2FA Form Hooks

[eric-michel]

What?

Adds hooks to the authentication form so content can easily be inserted.

Closes #722.

Why?

Companion plugins may wish to add form fields or other content to the authentication form.

How?

Three hooks are added to each of the Two_Factor_Provider subclasses:

• two_factor_before_authentication_prompt
• two_factor_after_authentication_prompt
• two_factor_after_authentication_input

Note that two_factor_after_authentication_input still fires even when there is no authentication input.

The hook passes a single argument: the provider object. This gives access to the provider name, among other properties, allowing for some conditional content when desired.

Testing Instructions

• Clone repo and activate plugin
• In theme's functions.php add the following:

function two_factor_hook_test( $provider ) {
	echo $provider->get_label();
}
add_action( 'two_factor_before_authentication_prompt', 'two_factor_hook_test' );
add_action( 'two_factor_after_authentication_prompt', 'two_factor_hook_test' );
add_action( 'two_factor_after_authentication_input', 'two_factor_hook_test' );

• Log into site with 2FA active and observe where the provider's name is printed within the authentication form.

Screenshots or screencast

Changelog Entry

Added - New hooks to insert content into the authentication form: two_factor_before_authentication_prompt, two_factor_after_authentication_prompt, and two_factor_after_authentication_input.

[eric-michel]

Fully open to suggestions on different hook names or locations.

[kasparsd]

Could you please document the filters in the readme along with the others?

two-factor/readme.txt

Lines 27 to 35 in 2926ece

	- `two_factor_providers` filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.
	- `two_factor_providers_for_user` filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object `WP_User` is available as the second argument.
	- `two_factor_enabled_providers_for_user` filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.
	- `two_factor_user_authenticated` action which receives the logged in `WP_User` object as the first argument for determining the logged in user right after the authentication workflow.
	- `two_factor_user_api_login_enable` filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.
	- `two_factor_email_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated.
	- `two_factor_email_token_length` filter overrides the default 8 character count for email tokens.
	- `two_factor_backup_code_length` filter overrides the default 8 character count for backup codes. Provides the `WP_User` of the associated user as the second argument.
	- `two_factor_rest_api_can_edit_user` filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current `$can_edit` boolean, the second argument is the user ID.

The naming looks good.

[eric-michel]

@kasparsd

Could you please document the filters in the readme along with the others?

No problem! This is done.

[eric-michel]

@kasparsd I think this PR is ready to go, but I'm getting some failures in the automated checks. I'm not really sure how to resolve that.

[kasparsd]

Looks good! Thank you!