CronTasks.php
94 lines
| 1 | <?php // phpcs:ignore |
| 2 | |
| 3 | namespace WP2FA\Cron; |
| 4 | |
| 5 | use \WP2FA\WP2FA as WP2FA; |
| 6 | use \WP2FA\Authenticator\Authentication as Authentication; |
| 7 | |
| 8 | /** |
| 9 | * Class for handling our crons. |
| 10 | */ |
| 11 | class CronTasks { |
| 12 | |
| 13 | /** |
| 14 | * Constructor. |
| 15 | */ |
| 16 | public function __construct() { |
| 17 | add_action( 'wp_2fa_check_grace_period_status', array( $this, 'wp_2fa_check_users_grace_period_status' ) ); |
| 18 | add_action( 'init', array( $this, 'register_check_users_grace_period_status_event' ) ); |
| 19 | } |
| 20 | |
| 21 | // This function will run once the 'wp_2fa_check_users_grace_period_status' is called |
| 22 | public function wp_2fa_check_users_grace_period_status() { |
| 23 | $users = array(); |
| 24 | |
| 25 | if ( 'do-not-enforce' !== WP2FA::get_wp2fa_setting( 'enforcment-policy' ) && ! empty( WP2FA::get_wp2fa_setting( 'enable_grace_cron' ) ) ) { |
| 26 | if ( WP2FA::is_this_multisite() ) { |
| 27 | $users_args = array( 'blog_id' => 0 ); |
| 28 | } else { |
| 29 | $users_args = array(); |
| 30 | } |
| 31 | foreach ( get_users( $users_args ) as $user ) { |
| 32 | $grace_period_expiry_time = get_user_meta( $user->ID, 'wp_2fa_grace_period_expiry', true ); |
| 33 | $grace_period_expired = get_user_meta( $user->ID, 'wp_2fa_user_grace_period_expired', true ); |
| 34 | $locked_notification = get_user_meta( $user->ID, 'wp_2fa_locked_account_notification', true ); |
| 35 | $is_user_forced_to_setup = get_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly', true ); |
| 36 | $is_needed = Authentication::is_user_eligible_for_2fa( $user->ID ); |
| 37 | $is_user_excluded = WP2FA::is_user_excluded( $user->ID ); |
| 38 | $time_now = time(); |
| 39 | if ( $grace_period_expiry_time < $time_now && $is_needed && ! $is_user_excluded && ! $is_user_forced_to_setup ) { |
| 40 | $grace_expired = update_user_meta( $user->ID, 'wp_2fa_user_grace_period_expired', true ); |
| 41 | |
| 42 | // Send the email to alert the user, only if we have not done so before. |
| 43 | if ( ! $locked_notification ) { |
| 44 | $this->send_expired_grace_email( $user->ID ); |
| 45 | $locked_account_notification = update_user_meta( $user->ID, 'wp_2fa_locked_account_notification', true ); |
| 46 | } |
| 47 | |
| 48 | // Check if we also want to destory the user session now that the grace period has expired. |
| 49 | if ( ! empty( WP2FA::get_wp2fa_setting( 'enable_destroy_session' ) ) ) { |
| 50 | // Grab user session and kill it, preferably with fire. |
| 51 | $manager = \WP_Session_Tokens::get_instance( $user->ID ); |
| 52 | $manager->destroy_all(); |
| 53 | } |
| 54 | } |
| 55 | } |
| 56 | } |
| 57 | } |
| 58 | |
| 59 | // Function which will register the event |
| 60 | function register_check_users_grace_period_status_event() { |
| 61 | // Make sure this event hasn't been scheduled |
| 62 | if ( ! wp_next_scheduled( 'wp_2fa_check_grace_period_status' ) && ! empty( WP2FA::get_wp2fa_setting( 'enable_grace_cron' ) ) ) { |
| 63 | // Schedule the event |
| 64 | wp_schedule_event( time(), 'hourly', 'wp_2fa_check_grace_period_status' ); |
| 65 | } |
| 66 | } |
| 67 | |
| 68 | /** |
| 69 | * Send email to setup authentication |
| 70 | */ |
| 71 | public static function send_expired_grace_email( $user_id ) { |
| 72 | // Bail if the user has not enabled this email. |
| 73 | if ( 'enable_account_locked_email' !== WP2FA::get_wp2fa_email_templates( 'send_account_locked_email' ) ) { |
| 74 | return false; |
| 75 | } |
| 76 | |
| 77 | // Grab user data |
| 78 | $user = get_userdata( $user_id ); |
| 79 | // Grab user email |
| 80 | $email = $user->user_email; |
| 81 | |
| 82 | $subject = wp_strip_all_tags( WP2FA::replace_email_strings( WP2FA::get_wp2fa_email_templates( 'user_account_locked_email_subject' ), $user_id ) ); |
| 83 | $message = wpautop( WP2FA::replace_email_strings( WP2FA::get_wp2fa_email_templates( 'user_account_locked_email_body' ), $user_id ) ); |
| 84 | |
| 85 | $headers = 'Content-type: text/html;charset=utf-8' . "\r\n"; |
| 86 | |
| 87 | if ( 'use-custom-email' === WP2FA::get_wp2fa_email_templates( 'email_from_setting' ) ) { |
| 88 | $headers .= "From: ". WP2FA::get_wp2fa_email_templates( 'custom_from_display_name' ) ." <". WP2FA::get_wp2fa_email_templates( 'custom_from_email_address' ) .">" . "\r\n"; |
| 89 | } |
| 90 | |
| 91 | $mail = wp_mail( $user->user_email, $subject, $message, $headers ); |
| 92 | } |
| 93 | } |
| 94 |