PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 1.4.1
WP 2FA – Two-factor authentication for WordPress v1.4.1
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / BackgroundProcessing / ProcessUserMetaUpdate.php
wp-2fa / includes / classes / BackgroundProcessing Last commit date
ProcessUserMetaUpdate.php 5 years ago
ProcessUserMetaUpdate.php
182 lines
1 <?php // phpcs:ignore
2
3 namespace WP2FA\BackgroundProcessing;
4
5 use \WP2FA\Admin\SettingsPage as SettingsPage;
6 use \WP2FA\WP2FA as WP2FA;
7 use \WP2FA\Authenticator\Authentication as Authentication;
8
9 /**
10 * Class for handling our crons.
11 */
12 class ProcessUserMetaUpdate extends \WP_Background_Process {
13
14 /**
15 * Name of the cron we are going to attach these to.
16 *
17 * @var string
18 */
19 protected $action = '2fa_update_user_meta';
20
21 /**
22 * Task to perform in the BG
23 *
24 * @param object $item Consists of User ID, name of the job we want to do, and optional extras.
25 */
26 protected function task( $item ) {
27
28 if ( empty( $item ) || ! isset( $item ) ) {
29 return false;
30 }
31
32 // Delete grace period from user meta.
33 if ( isset( $item['task'] ) && 'delete_grace_period' === $item['task'] ) {
34 // Check if single user.
35 if ( isset( $item['user'] ) ) {
36 delete_user_meta( $item['user']->ID, 'wp_2fa_grace_period_expiry' );
37 delete_user_meta( $item['user']->ID, 'wp_2fa_user_enforced_instantly' );
38 }
39 // Check array of users.
40 if ( isset( $item['users'] ) ) {
41 foreach ( $item['users'] as $user ) {
42 delete_user_meta( $user->ID, 'wp_2fa_grace_period_expiry' );
43 delete_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly' );
44 }
45 }
46 }
47
48 // Remove enabled methods, happens when we disable and once enabled 2FA method.
49 if ( isset( $item['task'] ) && 'remove_enabled_methods' === $item['task'] ) {
50 $method_to_remove = ( isset( $item['method_to_remove'] ) && ! empty( $item['method_to_remove'] ) ) ? $item['method_to_remove'] : false;
51 if ( isset( $item['user'] ) ) {
52 $enabled = get_user_meta( $item['user']->ID, 'wp_2fa_enabled_methods', true );
53 if ( ! empty( $method_to_remove ) && $method_to_remove === $enabled ) {
54 delete_user_meta( $item['user']->ID, 'wp_2fa_enabled_methods' );
55 update_user_meta( $item['user']->ID, 'wp_2fa_user_needs_to_reconfigure_2fa', true );
56 }
57 }
58 if ( isset( $item['users'] ) ) {
59 foreach ( $item['users'] as $user ) {
60 $enabled = get_user_meta( $user->ID, 'wp_2fa_enabled_methods', true );
61 if ( ! empty( $method_to_remove ) && $method_to_remove === $enabled ) {
62 delete_user_meta( $user->ID, 'wp_2fa_enabled_methods' );
63 update_user_meta( $user->ID, 'wp_2fa_user_needs_to_reconfigure_2fa', true );
64 }
65 }
66 }
67 }
68
69 // Remove ALL 2FA user data from user meta.
70 if ( isset( $item['task'] ) && 'wipe_all_2fa_user_data' === $item['task'] ) {
71 if ( ! isset( $item['excluded_roles'] ) ) {
72 return false;
73 }
74
75 $excluded_roles_array = $item['excluded_roles'];
76
77 if ( isset( $item['user'] ) ) {
78 // Compare the user roles to the ones we are excluding and see if we get a match.
79 $user_info = get_userdata( $item['user']->ID );
80 $result = array_intersect( $excluded_roles_array, $user_info->roles );
81 // If we do, lets wipe!
82 if ( ! empty( $result ) ) {
83 $wipe_totp_key = delete_user_meta( $item['user']->ID, 'wp_2fa_totp_key' );
84 $wipe_backup_codes = delete_user_meta( $item['user']->ID, 'wp_2fa_backup_codes' );
85 $wipe_enabled_methods = delete_user_meta( $item['user']->ID, 'wp_2fa_enabled_methods' );
86 $wipe_grace_period = delete_user_meta( $item['user']->ID, 'wp_2fa_grace_period_expiry' );
87 $wipe_enforced_instantly = delete_user_meta( $item['user']->ID, 'wp_2fa_user_enforced_instantly' );
88 }
89 }
90
91 if ( isset( $item['users'] ) ) {
92 foreach ( $item['users'] as $user ) {
93 // Compare the user roles to the ones we are excluding and see if we get a match.
