Skip to content

Releases: scheb/2fa

v8.6.0

Choose a tag to compare

@scheb scheb released this 12 Jun 18:41
43088a1
  • Minor security fix: Compare codes with constant-time hash_equals, #318, thanks to @ThePHPF for sharing
  • Minor security fix: Fix pre-poisoning of code-reuse cache, #317, thanks to @ThePHPF for sharing
  • Honor post-success listeners that may block authentication, #213, #316, thanks to @giosh94mhz

A minor behavioral change has been introduced: Two-factor providers have been flagged "completed" on the TwoFactorToken immediately after the code was validated. Now, the provider is only flagged, once all post-success listeners have executed.

v7.14.0

Choose a tag to compare

@scheb scheb released this 12 Jun 18:41
37d2f72
  • Minor security fix: Compare codes with constant-time hash_equals, #318, thanks to @ThePHPF for sharing
  • Minor security fix: Fix pre-poisoning of code-reuse cache, #317, thanks to @ThePHPF for sharing
  • Honor post-success listeners that may block authentication, #213, #316, thanks to @giosh94mhz

A minor behavioral change has been introduced: Two-factor providers have been flagged "completed" on the TwoFactorToken immediately after the code was validated. Now, the provider is only flagged, once all post-success listeners have executed.

v8.5.0

Choose a tag to compare

@scheb scheb released this 24 Mar 18:43
  • Added scheb_two_factor.authentication.skipped event, when a condition caused 2fa to be skipped, thanks to @dt-thomas-durand, #315

v8.4.0

Choose a tag to compare

@scheb scheb released this 25 Feb 18:15

v8.3.0

Choose a tag to compare

@scheb scheb released this 24 Jan 13:44
  • Allow TwoFactor providers to be stateless, introducing optional needsPreparation method in TwoFactorProviderInterface, #273, #308, thanks to @Tjeerd and @johanib

v8.2.0

Choose a tag to compare

@scheb scheb released this 04 Jan 13:25
  • Bumped spomky-labs/otphp to at least version 11.4
  • getGoogleAuthenticatorUsername and getTotpAuthenticationUsername can now return null. If the server value is empty as well, you can have a record in the TOTP app with the issuer name only. Either issuer or username/server is required. #293

v8.1.0

Choose a tag to compare

@scheb scheb released this 28 Dec 17:44
  • Allow dependency injection of the backup code manager via interface FQN, #304, thanks to @plandolt

v8.0.1

Choose a tag to compare

@scheb scheb released this 18 Dec 15:36
  • Fix validator constraints not being registered, #303

v7.13.1

Choose a tag to compare

@scheb scheb released this 18 Dec 15:35
  • Fix validator constraints not being registered, #303

v8.0.0

Choose a tag to compare

@scheb scheb released this 04 Dec 17:01

New major release including support for Symfony 8.

Major changes:

  • Added validator for a user's 2fa authentication code, #295, thanks to @codedmonkey
  • Priority of the two-factor authenticator has changed from 0 to -100. Please make sure your authentication system is still working fine, especially when you're using custom (non-official) authenticators. You might need to adjust the priority of your custom authenticator.
  • Minimum PHP version is now 8.4

Please check the instructions to upgrade from bundle version 7.x to 8.x.