Skip to content

imorland/flarum-ext-twofactor

Repository files navigation

2FA

License Latest Stable Version Total Downloads

A Flarum extension. 2FA for Flarum

Requirements

This extension requires a minimum of PHP 8.1, due to a 3rd party library constraint.

Features

  • Enforces admin accounts to have 2FA enabled for increased security
  • Configure which additional user groups should also be enforced
  • Supports all common authentication apps
  • Protects login, forgot password endpoints
  • Integrates with fof/oauth to protect OAuth logins to protected accounts
  • 2FA Enabled/Disabled notifications
  • 2FA Status page
  • Backup/recovery codes
  • Option to revoke dormant access tokens after X days of no usage

Permissions

This extension provides the ability to view the status of 2FA of other users (intended for admin and/or moderator use). In order for this to function correctly, you must also set the permission Moderate Access Tokens to at least the same group as you require for View 2FA status of other users.

Installation

Install with composer:

composer require ianm/twofactor:"*"

Updating

composer update ianm/twofactor
php flarum migrate
php flarum cache:clear

Usage

CLI

Independantly of the setting, you may remove dormant access tokens using the CLI. The days setting defaults to 30 days, and the CLI will still respect this value from the extension settings, as well as the developer token setting:

php flarum twofactor:kill-inactive-tokens

cli

TODO

Screenshots

QR Code setup

qr-code-setup

Manual setup

manual setup

Security tab integration

security tab integration

Enabled/Disabled notifications

notifications

Admin user list status icon

userlist

Links

Support

Please consider supporting my extension development and maintenance work.

Buy Me A Coffee