Extension:EmailAuth/Hooks/EmailAuthRequireToken

EmailAuthRequireToken
Available from version ??? Decide whether verification via email is required for this login to succeed (and optionally modify the messaging)
Define function:	public static function onEmailAuthRequireToken( $user, &$verificationRequired, &$formMessage, &$subject, &$body, &$bodyHtml ) { ... }
Attach hook:	$wgHooks['EmailAuthRequireToken'][] = 'MyExtensionHooks::onEmailAuthRequireToken';
Called from:	File(s): EmailAuth / includes/EmailAuthSecondaryAuthenticationProvider.php

For more information about attaching hooks, see Manual:Hooks .
For examples of other extensions using this hook, see Category:EmailAuthRequireToken extensions.

The hook will be called on every login that would be successful. When $verificationRequired is changed to true, an extra step is added to the login: a six-letter verification code is emailed to the user, and must be entered for the login to succeed.

The meaning of the parameters:

$user (User): The user trying to log in.
&$verificationRequired: (bool) Change this to true to enable verification.
&$formMessage: (Message) Message telling the user they need to do an extra verification step.
&$subject: (string) subject of the email with the verification code
&$body: (string) body of the email with the verification code; last parameter must be the token and will be set later
&bodyHtml: (string) body of the email with the verification code in HTML format.

An example that will force email verification for all admins who do not use OATH:

$wgHooks['EmailAuthRequireToken'][] = function (
        $user,
        &$verificationRequired,
        &$formMessage,
        &$subject,
        &$body,
        &$bodyHtml
) {
    if (
        class_exists( OATHAuthUtils::class ) &&
        OATHAuthUtils::isEnabledFor( $user )
    ) {
        return;
    }

    if ( $user->isAllowed( 'delete' ) ) {
        $verificationRequired = true;
        return false;
    }
};