Downloads
Stars
Version
Add security pin, mnemonic key and 2fa authentication feature to users.
Via Composer
$ composer require laraditz/user-security
The Laravel and Lumen configurations vary slightly, so here are the instructions for each of the frameworks.
Edit the config/app.php
file and add the following line to register the service provider:
'providers' => [
...
Laraditz\UserSecurity\UserSecurityServiceProvider::class,
...
],
Tip: If you're on Laravel version 5.5 or higher, you can skip this part of the setup in favour of the Auto-Discovery feature.
Edit the bootstrap/app.php
file and add the following line to register the service provider:
...
$app->register(Laraditz\UserSecurity\UserSecurityServiceProvider::class);
...
You will also need to enable Facades
in bootstrap/app.php
:
..
$app->withFacades(true, [
...
Laraditz\UserSecurity\Facades\SecureUser::class => 'SecureUser'
]);
...
Open your user provider model class, for example App\Models\User
, and add Laraditz\UserSecurity\Traits\UserSecurable
trait:
<?php
namespace App;
...
use Laraditz\UserSecurity\Traits\UserSecurable;
class User extends Model implements AuthenticatableContract, AuthorizableContract
{
...
use UserSecurable;
...
}
Add a key to your .env
file for hashing.
LUS_KEY=set_your_key_here // for one-way encrypt, do not lose or change this key after set.
Add validation rule message to resources/lang/{lang_code}/validation.php
.
...
'mnemonic' => 'The :attribute is invalid.',
'mnemonic_exists' => 'The :attribute is already been used.',
...
Example usage as below snippet:
// to add/update security pin for eloquent user
$user->updateSecurityPin($security_pin);
// to add/update entropy for eloquent user
$user->updateEntropy($entropy);
// to add/update multiple authenticators
$user->updateMultipleAuthenticators(['security_pin' => $security_pin, 'mnemonic_entropy' => $entropy]);
To use mnemonic functions, examples as below:
// Success response
// using service container to generate mnemonic object
$mnemonic = app('SecureUser')->mnemonic()->generate();
// using alias to generate mnemonic object
$mnemonic = \SecureUser::mnemonic()->generate();
// Use mnemonic codes to find entropy
$mnemonic = \SecureUser::mnemonic()->words($words);
// Generate Mnemonic using specified Entropy
$mnemonic = \SecureUser::mnemonic()->entropy($entropy);
// Get user by mnemonic words
$user = \SecureUser::mnemonic()->userByWords($words);
It also comes with mnemonic
and mnemonic_exists
rules:
mnemonic_words
and mnemonic_entropy
match.mnemonic_words
or mnemonic_entropy
already exists.$this->validate($request, [
...
'mnemonic_words' => 'required|array|mnemonic',
'mnemonic_entropy' => 'required|mnemonic_exists',
...
]);
For security pin, you can use MatchSecurityPin
rule. You can pass the model in the constructor. Otherwise, the rule will assume you want to use the session user. The model must use UserSecurable
trait.
use Laraditz\UserSecurity\Rules\MatchSecurityPin;
$this->validate($request, [
...
'security_pin' => new MatchSecurityPin,
'security_pin2' => new MatchSecurityPin($model),
...
]);
Please see the changelog for more information on what has changed recently.
MIT. Please see the license file for more information.