Is your enhancement related to a problem? Please describe.

I'd like to limit the available providers per user. Example code:

/**
 * Limit the possible providers to email and time-based one-time password.
 */
add_filter(
	'two_factor_providers',
	static fn( array $providers ): array =>
		array_intersect_key(
			$providers,
			[
				'Two_Factor_Email' => '',
				'Two_Factor_Totp'  => '',
			]
		)
);

/**
 * Require two factor authentication via email for all users without the manage_extended_two_factor capability.
 */
add_filter(
	'two_factor_enabled_providers_for_user',
	static fn( $providers, $user_id ) =>
		user_can( $user_id, 'manage_extended_two_factor' ) ? $providers : [ 'Two_Factor_Email' ],
	10,
	2
);
add_filter(
	'two_factor_primary_provider_for_user',
	static fn( $provider, $user_id ) =>
		user_can( $user_id, 'manage_extended_two_factor' ) ? $provider : 'Two_Factor_Email',
	10,
	2
);

While this does prevent users without the manage_extended_two_factor capability to use the TOTP provider, the UI still renders the TOTP option.

That's because the table uses the Two_Factor_Core::get_providers() method to render the list of providers which isn't user-specific.

Proposed Solution

I'm not sure if Two_Factor_Core::get_providers() should get an argument for a user or if there should be a wrapper for Two_Factor_Core::get_providers() like Two_Factor_Core::get_providers_for_user( $user ).

Looking at the current usage of Two_Factor_Core::get_providers(), in all cases we'd have a user ID available.

Designs

No response

Describe alternatives you've considered

No response

Please confirm that you have searched existing issues in this repository.

Yes