2FA Form Hooks

[eric-michel]

What?

Adds hooks to the authentication form so content can easily be inserted.

Why?

Companion plugins may wish to add form fields or other content to the authentication form.

How?

Three hooks are added to each of the Two_Factor_Provider subclasses:

• two_factor_before_authentication_prompt
• two_factor_after_authentication_prompt
• two_factor_after_authentication_input

Note that two_factor_after_authentication_input still fires even when there is no authentication input.

The hook passes a single argument: the provider object. This gives access to the provider name, among other properties, allowing for some conditional content when desired.

Testing Instructions

• Clone repo and activate plugin
• In theme's functions.php add the following:

function two_factor_hook_test( $provider ) {
	echo $provider->get_label();
}
add_action( 'two_factor_before_authentication_prompt', 'two_factor_hook_test' );
add_action( 'two_factor_after_authentication_prompt', 'two_factor_hook_test' );
add_action( 'two_factor_after_authentication_input', 'two_factor_hook_test' );

• Log into site with 2FA active and observe where the provider's name is printed within the authentication form.

Screenshots or screencast

Changelog Entry

Added - New hooks to insert content into the authentication form: two_factor_before_authentication_prompt, two_factor_after_authentication_prompt, and two_factor_after_authentication_input.

[eric-michel]

Fully open to suggestions on different hook names or locations.

[kasparsd]

Could you please document the filters in the readme along with the others?

two-factor/readme.txt

Lines 27 to 35 in 2926ece

	- `two_factor_providers` filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.
	- `two_factor_providers_for_user` filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object `WP_User` is available as the second argument.
	- `two_factor_enabled_providers_for_user` filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.
	- `two_factor_user_authenticated` action which receives the logged in `WP_User` object as the first argument for determining the logged in user right after the authentication workflow.
	- `two_factor_user_api_login_enable` filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.
	- `two_factor_email_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated.
	- `two_factor_email_token_length` filter overrides the default 8 character count for email tokens.
	- `two_factor_backup_code_length` filter overrides the default 8 character count for backup codes. Provides the `WP_User` of the associated user as the second argument.
	- `two_factor_rest_api_can_edit_user` filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current `$can_edit` boolean, the second argument is the user ID.

The naming looks good.

[eric-michel]

@kasparsd

Could you please document the filters in the readme along with the others?

No problem! This is done.