TOTP ​
- Type
- Class
- Namespace
- craft\auth\methods
- Inherits
- craft\auth\methods\TOTP » craft\auth\methods\BaseAuthMethod » craft\base\Component » craft\base\Model » yii\base\Model » yii\base\Component » yii\base\BaseObject
- Implements
- ArrayAccess, IteratorAggregate, craft\auth\methods\AuthMethodInterface, craft\base\ComponentInterface, craft\base\ModelInterface, yii\base\Arrayable, yii\base\Configurable, yii\base\StaticInstanceInterface
- Uses traits
- craft\base\ClonefixTrait, yii\base\ArrayableTrait, yii\base\StaticInstanceTrait
- Since
- 5.0.0
Time-based one-time password authentication method.
Public Properties ​
| Property | Description |
|---|---|
| actionMenuItems | array |
| activeValidators | yii\validators\Validator – The validators applicable to the current scenario. |
| attributes | array – Attribute values (name => value). |
| authFormHtml | string |
| behaviors | yii\base\Behavior – List of behaviors attached to this component. |
| errors | array – Errors for all attributes or the specified attribute. |
| firstErrors | array – The first errors. |
| iterator | ArrayIterator – An iterator for traversing the items in the list. |
| scenario | string – The scenario that this model is in. |
| secretParam | string – The session variable name used to store the authenticator secret while setting up this method. |
| validators | ArrayObject, yii\validators\Validator – All the validators declared in the model. |
authFormHtml ​
- Type
- string
- Default value
null- Access
- Read-only
secretParam ​
- Type
- string
- Default value
null
The session variable name used to store the authenticator secret while setting up this method.
Protected Properties ​
| Property | Description |
|---|---|
| user | craft\elements\User – The current user |
Public Methods ​
| Method | Description |
|---|---|
| __call() | Calls the named method which is not a class method. |
| __clone() | This method is called after the object is created by cloning an existing one. |
| __construct() | |
| __get() | Returns the value of a component property. |
| __isset() | Checks if a property is set, i.e. defined and not null. |
| __set() | Sets the value of a component property. |
| __unset() | Sets a component property to be null. |
| activeAttributes() | Returns the attribute names that are subject to validation in the current scenario. |
| addError() | Adds a new error to the specified attribute. |
| addErrors() | Adds a list of errors. |
| addModelErrors() | Adds errors from another model, with a given attribute name prefix. |
| afterValidate() | This method is invoked after validation ends. |
| attachBehavior() | Attaches a behavior to this component. |
| attachBehaviors() | Attaches a list of behaviors to the component. |
| attributeHints() | Returns the attribute hints. |
| attributeLabels() | Returns the attribute labels. |
| attributes() | Returns the list of attribute names. |
| beforeValidate() | This method is invoked before validation starts. |
| behaviors() | Returns a list of behaviors that this component should behave as. |
| canGetProperty() | Returns a value indicating whether a property can be read. |
| canSetProperty() | Returns a value indicating whether a property can be set. |
| className() | Returns the fully qualified name of this class. |
| clearErrors() | Removes errors for all attributes or a single attribute. |
| createValidators() | Creates validator objects based on the validation rules specified in rules(). |
| datetimeAttributes() | Returns the names of any attributes that should hold DateTime values. |
| description() | Returns the description of this authentication method. |
| detachBehavior() | Detaches a behavior from the component. |
| detachBehaviors() | Detaches all behaviors from the component. |
| displayName() | Returns the display name of this class. |
| ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. |
| extraFields() | Returns the list of fields that can be expanded further and returned by toArray(). |
| fields() | Returns the list of fields that should be returned by default by toArray() when no specific fields are specified. |
| formName() | Returns the form name that this model class should use. |
| generateAttributeLabel() | Generates a user friendly attribute label based on the give attribute name. |
| getActionMenuItems() | Returns action menu items for the authentication method, when active. |
| getActiveValidators() | Returns the validators applicable to the current scenario. |
| getAttributeHint() | Returns the text hint for the specified attribute. |
| getAttributeLabel() | Returns the text label for the specified attribute. |
| getAttributes() | Returns attribute values. |
| getAuthFormHtml() | Returns the HTML for the authentication method’s authentication form. |
| getBehavior() | Returns the named behavior object. |
| getBehaviors() | Returns all behaviors attached to this component. |
| getErrorSummary() | Returns the errors for all attributes as a one-dimensional array. |
| getErrors() | Returns the errors for all attributes or a single attribute. |
| getFirstError() | Returns the first error of the specified attribute. |
| getFirstErrors() | Returns the first error of every attribute in the model. |
| getIterator() | Returns an iterator for traversing the attributes in the model. |
| getScenario() | Returns the scenario that this model is used in. |
| getSetupHtml() | Returns the HTML for the authentication method’s setup slideout. |
| getValidators() | Returns all the validators declared in rules(). |
| hasErrors() | Returns a value indicating whether there is any validation error. |
| hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. |
| hasMethod() | Returns a value indicating whether a method is defined. |
