A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
Go to file
2021-08-04 16:35:39 -04:00
.github CI: only run publish job if on base repo 2021-08-04 16:35:39 -04:00
app Fix query to return the user even if userId > 0 2020-12-02 23:50:17 +01:00
bootstrap initial commit 2019-05-20 07:37:41 +02:00
config Bump version number 2021-03-04 21:26:14 +01:00
database Convert encrypted columns to Text to handle long ciphertext 2020-12-04 15:17:08 +01:00
docker Change to Alpine for x2 smaller image 2021-08-04 11:03:28 -04:00
public Recompile assets 2021-03-04 21:28:12 +01:00
resources Update locales 2021-03-04 20:49:22 +01:00
routes Return only essentials attributes when a token is requested to back-end 2020-11-21 21:46:31 +01:00
storage Prefill icon field with imageLink resource 2020-11-18 23:48:51 +01:00
tests Fix phpunit tests 2020-11-24 23:09:06 +01:00
.dockerignore Docker ignore webpack.mix.js 2021-08-02 23:31:31 -04:00
.editorconfig initial commit 2019-05-20 07:37:41 +02:00
.env.example Set IsDemoApp option as an .ENV variable 2020-03-18 18:37:57 +01:00
.env.testing in memory db for testing 2019-05-23 21:27:27 +02:00
.env.travis in memory db for testing 2019-05-23 21:27:27 +02:00
.gitattributes initial commit 2019-05-20 07:37:41 +02:00
.gitignore Add assets to master to ease installation 2020-03-12 11:56:41 +01:00
.styleci.yml initial commit 2019-05-20 07:37:41 +02:00
.travis.yml Drop PHP 7.2 support & add PHP 7.4 to CI 2020-10-12 18:50:39 +02:00
artisan initial commit 2019-05-20 07:37:41 +02:00
changelog.md Complete changelog 2021-03-04 21:25:45 +01:00
composer.json Remove curl/curl composer package 2020-11-18 23:09:41 +01:00
composer.lock Remove curl/curl composer package 2020-11-18 23:09:41 +01:00
crowdin.yml Add Crowdin configuration file 2020-10-14 23:18:51 +02:00
Dockerfile Change to Alpine for x2 smaller image 2021-08-04 11:03:28 -04:00
LICENSE Add LICENSE file 2020-01-11 00:13:04 +01:00
package-lock.json Notify user to reload when front-end accounts are deprecated 2020-11-27 15:55:02 +01:00
package.json Notify user to reload when front-end accounts are deprecated 2020-11-27 15:55:02 +01:00
phpunit.xml Upgrade phpunit xml config file to new format 2020-10-11 19:13:28 +02:00
README.md Doc: add build status badge for ci.yml 2021-08-03 10:37:42 -04:00
server.php initial commit 2019-05-20 07:37:41 +02:00
webpack.mix.js Replace Composer package with npm package to handle js languages strings 2020-09-30 20:48:42 +02:00

2FAuth

https://travis-ci.com/github/Bubka/2FAuth Docker build status https://codecov.io/gh/Bubka/2FAuth https://github.com/Bubka/2FAuth/blob/master/LICENSE

A web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

screens

2FAuth Demo

Use it with Docker

Credentials (login - password) : demo@2fauth.app - demo

Purpose

2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop.

It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.

I created it because :

  • Most of the UIs for this kind of apps show tokens for all accounts in the same time with stressful countdowns (in my opinion)
  • I wanted my 2FA accounts to be stored in a standalone database I can easily backup and restore (did you already encountered a smartphone loss with all your 2FA accounts in Google Auth? I did...)
  • I hate taking out my smartphone to get an OTP when I use a desktop computer
  • I love coding and I love self-hosted solutions

Main features

  • Manage your 2FA accounts and organize them using Groups
  • Scan and decode any QR code to add account in no time
  • Add custom account without QR code thanks to an advanced form
  • Edit accounts, even the imported ones
  • Generate TOTP and HOTP security codes

2FAuth is currently fully localized in English and French. See Contributing if you want to help on adding more languages.

Security

2FAuth provide with several security mechanisms to protect your 2FA data as best as possible.

Single user app

You have to create a user account and authenticate yourself to use the app. It is not possible to create more than one user account, the app is thought for personal use.

Data encryption

Sensitive data stored in the database can be encrypted to protect them against db compromise. Encryption is provided as an option which is disabled by default. It is strongly recommanded to backup the APP_KEY value of your .env file (or the whole file) when encryption is On.

Auto logout

2FAuth automatically log you out after an inactivity period to prevent long life session. The auto logout can be deactivated or triggered when a security code is copied.

RFC compliance

2FAuth generates OTP according to RFC 4226 (HOTP Algorithm) and RFC 6238 (TOTP Algorithm) thanks to Spomky-Labs/OTPHP php library.

Requirements

Installation (using command line)

Clone the repo

git clone https://github.com/bubka/2fauth.git

Install all php dependencies

php composer.phar install

Don't have composer? you can get it here

Set up your database

Create a database with one of the supported tools (see Requirements). For SQLite, place the database .sqlite file in the database/ folder of your 2FAuth installation.

Set your variables

In your installation directory make a copy of the .env.example file and rename the copy .env. Edit the .env file and adapt the settings to your running environment (see instructions in the file)

Prepare some stuff

php artisan migrate:refresh
php artisan passport:install
php artisan storage:link
php artisan config:cache

You are ready to go.

For development only

Checkout the 'dev' branch then install and build js dependencies

npm install
npm run dev

Upgrading

First, backup your database.

Then, using command line :

git pull
php composer.phar install
php artisan migrate
php artisan config:clear

Contributing

You can contribute to 2FAuth in many ways:

License

AGPL-3.0