PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 1.4.0
WP 2FA – Two-factor authentication for WordPress v1.4.0
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / BackgroundProcessing / ProcessUserMetaUpdate.php
wp-2fa / includes / classes / BackgroundProcessing Last commit date
ProcessUserMetaUpdate.php 5 years ago
ProcessUserMetaUpdate.php
177 lines
1 <?php // phpcs:ignore
2
3 namespace WP2FA\BackgroundProcessing;
4
5 use \WP2FA\Admin\SettingsPage as SettingsPage;
6 use \WP2FA\WP2FA as WP2FA;
7 use \WP2FA\Authenticator\Authentication as Authentication;
8
9 /**
10 * Class for handling our crons.
11 */
12 class ProcessUserMetaUpdate extends \WP_Background_Process {
13
14 /**
15 * Name of the cron we are going to attach these to.
16 *
17 * @var string
18 */
19 protected $action = '2fa_update_user_meta';
20
21 /**
22 * Task to perform in the BG
23 *
24 * @param object $item Consists of User ID, name of the job we want to do, and optional extras.
25 */
26 protected function task( $item ) {
27
28 if ( empty( $item ) || ! isset( $item ) ) {
29 return false;
30 }
31
32 // Delete grace period from user meta.
33 if ( isset( $item['task'] ) && 'delete_grace_period' === $item['task'] ) {
34 // Check if single user.
35 if ( isset( $item['user'] ) ) {
36 delete_user_meta( $item['user']->ID, 'wp_2fa_grace_period_expiry' );
37 delete_user_meta( $item['user']->ID, 'wp_2fa_user_enforced_instantly' );
38 }
39 // Check array of users.
40 if ( isset( $item['users'] ) ) {
41 foreach ( $item['users'] as $user ) {
42 delete_user_meta( $user->ID, 'wp_2fa_grace_period_expiry' );
43 delete_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly' );
44 }
45 }
46 }
47
48 // Remove enabled methods, happens when we disable and once enabled 2FA method.
49 if ( isset( $item['task'] ) && 'remove_enabled_methods' === $item['task'] ) {
50 if ( isset( $item['user'] ) ) {
51 $enabled = get_user_meta( $item['user']->ID, 'wp_2fa_enabled_methods', true );
52 delete_user_meta( $item['user']->ID, 'wp_2fa_enabled_methods' );
53 update_user_meta( $item['user']->ID, 'wp_2fa_user_needs_to_reconfigure_2fa', true );
54 }
55 if ( isset( $item['users'] ) ) {
56 foreach ( $item['users'] as $user ) {
57 $enabled = get_user_meta( $user->ID, 'wp_2fa_enabled_methods', true );
58 delete_user_meta( $user->ID, 'wp_2fa_enabled_methods' );
59 update_user_meta( $user->ID, 'wp_2fa_user_needs_to_reconfigure_2fa', true );
60 }
61 }
62 }
63
64 // Remove ALL 2FA user data from user meta.
65 if ( isset( $item['task'] ) && 'wipe_all_2fa_user_data' === $item['task'] ) {
66 if ( ! isset( $item['excluded_roles'] ) ) {
67 return false;
68 }
69
70 $excluded_roles_array = $item['excluded_roles'];
71
72 if ( isset( $item['user'] ) ) {
73 // Compare the user roles to the ones we are excluding and see if we get a match.
74 $user_info = get_userdata( $item['user']->ID );
75 $result = array_intersect( $excluded_roles_array, $user_info->roles );
76 // If we do, lets wipe!
77 if ( ! empty( $result ) ) {
78 $wipe_totp_key = delete_user_meta( $item['user']->ID, 'wp_2fa_totp_key' );
79 $wipe_backup_codes = delete_user_meta( $item['user']->ID, 'wp_2fa_backup_codes' );
80 $wipe_enabled_methods = delete_user_meta( $item['user']->ID, 'wp_2fa_enabled_methods' );
81 $wipe_grace_period = delete_user_meta( $item['user']->ID, 'wp_2fa_grace_period_expiry' );
82 $wipe_enforced_instantly = delete_user_meta( $item['user']->ID, 'wp_2fa_user_enforced_instantly' );
83 }
84 }
85
86 if ( isset( $item['users'] ) ) {
87 foreach ( $item['users'] as $user ) {
88 // Compare the user roles to the ones we are excluding and see if we get a match.
