@@ -240,6 +240,8 @@ private static function get_providers_classes( $providers ) {
240240 /**
241241 * Filters the classname for a provider. The dynamic portion of the filter is the defined providers key.
242242 *
243+ * @since 0.9.0
244+ *
243245 * @param string $class The PHP Classname of the provider.
244246 * @param string $path The provided provider path to be included.
245247 */
@@ -278,6 +280,8 @@ public static function get_providers() {
278280 * This lets third-parties either remove providers (such as Email), or
279281 * add their own providers (such as text message or Clef).
280282 *
283+ * @since 0.1-dev
284+ *
281285 * @param array $providers A key-value array where the key is the class name, and
282286 * the value is the path to the file containing the class.
283287 */
@@ -586,6 +590,8 @@ public static function get_enabled_providers_for_user( $user = null ) {
586590 /**
587591 * Filter the enabled two-factor authentication providers for this user.
588592 *
593+ * @since 0.5.2
594+ *
589595 * @param array $enabled_providers The enabled providers.
590596 * @param int $user_id The user ID.
591597 */
@@ -744,6 +750,8 @@ public static function get_primary_provider_for_user( $user = null ) {
744750 /**
745751 * Filter the two-factor authentication provider used for this user.
746752 *
753+ * @since 0.2.0
754+ *
747755 * @param string $provider The provider currently being used.
748756 * @param int $user_id The user ID.
749757 */
@@ -863,6 +871,8 @@ public static function is_user_api_login_enabled( $user_id ) {
863871 * Allow or prevent logins without two-factor during
864872 * API requests such as XML-RPC and REST.
865873 *
874+ * @since 0.4.0
875+ *
866876 * @param boolean $enabled Whether the user can login via API requests.
867877 * @param integer $user_id User ID.
868878 */
@@ -1323,6 +1333,8 @@ public static function get_user_time_delay( $user ) {
13231333 /**
13241334 * Filter the minimum time duration between two factor attempts.
13251335 *
1336+ * @since 0.8.0
1337+ *
13261338 * @param int $rate_limit The number of seconds between two factor attempts.
13271339 */
13281340 $ rate_limit = apply_filters ( 'two_factor_rate_limit ' , 1 );
@@ -1334,6 +1346,8 @@ public static function get_user_time_delay( $user ) {
13341346 /**
13351347 * Filter the maximum time duration a user may be locked out from retrying two factor authentications.
13361348 *
1349+ * @since 0.8.0
1350+ *
13371351 * @param int $max_rate_limit The maximum number of seconds a user might be locked out for. Default 15 minutes.
13381352 */
13391353 $ max_rate_limit = apply_filters ( 'two_factor_max_rate_limit ' , 15 * MINUTE_IN_SECONDS );
@@ -1344,6 +1358,8 @@ public static function get_user_time_delay( $user ) {
13441358 /**
13451359 * Filters the per-user time duration between two factor login attempts.
13461360 *
1361+ * @since 0.8.0
1362+ *
13471363 * @param int $rate_limit The number of seconds between two factor attempts.
13481364 * @param WP_User $user The user attempting to login.
13491365 */
@@ -1373,8 +1389,10 @@ public static function is_user_rate_limited( $user ) {
13731389 * This allows for dedicated plugins to rate limit two factor login attempts
13741390 * based on their own rules.
13751391 *
1376- * @param bool $rate_limited Whether the user login is rate limited.
1377- * @param WP_User $user The user attempting to login.
1392+ * @since 0.8.0
1393+ *
1394+ * @param bool $rate_limited Whether the user login is rate limited.
1395+ * @param WP_User $user The user attempting to login.
13781396 */
13791397 return apply_filters ( 'two_factor_is_user_rate_limited ' , $ rate_limited , $ user );
13801398 }
@@ -1470,6 +1488,14 @@ public static function rest_api_can_edit_user_and_update_two_factor_options( $us
14701488 return new WP_Error ( 'revalidation_required ' , __ ( 'Two Factor Revalidation required. ' , 'two-factor ' ) );
14711489 }
14721490
1491+ /**
1492+ * Filters whether the current user can edit another user's two-factor options via the REST API.
