class-rsssl-two-fa-status.php — Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 9.5.9

really-simple-ssl / security / wordpress / two-fa / class-rsssl-two-fa-status.php

really-simple-ssl / security / wordpress / two-fa Last commit date

class-rsssl-two-fa-status.php

109 lines

1	<?php
2	/**
3	* Two-Factor Authentication.
4	* Status class.
5	*
6	* @package REALLY_SIMPLE_SSL
7	*/
8
9	namespace RSSSL\Security\WordPress\Two_Fa;
10
11	use RSSSL\Security\WordPress\Two_Fa\Providers\Rsssl_Provider_Loader;
12	use RSSSL\Security\WordPress\Two_Fa\Traits\Rsssl_Two_Fa_Helper;
13	use WP_User;
14
15
16	/**
17	* Class Rsssl_Two_Fa_Status
18	*
19	* Represents the two-factor authentication status.
20	*
21	* @package REALLY_SIMPLE_SSL
22	*/
23	class Rsssl_Two_Fa_Status {
24
25	use Rsssl_Two_Fa_Helper;
26
27	public const STATUSES = array( 'disabled', 'open', 'active' ); // This is a list of all available statuses.
28
29	/**
30	* Get the status of two-factor authentication for a user.
31	*
32	* @param WP_User $user (optional) The user for which to retrieve the status. Defaults to current user.
33	*
34	* @return array An associative array where the method names are the keys and the status values are the values.
35	* The status can be one of the following: 'disabled' if the method is disabled for the user,
36	* 'enabled' if the method is enabled for the user, or 'unknown' if the status could not be determined.
37	*/
38	public static function get_user_two_fa_status( WP_User $user ): array {
39	$loader = Rsssl_Provider_Loader::get_loader();
40	$two_fa_providers = $loader::TWO_FA_PROVIDERS; // Assume this function returns all available methods.
41	$statuses = array();
42
43	foreach ( $two_fa_providers as $two_fa_provider ) {
44	$status = self::get_user_status( $two_fa_provider, $user->ID );
45	$statuses[ $two_fa_provider ] = $status ?: 'disabled';
46	}
47	return $statuses;
48	}
49
50	/**
51	* Get the user's two-factor authentication status.
52	*
53	* @param string $method The authentication method used by the user.
54	* @param int $user_id The ID of the user.
55	*
56	* @return string The user's two-factor authentication status (enabled or disabled).
57	*/
58	public static function get_user_status( string $method, int $user_id ): string {
59	$activated = $method === 'email' ? '_email' : '_' . self::sanitize_method( $method );
60
61	// Check the roles per method if they are enabled.
62	$enabled_roles = rsssl_get_option( 'two_fa_enabled_roles'.$activated, array());
63
64	if ( empty( $enabled_roles ) && self::is_user_role_enabled( $user_id, $enabled_roles )) {
65	return 'disabled';
66	}
67
68	$status = get_user_meta( $user_id, "rsssl_two_fa_status_$method", true );
69
70	return self::sanitize_status( $status );
71	}
72
73	/**
74	* Delete two-factor authentication metadata for a user.
75	*
76	* @return void
77	*/
78	public static function delete_two_fa_meta(int $user_id ): void {
79	// Reset the user based on the providers list.
80	foreach ( Rsssl_Provider_Loader::get_loader()::available_providers() as $provider ) {
81	$provider::reset_meta_data( $user_id );
82	update_user_meta($user_id, 'rsssl_two_fa_last_login', gmdate('Y-m-d H:i:s'));
83	}
84	}
85
86	/**
87	* Checks if a user has any of the enabled roles.
88	*
89	* @param int $user_id The user ID.
90	* @param array $enabled_roles The enabled roles to check against.
91	*
92	* @return bool Returns true if the user has any of the enabled roles, false otherwise.
93	*/
94	private static function is_user_role_enabled( int $user_id, array $enabled_roles ):bool {
95	$user = get_userdata( $user_id );
96
97	if ( ! $user ) {
98	return false;
99	}
100
101	foreach ( $user->roles as $role ) {
102	if ( in_array( $role, $enabled_roles, true ) ) {
103	return true;
104	}
105	}
106
107	return false;
108	}
109	}