Skip to content
This repository has been archived by the owner on Feb 17, 2022. It is now read-only.

Commit

Permalink
Reworded some parts of the README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
DarkGhostHunter committed May 27, 2020
1 parent 4016579 commit 8f42a48
Showing 1 changed file with 13 additions and 9 deletions.
22 changes: 13 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -271,13 +271,17 @@ return [
'expiration_days' => 14,
],
'secret_length' => 20,
'issuer' => env('APP_NAME', 'Laravel'),
'issuer' => env('OTP_TOTP_ISSUER'),
'totp' => [
'digits' => 6,
'seconds' => 30,
'window' => 1,
'algorithm' => 'sha1',
],
'qr_code' => [
'size' => 400,
'margin' => 4
],
];
```

Expand All @@ -303,7 +307,7 @@ return [
];
```

This is the model where the the Two Factor Authentication data, like the shared secret and recovery codes, are saved and associated to the User model.
This is the model where the data for Two Factor Authentication is saved, like the shared secret and recovery codes, and associated to the User model.

You can change this model for your own if you wish.

Expand Down Expand Up @@ -332,7 +336,7 @@ return [
];
```

[RFC 6238](https://tools.ietf.org/html/rfc6238#section-5) states that one-time passwords shouldn't be able to be usable again, even if inside the time window. For this, we need to use the Cache to save the code for a given period of time.
[RFC 6238](https://tools.ietf.org/html/rfc6238#section-5) states that one-time passwords shouldn't be able to be usable again, even if inside the time window. For this, we need to use the Cache to save the code for a given period.

You can change the store to use, which it's the default used by your application, and the prefix to use as cache keys, in case of collisions.

Expand Down Expand Up @@ -364,7 +368,7 @@ return [
];
```

Enabling this option will allow the application to "remember" a device using a cookie, allowing it to bypass Two Factor Authentication once a code is verified in that device. When the User logs in again in that device, it won't be prompted for a Code.
Enabling this option will allow the application to "remember" a device using a cookie, allowing it to bypass Two Factor Authentication once a code is verified in that device. When the User logs in again in that device, it won't be prompted for a 2FA Code again.

There is a limit of devices that can be saved. New devices will displace the oldest devices registered. Devices are considered no longer "safe" until a set amount of days.

Expand All @@ -388,7 +392,7 @@ It's recommended to use 128-bit or 160-bit because some Authenticator apps may h

```php
return [
'issuer' => env('APP_NAME', 'Laravel'),
'issuer' => env('OTP_TOTP_ISSUER'),
'totp' => [
'digits' => 6,
'seconds' => 30,
Expand All @@ -410,7 +414,7 @@ This configuration values are always passed down to the authentication app as UR

otpauth://totp/Laravel:[email protected]?secret=THISISMYSECRETPLEASEDONOTSHAREIT&issuer=Laravel&label=taylor%40laravel.com&algorithm=SHA1&digits=6&period=30

These values are printed to each 2FA data inside the application. Changes will only take effect for new activations.
These values are printed to each 2FA data record inside the application. Changes will only take effect for new activations.

> It's not recommended to edit these parameters if you plan to use publicly available Authenticator apps, since some of them **may not support non-standard configuration**, like more digits, different period of seconds or other algorithms.
Expand All @@ -425,7 +429,7 @@ return [
];
```

This controls the size and margin used to create the QR Code.
This controls the size and margin used to create the QR Code, which are created as SVG.

### Custom view

Expand All @@ -434,14 +438,14 @@ This controls the size and margin used to create the QR Code.
You can override the view, which handles the Two Factor Code verification for the User. It receives this data:

* `$action`: The full URL where the form should send the login credentials.
* `$credentials`: An array containing the User credentials used for the login.
* `$credentials`: An `array|null` containing the User credentials used for the login.
* `$user`: The User instance trying to authenticate.
* `$error`: If the Two Factor Code is invalid.
* `$remember`: If the "remember" checkbox has been filled.

The way it works is very simple: it will hold the User credentials in a hidden input while it asks for the Two Factor Code. The User will send everything again along with the Code, the application will ensure its correct, and complete the log in.

This view and its form is bypassed if the User doesn't uses Two Factor Authentication, making the log in transparent and non-invasive.
This view and its form is bypassed if the User doesn't uses Two Factor Authentication, making the login transparent and non-invasive.

## Security

Expand Down

0 comments on commit 8f42a48

Please sign in to comment.