Allow filtering the email token length

WordPress · Dec 2, 2024 · e6c3ea1 · e6c3ea1
1 parent 636dc0b
commit e6c3ea1
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/providers/class-two-factor-email.php b/providers/class-two-factor-email.php
@@ -72,7 +72,9 @@ public function get_alternative_provider_label() {
 	 * @return string
 	 */
 	public function generate_token( $user_id ) {
-		$token = $this->get_code();
+		$token_length = (int) apply_filters( 'two_factor_token_length', 8 );
+
+		$token = $this->get_code( $token_length );
 
 		update_user_meta( $user_id, self::TOKEN_META_KEY_TIMESTAMP, time() );
 		update_user_meta( $user_id, self::TOKEN_META_KEY, wp_hash( $token ) );

diff --git a/readme.txt b/readme.txt
@@ -28,6 +28,7 @@ Here is a list of action and filter hooks provided by the plugin:
 - `two_factor_enabled_providers_for_user` filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.
 - `two_factor_user_authenticated` action which receives the logged in `WP_User` object as the first argument for determining the logged in user right after the authentication workflow.
 - `two_factor_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated.
+- `two_factor_token_length` filter overrides the default 8 character count for email tokens.
 
 == Frequently Asked Questions ==