Currently, Two Factor makes it difficult to include the current email login token in the message's subject line.
Many TOTP emails have recently started including their login codes in the message subject line like "Your Login Code is 456789". This is good UX. When codes can be seen on Phone lock-screens and in message listings without having to view the full message, MFA logins are faster.
The Two Factor plugin provides filters for modifying email provider token-delivery messages. But while these share context (and location), they take a different set of arguments:
two_factor_token_email_subject — only receives $subject, $user_idtwo_factor_token_email_message — receives $message, $token, $user_id
Note: The exisiting token email filters are not documented in readme.txt.
Solution
If the subject filter exposed the current $token, email subject lines could be customized with a simple filter like this:
add_filter( 'two_factor_email_token_subject_new', function( $subject, $token ) {
return "{$token} is your login code";
}, 10, 2 );Please see Pull request #897 for a working solution.
Workaround
A workaround we've been using looks something like this:
add_filter('two_factor_token_email_message', function ($msg, $token) {
add_filter('wp_mail', function ($args) use ($token) {
$args['subject'] = "{$token} is your login code";
return $args;
});
}, 10, 2);Registering the wp_mail filter from two_factor_token_email_message keeps the subject modification isolated to only Two Factor initiated emails.
Existing filter code
|
/** |
|
* Filters the token email subject. |
|
* |
|
* @since 0.5.2 |
|
* |
|
* @param string $subject The email subject line. |
|
* @param int $user_id The ID of the user. |
|
*/ |
|
$subject = apply_filters( 'two_factor_token_email_subject', $subject, $user->ID ); |
|
|
|
/** |
|
* Filters the token email message. |
|
* |
|
* @since 0.5.2 |
|
* |
|
* @param string $message The email message. |
|
* @param string $token The token. |
|
* @param int $user_id The ID of the user. |
|
*/ |
|
$message = apply_filters( 'two_factor_token_email_message', $message, $token, $user->ID ); |
Currently, Two Factor makes it difficult to include the current email login token in the message's subject line.
Many TOTP emails have recently started including their login codes in the message subject line like "Your Login Code is 456789". This is good UX. When codes can be seen on Phone lock-screens and in message listings without having to view the full message, MFA logins are faster.
The Two Factor plugin provides filters for modifying email provider token-delivery messages. But while these share context (and location), they take a different set of arguments:
two_factor_token_email_subject— only receives$subject,$user_idtwo_factor_token_email_message— receives$message,$token,$user_idNote: The exisiting token email filters are not documented in readme.txt.
Solution
If the subject filter exposed the current
$token, email subject lines could be customized with a simple filter like this:Please see Pull request #897 for a working solution.
Workaround
A workaround we've been using looks something like this:
Registering the
wp_mailfilter fromtwo_factor_token_email_messagekeeps the subject modification isolated to only Two Factor initiated emails.Existing filter code
two-factor/providers/class-two-factor-email.php
Lines 311 to 330 in 3026ec3