This article aims to help you build a two step authentication with sms for your Symfony2 application. It works like the google two step authentication. Here is the workflow of the achieved feature:
- the user fills in a first login form with his login and password
- he receives an SMS with a one time code
- he fills a second login form with the code
- he can check a “I’m on a trusted computer” box so the second step will be skipped the next time he logs
- he’s logged
We will also add some development tools:
- a parameter to fallback to mails (useful in dev or test environment)
- a parameter to add a master phone number (like the ‘delivery_address’ parameter of swiftmailer)
- a functional test
- I use Nexmo as my sms sending service.
- a functional Symfony2 project with FOSuser installed (FOSuser is not compulsory but it helps a lot doing it right and through)
1. Install bundles
We need to install two dependencies. The first, two-factor-bundle, will manage the second authentication step. The second, nexmo-bundle, will help us send sms easily.
Register them in AppKernel :
Then add some configuration:
nexmo_api_key, nexmo_api_secret, nexmo_from_name are parameters defined in app/config/parameters.yml. More details on these parameters are available in the two-factor bundle documentation and in the nexmo bundle documentation.
We will use two additional parameters along with them:
- nexmo_delivery_phone_number: if set, all sms messages will be sent to this phone number instead of being sent to their actual recipients. This is often useful when developing.
- nexmo_disable_delivery: if true, no sms will be delivered, mail will be send instead.
Eventually, our parameter file will look more or less like this:
You can now run composer to process the install.
2. Extend FOSUserBundle
This is the optional part. All we need is a bundle which implements a user entity. Extending FOSUserBundle is a secure and clean way to do so.
If you use FOSUserBundle then create a new bundle (I called it “AcmeUserBundle”) which extends “FOSUserBundle” as explained in the Symfony2 documentation.
4. Test your work
Here is the custom behat step to do so:
You liked this article? You'd probably be a good match for our ever-growing tech team at Theodo.