89 $user_info = get_userdata( $user->ID );
90 $result = array_intersect( $excluded_roles_array, $user_info->roles );
91 // If we do, lets wipe!
92 if ( ! empty( $result ) ) {
93 $wipe_totp_key = delete_user_meta( $user->ID, 'wp_2fa_totp_key' );
94 $wipe_backup_codes = delete_user_meta( $user->ID, 'wp_2fa_backup_codes' );
95 $wipe_enabled_methods = delete_user_meta( $user->ID, 'wp_2fa_enabled_methods' );
96 $wipe_grace_period = delete_user_meta( $user->ID, 'wp_2fa_grace_period_expiry' );
97 $wipe_enforced_instantly = delete_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly' );
98 }
99 }
100
101 }
102 }
103
104 // Enforce 2FA on a user.
105 if ( isset( $item['task'] ) && 'enforce_2fa_for_user' === $item['task'] ) {
106
107 // Check if a policy has been posted, so we know the freshest setting.
108 if ( isset( $item['grace_policy'] ) ) {
109 $grace_policy = sanitize_text_field( $item['grace_policy'] );
110 } else {
111 $grace_policy = WP2FA::get_wp2fa_setting( 'grace-policy' );
112 }
113
114 if ( isset( $item['grace-period-expiry-time'] ) ) {
115 $grace_policy_string = sanitize_text_field( $item['grace-period-expiry-time'] );
116 } else {
117 $grace_policy_string = WP2FA::get_wp2fa_setting( 'grace-period-expiry-time' );
118 }
119
120 // Check if want to apply the custom period, or instant expiry.
121 if ( 'use-grace-period' === $grace_policy ) {
122 $grace_expiry = (int) $item['grace_expiry'];
123 } else {
124 $grace_expiry = time();
125 }
126
127 if ( isset( $item['user'] ) ) {
128 $current = (int) get_user_meta( $item['user']->ID, 'wp_2fa_grace_period_expiry', true );
129 if ( $current !== $grace_expiry ) {
130 if ( 'use-grace-period' === $grace_policy ) {
131 delete_user_meta( $item['user']->ID, 'wp_2fa_user_enforced_instantly' );
132 }
133 update_user_meta( $item['user']->ID, 'wp_2fa_grace_period_expiry', $grace_expiry );
134 if ( 'no-grace-period' === $grace_policy ) {
135 update_user_meta( $item['user']->ID, 'wp_2fa_user_enforced_instantly', true );
136 }
137 if ( isset( $item['notify_users'] ) && ! empty( $item['notify_users'] ) ) {
138 SettingsPage::send_2fa_enforced_email( $item['user']->ID, $grace_policy_string );
139 }
140 }
141 }
142 if ( isset( $item['users'] ) ) {
143 foreach ( $item['users'] as $user ) {
144 $user = get_user_by( 'ID', $user->ID );
145 $current = (int) get_user_meta( $user->ID, 'wp_2fa_grace_period_expiry', true );
146 $is_needed = Authentication::is_user_eligible_for_2fa( $user->ID, $item['enforcment-policy'], $item['excluded_users'], $item['excluded_roles'], $item['enforced_users'], $item['enforced_roles'] );
147 $is_user_excluded = WP2FA::is_user_excluded( $user, $item['excluded_users'], $item['excluded_roles'], $item['excluded_sites'] );
148 if ( $is_needed && ! $is_user_excluded ) {
149 if ( $current !== $grace_expiry ) {
150 if ( 'use-grace-period' === $grace_policy ) {
151 delete_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly' );
152 }
153 update_user_meta( $user->ID, 'wp_2fa_grace_period_expiry', $grace_expiry );
154 if ( 'no-grace-period' === $grace_policy ) {
155 update_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly', true );
156 }
157 if ( isset( $item['notify_users'] ) && ! empty( $item['notify_users'] ) ) {
158 SettingsPage::send_2fa_enforced_email( $user->ID, $grace_policy_string );
159 }
160 }
161 }
162 }
163 }
164 }
165
166 return false;
167 }
168
169 /**
170 * Fire off event so we know the above tasks have completed.
171 */
172 protected function complete() {
173 parent::complete();
174 }
175
176 }
177