1493+ *
1494+ * @since 0.7.0
1495+ *
1496+ * @param bool $can_edit Whether the user can edit the two-factor options. Default true.
1497+ * @param int $user_id The user ID being updated.
1498+ */
14731499 return apply_filters ( 'two_factor_rest_api_can_edit_user ' , true , $ user_id );
14741500 }
14751501
@@ -1569,6 +1595,14 @@ public static function _login_form_validate_2fa( $user, $nonce = '', $provider =
15691595
15701596 wp_set_auth_cookie ( $ user ->ID , $ rememberme );
15711597
1598+ /**
1599+ * Fires after a user has been authenticated via two-factor.
1600+ *
1601+ * @since 0.5.2
1602+ *
1603+ * @param WP_User $user The authenticated user.
1604+ * @param Two_Factor_Provider $provider The two-factor provider used for authentication.
1605+ */
15721606 do_action ( 'two_factor_user_authenticated ' , $ user , $ provider );
15731607
15741608 remove_filter ( 'attach_session_information ' , $ session_information_callback );
@@ -1677,6 +1711,14 @@ public static function _login_form_revalidate_2fa( $nonce = '', $provider = '',
16771711 )
16781712 );
16791713
1714+ /**
1715+ * Fires after a user has been revalidated via two-factor.
1716+ *
1717+ * @since 0.8.0
1718+ *
1719+ * @param WP_User $user The revalidated user.
1720+ * @param Two_Factor_Provider $provider The two-factor provider used for revalidation.
1721+ */
16801722 do_action ( 'two_factor_user_revalidated ' , $ user , $ provider );
16811723
16821724 // Must be global because that's how login_header() uses it.
@@ -1787,11 +1829,13 @@ public static function should_reset_password( $user_id ) {
17871829 * that the password has been compromised and an attacker is trying to brute force the 2nd
17881830 * factor.
17891831 *
1790- * ⚠️ `get_user_time_delay()` mitigates brute force attempts, but many 2nd factors --
1832+ * `get_user_time_delay()` mitigates brute force attempts, but many 2nd factors --
17911833 * like TOTP and backup codes -- are very weak on their own, so it's not safe to give
17921834 * attackers unlimited attempts. Setting this to a very large number is strongly
17931835 * discouraged.
17941836 *
1837+ * @since 0.8.0
1838+ *
17951839 * @param int $limit The number of attempts before the password is reset.
17961840 */
17971841 $ failed_attempt_limit = apply_filters ( 'two_factor_failed_attempt_limit ' , 30 );
@@ -1837,6 +1881,8 @@ public static function send_password_reset_emails( $user ) {
18371881 * Filters whether or not to email the site admin when a user's password has been
18381882 * compromised and reset.
18391883 *
1884+ * @since 0.8.0
1885+ *
18401886 * @param bool $reset `true` to notify the admin, `false` to not notify them.
18411887 */
18421888 $ notify_admin = apply_filters ( 'two_factor_notify_admin_user_password_reset ' , true );
@@ -2056,7 +2102,9 @@ private static function get_recommended_providers( $user ) {
20562102 );
20572103
20582104 /**
2059- * Set the keys of the recommended (secure) methods.
2105+ * Filters the keys of the recommended (secure) methods.
2106+ *
2107+ * @since 0.14.0
20602108 *
20612109 * @param array $recommended_providers The recommended providers.
20622110 * @param WP_User $user The user.
@@ -2360,6 +2408,13 @@ public static function rememberme() {
23602408 $ rememberme = true ;
23612409 }
23622410
2411+ /**
2412+ * Filters whether the login session should persist between browser sessions.
2413+ *
2414+ * @since 0.5.0
2415+ *
2416+ * @param bool $rememberme Whether to remember the user. Default false.
2417+ */
23632418 return (bool ) apply_filters ( 'two_factor_rememberme ' , $ rememberme );
23642419 }
23652420
0 commit comments