| hasProperty() | Returns a value indicating whether a property is defined for this component. |
| init() | Initializes the object. |
| instance() | Returns static class instance, which can be used to obtain meta information. |
| isActive() | Returns whether the authentication method is active for the user. |
| isAttributeActive() | Returns a value indicating whether the attribute is active in the current scenario. |
| isAttributeRequired() | Returns a value indicating whether the attribute is required. |
| isAttributeSafe() | Returns a value indicating whether the attribute is safe for massive assignments. |
| isSelectable() | Returns whether the component should be selectable in component Type selects. |
| load() | Populates the model with input data. |
| loadMultiple() | Populates a set of models with the data from end user. |
| off() | Detaches an existing event handler from this component. |
| offsetExists() | Returns whether there is an element at the specified offset. |
| offsetGet() | Returns the element at the specified offset. |
| offsetSet() | Sets the element at the specified offset. |
| offsetUnset() | Sets the element value at the specified offset to null. |
| on() | Attaches an event handler to an event. |
| onUnsafeAttribute() | This method is invoked when an unsafe attribute is being massively assigned. |
| remove() | Removes the authentication method for the current user. |
| rules() | Returns the validation rules for attributes. |
| safeAttributes() | Returns the attribute names that are safe to be massively assigned in the current scenario. |
| scenarios() | Returns a list of scenarios and the corresponding active attributes. |
| setAttributes() | Sets the attribute values in a massive way. |
| setScenario() | Sets the scenario for the model. |
| setUser() | Sets the user that is being verified. |
| toArray() | Converts the model into an array. |
| trigger() | Triggers an event. |
| validate() | Performs the data validation. |
| validateMultiple() | Validates multiple models. |
| verify() | Authenticates the user. |
description() ​
Returns the description of this authentication method.
Returns ​
displayName() ​
Returns the display name of this class.
Returns ​
string – The display name of this class.
getAuthFormHtml() ​
Returns the HTML for the authentication method’s authentication form.
Before returning the HTML, ensure an asset bundle is registered which defines a JavaScript class for handling your form. The class should be registered via Craft.registerAuthFormHandler().
js
Acme.VoiceAuthForm = Garnish.Base.extend({
init(form, onSuccess, showError) {
this.addListener(form, 'submit', (ev) => {
ev.preventDefault();
const data = {
voiceSignature: '...',
};
Craft.sendActionRequest('acme/auth/verify-voice', {data})
.then(() => {
onSuccess();
})
.catch(({response}) => {
showError(response.data.message);
});
});
},
}, {
METHOD: 'acme\\auth\\VoiceAuth',
});
Craft.registerAuthFormHandler(Acme.VoiceAuthForm.METHOD, Acme.VoiceAuthForm);The class should send a request to a controller action, which collects the form data and passes it to craft\services\Auth::verify(). That in turn will call your verify() method, passing it the same arguments.
If your verify() method returns true, craft\services\Auth::verify() will log the user in before returning the result.
php
use Craft;
use yii\web\Response;
protected array|bool|int $allowAnonymous = [
'verify-voice' => self::ALLOW_ANONYMOUS_LIVE | self::ALLOW_ANONYMOUS_OFFLINE,
];
public function actionVerifyVoice(): Response
{
$this->requirePostRequest();
$this->requireAcceptsJson();
$voiceSignature = $this->request->getRequiredBodyParam('voiceSignature');
$success = Craft::$app->auth->verify(VoiceAuth::class, $voiceSignature);
if (!$success) {
return $this->asFailure('Voice verification failed.');
}
return $this->asSuccess('Voice verification successful.');
}Returns ​
getSetupHtml() ​
Returns the HTML for the authentication method’s setup slideout.
Once the method is enabled for the user, call the slideout’s showSuccess() method to display a success message, and call Craft.authMethodSetup.refresh() to refresh the method’s info and actions in the main window.
php
Craft::$app->view->registerJsWithVars(fn($containerId, $class) => <<<JS
// ...
Craft.Slideout.instances[$containerId].showSuccess();
Craft.authMethodSetup.refresh();
JS, [
$containerId,
static::class
]);Arguments ​
$containerId(string) – The ID of the setup slideout’s container element
Returns ​
init() ​
Initializes the object.
This method is invoked at the end of the constructor after the object is initialized with the given configuration.
isActive() ​
Returns whether the authentication method is active for the user.
Returns ​
remove() ​
Removes the authentication method for the current user.
verify() ​
Authenticates the user.
This will be called from craft\services\Auth::verify(), which can be passed any number of arguments which will be forwarded onto this method. (See getAuthFormHtml() for a full walkthrough of how it works.)
Arguments ​
$args(mixed) – ,... Any arguments passed to craft\services\Auth::verify()
Returns ​
boolean – Whether the user should be authenticated.
Protected Methods ​
| Method | Description |
|---|---|
| defineBehaviors() | Returns the behaviors to attach to this class. |
| defineRules() | Returns the validation rules for attributes. |
| extractFieldsFor() | Extract nested fields from a fields collection for a given root field Nested fields are separated with dots (.). e.g: "item.id" The previous example would extract "id". |
| extractRootFields() | Extracts the root field names from nested fields. |
| resolveFields() | Determines which fields can be returned by toArray(). |
Constants ​
| Constant | Description |
|---|---|
SCENARIO_DEFAULT | The name of the default scenario. |