Add filter two_factor_email_token_length

providers/class-two-factor-email.php

@@ -77,7 +77,7 @@ public function get_label() {
 	 * @return string
 	 */
 	public function generate_token( $user_id ) {
-		$token = $this->get_code();
+		$token = $this->get_code( $this->get_token_length() );
 
 		update_user_meta( $user_id, self::TOKEN_META_KEY_TIMESTAMP, time() );
 		update_user_meta( $user_id, self::TOKEN_META_KEY, wp_hash( $token ) );
@@ -157,6 +157,17 @@ public function user_token_ttl( $user_id ) {
 		return (int) apply_filters( 'two_factor_token_ttl', $token_ttl, $user_id );
 	}
 
+	/**
+	 * Return the number of digits of the token.
+	 *
+	 * @return integer
+	 */
+
+	public function get_token_length() {
+		$token_length = 8;
+		return (int) apply_filters( 'two_factor_email_token_length', $token_length );
+	}
+
 	/**
 	 * Get the authentication token for the user.
 	 *

readme.txt

@@ -28,6 +28,7 @@ Here is a list of action and filter hooks provided by the plugin:
 - `two_factor_enabled_providers_for_user` filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.
 - `two_factor_user_authenticated` action which receives the logged in `WP_User` object as the first argument for determining the logged in user right after the authentication workflow.
 - `two_factor_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated.
+- `two_factor_email_token_length` filter overrides default number of digits (8) of the email token.
 
 == Screenshots ==