scheb/2fa-bundle
Symfony bundle providing a generic framework for adding two-factor authentication (2FA) to your app. Integrates with Symfony Security and supports multiple 2FA methods via a consistent interface, with full docs on symfony.com.
SecurityBundle and EventDispatcher, which lack direct equivalents in Laravel. Key components like TwoFactorAuthenticatorManager and event listeners would need significant refactoring or abstraction to fit Laravel’s middleware-based architecture.Illuminate\Auth\Guard, Illuminate\Contracts\Auth\Authenticatable) would require custom adapters.Auth system and middleware pipeline could accommodate 2FA checks, but the package’s reliance on Symfony’s session/token system introduces complexity. For example, Symfony’s AbstractGuardAuthenticator has no direct Laravel counterpart.SecurityContext, TokenStorage, and EventDispatcher would need replacements (e.g., Laravel’s Auth::guard(), event() facade, or custom middleware).user_two_factor_secrets with specific columns (e.g., secret, algorithm, digits). Laravel’s Eloquent could adapt this, but migrations would require adjustments.TwoFactorListener would need to be rewritten as a Laravel middleware or service.SecurityBundle integration) would not apply. New tests would need to cover Laravel-specific scenarios (e.g., middleware execution, session handling).EventDispatcher) would require ongoing updates if the upstream package evolves.spomky-labs/otphp as a reference).TwoFactorServiceProvider, CheckTwoFactorMiddleware).spomky-labs/laravel-2fa, overtrue/laravel-2fa). If these meet requirements, integration risk may not be worth the effort.TokenStorage is replaced by Laravel’s Auth::user() and session. How will 2FA tokens be stored/validated?two_factor.authenticated events be replaced with middleware hooks (e.g., auth.attempting, auth.authenticated)?CheckTwoFactorMiddleware) introduce latency in high-traffic routes? How will caching (e.g., Redis) mitigate this?scheb/2fa) adds breaking changes? Will this become a maintenance burden?Auth facade but may need a custom TwoFactorGuard or UserProvider extension.TwoFactorListener with Laravel middleware (e.g., CheckTwoFactorMiddleware).spomky-labs/laravel-2fa (TOTP-focused) or overtrue/laravel-2fa (TOTP/HOTP) for lower integration risk.company/two-factor-auth) to avoid duplication.scheb/2fa into a standalone library (e.g., vendor/company/two-factor-core).TOTPGenerator (uses spomky-labs/otphp or similar).HOTPGenerator.BackupCodeGenerator.TwoFactorServiceProvider to:
CheckTwoFactorMiddleware).TwoFactorAuthenticatorInterface) to concrete implementations.public function handle($request, Closure $next) {
if ($request->user() && $request->user()->mustVerifyTwoFactor()) {
if (!$request->user()->hasValidTwoFactorCode()) {
return redirect()->route('two-factor.verify');
}
}
return $next($request);
}
TwoFactorSecret) to store secrets, algorithms, and backup codes.Schema::create('two_factor_secrets', function (Blueprint $table) {
$table->id();
$table->foreignId('user_id')->constrained()->onDelete('cascade');
$table->string('secret');
$table->string('algorithm')->default('sha1');
$table->integer('digits')->default(6);
$table->boolean('is_backup')->default(false);
$table->timestamps();
});
endroid/qr-code or miloschuman/php-qrcode).TwoFactorBackupCodesController).TwoFactorRecoveryController).{!! DNS1D::getBarcodeHTML($user->twoFactorSecret->secret, 'C39') !!}
CheckTwoFactorMiddlewareTest).TOTPValidatorTest).BackupCodeTest).| Symfony Component | Laravel Equivalent | Notes |
|---|---|---|
SecurityBundle |
Custom TwoFactorGuard or Auth extensions |
Requires middleware/service provider. |
EventDispatcher |
Laravel’s Event facade |
Replace event listeners with middleware. |
| Twig Templates | Blade/Livewire | Full rewrite needed. |
TokenStorage |
Auth::user() + session |
Store 2FA tokens in session or cache. |
UserProvider |
Eloquent User model |
Extend with mustVerifyTwoFactor() method. |
AbstractGuardAuthenticator |
Custom middleware | No direct equivalent. |
UserInterface → Laravel’s Illuminate\Contracts\Auth\Authenticatable.two_factor.authenticated) → Laravel middleware hooks.SecurityContext → Laravel’s Auth::guard()).How can I help you explore Laravel packages today?