94 $user_info = get_userdata( $user->ID );
95 $result = array_intersect( $excluded_roles_array, $user_info->roles );
96 // If we do, lets wipe!
97 if ( ! empty( $result ) ) {
98 $wipe_totp_key = delete_user_meta( $user->ID, 'wp_2fa_totp_key' );
99 $wipe_backup_codes = delete_user_meta( $user->ID, 'wp_2fa_backup_codes' );
100 $wipe_enabled_methods = delete_user_meta( $user->ID, 'wp_2fa_enabled_methods' );
101 $wipe_grace_period = delete_user_meta( $user->ID, 'wp_2fa_grace_period_expiry' );
102 $wipe_enforced_instantly = delete_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly' );
103 }
104 }
105
106 }
107 }
108
109 // Enforce 2FA on a user.
110 if ( isset( $item['task'] ) && 'enforce_2fa_for_user' === $item['task'] ) {
111
112 // Check if a policy has been posted, so we know the freshest setting.
113 if ( isset( $item['grace_policy'] ) ) {
114 $grace_policy = sanitize_text_field( $item['grace_policy'] );
115 } else {
116 $grace_policy = WP2FA::get_wp2fa_setting( 'grace-policy' );
117 }
118
119 if ( isset( $item['grace-period-expiry-time'] ) ) {
120 $grace_policy_string = sanitize_text_field( $item['grace-period-expiry-time'] );
121 } else {
122 $grace_policy_string = WP2FA::get_wp2fa_setting( 'grace-period-expiry-time' );
123 }
124
125 // Check if want to apply the custom period, or instant expiry.
126 if ( 'use-grace-period' === $grace_policy ) {
127 $grace_expiry = (int) $item['grace_expiry'];
128 } else {
129 $grace_expiry = time();
130 }
131
132 if ( isset( $item['user'] ) ) {
133 $current = (int) get_user_meta( $item['user']->ID, 'wp_2fa_grace_period_expiry', true );
134 if ( $current !== $grace_expiry ) {
135 if ( 'use-grace-period' === $grace_policy ) {
136 delete_user_meta( $item['user']->ID, 'wp_2fa_user_enforced_instantly' );
137 }
138 update_user_meta( $item['user']->ID, 'wp_2fa_grace_period_expiry', $grace_expiry );
139 if ( 'no-grace-period' === $grace_policy ) {
140 update_user_meta( $item['user']->ID, 'wp_2fa_user_enforced_instantly', true );
141 }
142 if ( isset( $item['notify_users'] ) && ! empty( $item['notify_users'] ) ) {
143 SettingsPage::send_2fa_enforced_email( $item['user']->ID, $grace_policy_string );
144 }
145 }
146 }
147 if ( isset( $item['users'] ) ) {
148 foreach ( $item['users'] as $user ) {
149 $user = get_user_by( 'ID', $user->ID );
150 $current = (int) get_user_meta( $user->ID, 'wp_2fa_grace_period_expiry', true );
151 $is_needed = Authentication::is_user_eligible_for_2fa( $user->ID, $item['enforcment-policy'], $item['excluded_users'], $item['excluded_roles'], $item['enforced_users'], $item['enforced_roles'] );
152 $is_user_excluded = WP2FA::is_user_excluded( $user, $item['excluded_users'], $item['excluded_roles'], $item['excluded_sites'] );
153 if ( $is_needed && ! $is_user_excluded ) {
154 if ( $current !== $grace_expiry ) {
155 if ( 'use-grace-period' === $grace_policy ) {
156 delete_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly' );
157 }
158 update_user_meta( $user->ID, 'wp_2fa_grace_period_expiry', $grace_expiry );
159 if ( 'no-grace-period' === $grace_policy ) {
160 update_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly', true );
161 }
162 if ( isset( $item['notify_users'] ) && ! empty( $item['notify_users'] ) ) {
163 SettingsPage::send_2fa_enforced_email( $user->ID, $grace_policy_string );
164 }
165 }
166 }
167 }
168 }
169 }
170
171 return false;
172 }
173
174 /**
175 * Fire off event so we know the above tasks have completed.
176 */
177 protected function complete() {
178 parent::complete();
179 }
180
181 }
182