OTP Manager is a Laravel OTP library.
Verification user by One Time Password via SMS or email or anything else.
You can choose various type of authentication method like cookie or request-header.
You can create OTP link and sending through email or create OTP PIN code and sending through SMS or notification etc.
You can choose between cookie or request-header (localstorage or fix variable) in client-side.
Note: In this tools you can using verification even without user.
A one-time password (OTP), also known as one-time PIN or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device.
bearer, cookie, session or request
-
Install requirements:
Require with Composer
composer require hamidmp/otp-manager
-
Publishing files:
php artisan vendor:publish --tag otpmanager
It will copy the migration files (two files) and config file and middleware file.
-
Change the config values to your prefer configs:
-
you have to declare the password (PIN) sender class in config file which the password sender class must be implemented from
OTPMessageInterface://config/otpmanage.php return [ //... 'message_provider'=>\App\Srvice\SMSProvider::class, //... ];
-
you have to declare the authenticable class for
user_model://config/otpmanage.php return [ //... 'user_model'=>App\Models\User::class, //... ];
-
-
Config the database connection (you have done before)
-
Cache the configs:
php artisan config:cache
-
Migrate the migrations
php artisan migrate
It will create new taable 'otpassword' for storing OTP PINs and adding two fields in
user_modeltable (step 3.2) for user contact value (like mobile) and OTP-token.
-
Taking user contact and generating new PIN and sending it
// App/Http/Controllers/SiteController OTPManager::generateAndSendNewOTP($request);
-
Checking user PIN code
// App/Http/Controllers/SiteController $result = OTPManager::checkUserOTPAndVerification($request, $request->code);
-
You can use the OTPManager without user and then after verification assign a user to that verified request (then you can using 'auth:otpmanager' middleware for identity the user)
// App/Http/Controllers/SiteController $result = OTPManager::checkUserOTPAndVerification($request, $request->code); //just after verification if($result!==false){ $user=User::find(1); OTPManager::assignUserTo($result,$user); }
-
Using auth middleware for ensuring that user authenticated
//routes/web.php Route::middleware('auth:otpmanager') ->group(function () { //... Route::get('/user',function (){ $user = \request()->user(); //or $user = \Illuminate\Support\Facades\Auth::user(); }); });
-
Using OTPManagerMiddleware middleware for checking verification (first step or complete)
//routes/web.php Route::middleware([\App\Http\Middleware\OTPManagerMiddleware::class]) ->group(function () { //OTP verification has passed completely }); Route::middleware('\App\Http\Middleware\OTPManagerMiddleware:false') ->group(function () { //OTP verification has passed its fist step at least (sending PIN code and having Token) });
The otp-manager library is open-sourced software licensed under the MIT license.