Final release, transition to new package

Package superseded by Laragear/TwoFactor

The new package offers better functionality, testing, and latest Laravel support.

v4.0.2

What's Changed

• Fixed validation no working when issuing a recovery code. #72

Full Changelog: v4.0.1...v4.0.2

Version 4.0.1

What's new?

• Shared Secret and Recovery Codes encryption in database.
• Upgrade migration from version 3.x
• Full support for PHP 8.0.
• No More Heroes Listeners: Laraguard::hasCode() to use with Auth::attemptWhen().

What's removed?

• Listeners
• Input configuration, it was transported to Laraguard::hasCode() and Laraguard::hasCodeOrFail().
• PHP 7.4 support.

What's changed?

• 2fa.require middleware is now 2fa.enable.

Version 4.0

What's new?

• Shared Secret and Recovery Codes encryption in database.
• Upgrade migration from version 3.x
• Full support for PHP 8.0.
• No more Listeners: Laraguard::hasCode() to use with Auth::attemptWhen().

What's removed?

• Listeners
• Input configuration, it was transported to Laraguard::hasCode() and Laraguard::hasCodeOrFail().

What's changed?

• 2fa.require middleware is now 2fa.enable.

Laravel 8.0 & PHP 8.0 support

What's changed?

• Refactored both listeners (ChecksTwoFactorCode, EnforceTwoFactorAuth)
• Safe device is now opt-in, done by checkbox when input 2FA code.
• Factory for 2FA information per user.

What's added?

• Laravel 8.x support.
• PHP 8.0 support.

What's removed?

• Laravel 7.x support and below.
• PHP 7.3 support and below.

What's fixed?

• TOTP shared secret now uses a VARCHAR type of column instead of binary, which will fix binary columns shenanigans from SQL servers. You will have to migrate your column in your database. Migrating will depend on your SQL engine of choice, but you should be able to transform binary into Base32::upperDecode() to get a valid string -- that's out of the scope if this package, sorry!

Minor fix

What's changed?

• Nothing

What's added?

• Nothing

What's removed?

• Nothing.

What's fixed?

• The totp_code didn't validate recovery codes. Now it does.

Minor fix on Confirm Middleware

Just a heads up. The 2fa.confirm middleware had an undocumented option for taking into account safe devices, which is a moot point since the logic already remembers the challenge (3 hours default).

This parameter has been removed, along with that duplicated logic.

New release with new features

This version 2.0 includes a validation rule, a new middleware, and translation files, among other things.

What's changed?

• The 2fa middleware has been renamed to 2fa.require [BC].
• Middleware will now bypass any logic if the user model doesn't implement TwoFactorAuthenticatable to avoid auth lockdowns (wanting to enable 2FA, but cannot enable 2FA) [BC].
• Migrations has been re-added, but now you can publish the migration to override the file, instead of doing the latter first (publish the migration, then migrate). [BC].

BC: Breaking Change, also known as non-backguard compatible change.

What's added?

• Translation files for validation and general messages in the laraguard::{file}.{key} namespace.
• 2fa.confirm middleware to confirm by a TOTP Code before continuing with the intended route (#20)
• totp_code validation rule (#30).

What's removed?

• Nothing.

What's fixed?

• Nothing.

QR Code config and few fixes

New feature and some bugfixes.

What's changed?

• The TOTP Issue now uses the OTP_TOTP_ISSUER env variable. It will default to the application name if absent.

What's added?

• You can now configure the QR Code SVG size and margin.

What's removed?

• Nothing.

What's fixed?

• Error when attempting to log in with empty credentials. #26

Added configurable issuer name

New feature and some bugfixes.

What's changed?

• Nothing.

What's added?

• The configuration now includes the issuer key that accepts the name of the issuer for your TOTP codes. It defaults or fallbacks to the application name. #21

What's removed?

• Nothing.

What's fixed?

• The issuer name was not encoded correctly.
• Using the notice view without $url returned an error. #22