使用pragmarx/google2fa-laravel實現(xiàn)Laravel雙因素認(rèn)證：安裝包後添加兩字段到users表，生成TOTP密鑰並顯示QR碼供掃描，驗證一次性密碼後啟用2FA，登錄時若開啟2FA則跳轉(zhuǎn)至驗證碼輸入頁，校驗通過後登錄，支持用戶輸入密碼後關(guān)閉2FA功能。

To implement two-factor authentication (2FA) in Laravel, you can use packages like Google2FA or Laravel Fortify with laravel/fortify and pragmarx/google2fa-laravel . Below is a step-by-step guide using pragmarx/google2fa-laravel for TOTP-based 2FA.

Install Required Packages

Add the Google2FA package via Composer:

This package provides integration with Google Authenticator apps (like Google Authenticator, Authy, etc.).

Add Columns to Users Table

Create a migration to add 2FA-related fields to your users table:

In the migration file:

public function up()
{
    Schema::table('users', function (Blueprint $table) {
        $table->boolean('two_factor_enabled')->default(false);
        $table->string('two_factor_secret')->nullable();
    });
}

Run the migration:

Update User Model

Add the necessary attributes to your User model:

protected $fillable = [
    'name',
    'email',
    'password',
    'two_factor_secret',
    'two_factor_enabled',
];

protected $hidden = [
    'two_factor_secret',
];

You may also cast the secret if needed, though it's usually stored encrypted.

Generate and Display QR Code

Create a controller method to generate a 2FA secret and show the QR code:

use PragmaRX\Google2FA\Google2FA;

class TwoFactorController extends Controller
{
    public function show()
    {
        $google2fa = app('pragmarx.google2fa');

        $secret = $google2fa->generateSecretKey();

        // Store in session temporarily
        session(['2fa_secret' => $secret]);

        $QRImage = $google2fa->getQRCodeInline(
            config('app.name'),
            auth()->user()->email,
            $secret
        );

        return view('auth.two-factor-setup', compact('QRImage', 'secret'));
    }
}

In your Blade view ( two-factor-setup.blade.php ):

<div>
    <p>Scan the QR code with Google Authenticator.</p>
    <div>{!! $QRImage !!}</div>
    <p>Or enter this key manually: <strong>{{ $secret }}</strong></p>
</div>

Verify and Enable 2FA

Create a method to verify the one-time password and enable 2FA:

use PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException;
use PragmaRX\Google2FA\Exceptions\InvalidCharactersException;
use PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException;

public function enable(Request $request)
{
    $request->validate(['one_time_password' => 'required']);

    $google2fa = app('pragmarx.google2fa');

    $secret = $request->session()->get('2fa_secret');

    $valid = $google2fa->verifyKey($secret, $request->one_time_password);

    if ($valid) {
        auth()->user()->update([
            'two_factor_secret' => $secret,
            'two_factor_enabled' => true,
        ]);

        $request->session()->forget('2fa_secret');

        return redirect()->route('dashboard')->with('success', '2FA enabled successfully.');
    }

    return back()->withErrors(['one_time_password' => 'Invalid code.']);
}

Enforce 2FA During Login

Modify your login logic (eg, in a custom request or middleware) to check if 2FA is enabled.

After successful password authentication, if 2FA is enabled, redirect to a 2FA verification page:

// In LoginController or Fortify hook
if ($user->two_factor_enabled) {
    session(['2fa:user:id' => $user->id]);
    return redirect('/verify-2fa');
}

Create a verification form where the user enters the OTP.

Verification example:

public function verify(Request $request)
{
    $userId = $request->session()->get('2fa:user:id');

    if (!$userId) {
        return redirect('/login');
    }

    $user = User::findOrFail($userId);

    $google2fa = app('pragmarx.google2fa');

    $valid = $google2fa->verifyKey($user->two_factor_secret, $request->one_time_password);

    if ($valid) {
        $request->session()->forget('2fa:user:id');
        Auth::loginUsingId($user->id);

        return redirect()->intended('/dashboard');
    }

    return back()->withErrors(['one_time_password' => 'Invalid 2FA code.']);
}

Disable 2FA Option

Allow users to disable 2FA (after confirming password):

public function disable(Request $request)
{
    $request->validate(['password' => 'required']);

    if (!Hash::check($request->password, auth()->user()->password)) {
        return back()->withErrors(['password' => 'Invalid password.']);
    }

    auth()->user()->update([
        'two_factor_secret' => null,
        'two_factor_enabled' => false,
    ]);

    return redirect()->back()->with('success', '2FA disabled.');
}

Basically, that's how you add full 2FA support in Laravel using Google Authenticator. You can enhance it with backup codes, recovery options, or use Laravel Fortify/Spark for built-in support.

以上是如何在 Laravel 中實現(xiàn)雙因素身份驗證（2FA）？的詳細(xì)內(nèi)容。更多資訊請關(guān)注PHP中文網(wǎng)其他相關(guān)文章！