Authentication Code',
],Set how long verification codes remain valid:
'code_expire_after_minutes' => 10, // Default: 10 minutesFor applications with queue workers running, enable background email sending:
return [
'default' => [
'email' => [
'queue' => true, // Enable queue processing
]
]
];Make sure your queue worker is running:
php artisan queue:workThe middleware provides JSON responses for API requests:
- 403 - User not authenticated
- 423 - MFA verification required
{
"error": "MFA Required",
"url": "/mfa/generate?group=default"
}Run the test suite:
composer testOr run PHPUnit directly:
./vendor/bin/phpunit- Codes expire after the configured time limit (default: 10 minutes)
- Verification status is cached to prevent replay attacks
- Email delivery can be queued for better performance
- Multiple authentication contexts are supported
- β Email-based MFA
- π SMS-based MFA
- π TOTP/Authenticator app support
- π User-specific MFA settings
- π Backup codes
We welcome contributions! Please see CONTRIBUTING.md for details.
- Clone the repository:
git clone https://github.com/sicaboy/laravel-mfa.git
cd laravel-mfa- Install dependencies:
composer install- Run tests:
composer test# Run all tests
composer test
# Run tests with coverage
./vendor/bin/phpunit --coverage-html build/coverage
# Run specific test file
./vendor/bin/phpunit tests/Unit/MFAHelperTest.php
# Run specific test method
./vendor/bin/phpunit --filter testGetConfigByGroupReturnsGroupConfigPlease see CHANGELOG for more information on what has changed recently.
The MIT License (MIT). Please see License File for more information.
- Issues: GitHub Issues
- Documentation: This README and inline code documentation
- Email: [email protected]