2FA

A Flarum extension. 2FA for Flarum

Requirements

This extension requires a minimum of PHP 8.1, due to a 3rd party library constraint.

Features

• Enforces admin accounts to have 2FA enabled for increased security
• Configure which additional user groups should also be enforced
• Supports all common authentication apps
• Protects login, forgot password endpoints
• Integrates with fof/oauth to protect OAuth logins to protected accounts
• 2FA Enabled/Disabled notifications
• 2FA Status page
• Backup/recovery codes
• Option to revoke dormant access tokens after X days of no usage

Permissions

This extension provides the ability to view the status of 2FA of other users (intended for admin and/or moderator use). In order for this to function correctly, you must also set the permission Moderate Access Tokens to at least the same group as you require for View 2FA status of other users.

Installation

Install with composer:

composer require ianm/twofactor:"*"

Updating

composer update ianm/twofactor
php flarum migrate
php flarum cache:clear

Usage

CLI

Independantly of the setting, you may remove dormant access tokens using the CLI. The days setting defaults to 30 days, and the CLI will still respect this value from the extension settings, as well as the developer token setting:

php flarum twofactor:kill-inactive-tokens

TODO

Screenshots

QR Code setup

Manual setup

Security tab integration

Enabled/Disabled notifications

Admin user list status icon

Links

• Packagist
• GitHub
• Discuss

Support

Please consider supporting my extension development and maintenance work.