Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add filters for email token and backup code length #653

Merged
merged 17 commits into from
Jan 9, 2025
Merged

Add filters for email token and backup code length #653

merged 17 commits into from
Jan 9, 2025

Conversation

kasparsd
Copy link
Collaborator

@kasparsd kasparsd commented Dec 2, 2024
edited
Loading

Fixes #374.

Replaces #419.

What?

Implements two new filters:

  • two_factor_email_token_ttl filter overrides the default 8 character count for email tokens. This has been renamed from two_factor_token_ttl which is now marked as deprecated.

  • two_factor_backup_code_length filter overrides the default 8 character count for backup codes. Providers the WP_User of the associated user as the second argument.

Why?

Users might want to increase this.

How?

  • Introduce the filters and rename existing ones for consistency. Add tests to confirm both old and new filters are working.

  • Updated the input field placeholders to match the expected character length. Note that this might give away the expected character length for a brute force attacker but we're rate limiting these attempts so that is not an issue.

Testing Instructions

Screenshots or screencast

Note the updated XXXX characters for the placeholders and the correct length. Previously the placeholder was also including spaces but that could have confused the users about the format not matching what they get in the email or app. The input automatically removes invalid characters so the processing happens in either way.

email-codes

recover-codes

Inspiration:

input-format

Changelog Entry

Added - Introduce two_factor_email_token_length and two_factor_backup_code_length filters for adjusting the length of the respective tokens.

@kasparsd kasparsd mentioned this pull request Dec 2, 2024
Closed
@kasparsd
Copy link
Collaborator Author

kasparsd commented Dec 2, 2024

This is ready for code review.

@kasparsd kasparsd added this to the 0.11.0 milestone Dec 2, 2024
@jeffpaul jeffpaul requested a review from dd32 December 2, 2024 22:42
kasparsd
kasparsd commented Jan 9, 2025
View reviewed changes
providers/class-two-factor-backup-codes.php
?>
<p class="two-factor-prompt"><?php esc_html_e( 'Enter a recovery code.', 'two-factor' ); ?></p><br/>
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was causing too much blank space between the message and the input:

recover-codes

@kasparsd kasparsd merged commit abd8289 into master Jan 9, 2025
48 checks passed
@kasparsd kasparsd mentioned this pull request Jan 9, 2025
Merged
@jeffpaul jeffpaul modified the milestones: 0.12.0, 0.11.0 Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dd32 dd32 Awaiting requested review from dd32

Assignees

@kasparsd kasparsd

Labels
None yet
Projects
None yet
Milestone
0.11.0
Development

Successfully merging this pull request may close these issues.

Backup Codes (Improve 8 to 12 numbers)
2 participants
@kasparsd @jeffpaul