Two-Factor Authentication
Craftable Pro uses the Laravel Fortify (opens in a new tab) package to implement the backend part of the two-factor authentication.
Config
CraftablePro overrides the default Fortify config with necessary value changes. However, if you have the fortify.php config
already published or plan to publish it into your project, you will have to make a few changes to make it work with CraftablePro's
two-factor authentication feature.
'guard' => 'craftable-pro',
'views' => false,
'features' => [
//Features::registration(),
//Features::resetPasswords(),
//Features::emailVerification(),
//Features::updateProfileInformation(),
//Features::updatePasswords(),
Features::twoFactorAuthentication([
'confirm' => true,
'confirmPassword' => true,
// 'window' => 0,
]),
],Same as they are in vendor/brackets/craftable-pro/config/fortify.php
Not all the features have to be disabled, but the Fortify registration, verification and password handling have not yet been tested within CraftablePro, as it comes with its own implementations.
If the 'views' would be set to true, Fortify would register its own routes for 2FA and there would be route naming conflicts when caching routes.
Enable Two-Factor Authentication
Each CraftableProUser can only manage their own 2FA setup. Two-factor authentication is only available for classical email/password login, not for social logins, as of yet.
Open tab Security on User Profile settings page
On this page, you can change your password or manage the two-factor authentication app.
Click on Set up authentication app
Continue with the instructions given by the setup modal.
Google Authenticator app is available for iOS on App Store (opens in a new tab) and for Android on Play Store (opens in a new tab).
The Copy Key/Copy Codes (to clipboard) functionality only works over HTTPS, as it uses the Async Clipboard API (opens in a new tab).
Confirm the setup
Save the recovery codes
Finish
Check that the status is now displayed as Enabled.
Login with Two-Factor Authentication
If your two-factor authentication is enabled, you will be prompted for an authentication code after logging in via email/password.
Manage Two-Factor Authentication
After setting up the two-factor authentication, you can edit it or remove it.
Open tab Security on User Profile settings page
On this page, you can change your password or manage the two-factor authentication app.
Click on Manage app
Continue with the instructions given by the manage modal.
To edit the app, click on Change app
A new QR code and recovery codes will be generated.
If you don't confirm the new QR code in the next step, the old QR code will remain active.
Confirm the change
Save the recovery codes
Finish
Check that the status is still displayed as Enabled and that the timestamp is current.
To remove the app, click on the trash can icon
Confirm the removal
Finish
Check that the status is displayed as Disabled.
Require Two-Factor Authentication
You can require all users of a given role to enable the two-factor authentication in the Roles listing within the Create or Update modal.
Users with disabled two-factor authentication with given role will be prompted once every 24 hours by a modal:
Users with Two-Factor Authentication
You can check and filter users by their two-factor authentication status in the Access tab in the user listing.
