Allow TOTP keys to be filterable #545
Conversation
Since the discussion in WordPress#389 seems to be on-going, the following should allow users of the plugin to decide how they would like to approach the encryption part. Perhaps we can follow up with solutions after they've been implemented and debate further?
There was a problem hiding this comment.
While I'm not against this change, I don't personally see the direct need for it.
I understand the intention of why, but it seems to me that this isn't something that needs to be filtered except in rare circumstances, and is working around other limitations.
A plugin can add a second provider, which overloads those methods and saves them elsewhere. What is not be filterable is being able to tell two-factor that For the provider "Two_Factor_Totp" use the classname "CUSTOMPLUGIN_Factor_Totp" as the plugin is hard-coded with the notion that provider_name === php_classname, so I'd probably be saying the filter needs to be on Two_Factor_Core:: get_providers()'s resultset or in it's loop that creates the provider objects.
(Created #546 for this, which I don't think necessarily supersedes this, but rather, offers a much more flexible future approach for dealing with individual provider customizations)
These filters as-is are even a bit limiting, the set_user_totp_key filter can't be used to save it outside of user_meta for example.
There's also the generic metadata filters, which admittedly probably shouldn't be used to filter this value if you're using it for encryption purposes.
|
Closing in favour of the more flexible approach in #546. |
What?
Allow TOTP keys to be filtered on save/retrieval.
Why?
Since the discussion in #389 seems to be on-going, the following should allow users of the plugin to decide how they would like to approach the encryption part.
How?
Adds filters on save and retrieval.
Testing Instructions
Test adding filters, and making sure they are saved.
Changelog Entry
Added - filters to TOTP keys.