The preferred way to install yii2-authy is through Composer. Either add the following to the require section of your composer.json
file:
"geoffry304/yii2-authy": "*"
Or run:
$ php composer.phar require geoffry304/yii2-authy "*"
You can manually install yii2-authy by downloading the source in ZIP-format.
Run the migration file
php yii migrate --migrationPath=@vendor/geoffry304/yii2-authy/migrations
Update the config file
// app/config/web.php
return [
'modules' => [
'authy' => [
'class' => 'geoffry304\authy\Module',
'api_key' => 'here your api key from authy',
'send_mail_from => '[email protected]'
],
'user' => [
'class' => 'amnah\yii2\user\Module',
'modelClasses' => [
'LoginForm' => 'geoffry304\authy\forms\LoginForm'
]
],
],
];
You need to add this piece of code before you try performLogin
$module2FA = Yii::$app->getModule('authy');
if ($module2FA) {
Yii::$app->session->set('credentials', ['login' => $model->email, 'pwd' => $model->password, 'remember' => $rememberMe]);
$returnUrl = $module2FA->validateLogin($model->getUser());
return $returnUrl;
}
Module Has the following options to modify it's behaviour:
- api_key: The key you get from authy website to make connection with it.
- api_url: If you want to use an other url standard to https://api.authy.com.
- default_expirytime: The expire time the user will need to insert a new token standard to 30 days.
- send_mail: Send mail when new device is added, standard to true.
- send_mail_from: Send mail from required when send_mail is on.
- logo: Path tho logo used in confirmation and registration form and also in sending mail.
If you need extra security, you can check on every action and controller if the current session still exist in db.
Update the config file
// app/config/web.php
return [
'bootstrap' => ['GlobalCheck'],
'components' => [
'GlobalCheck'=> [
'class'=>'geoffry304\authy\components\GlobalCheck'
],
],
];