PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 1.5.2
WP 2FA – Two-factor authentication for WordPress v1.5.2
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / UserNotices.php
wp-2fa / includes / classes / Admin Last commit date
SettingsPage.php 5 years ago SetupWizard.php 5 years ago UserNotices.php 5 years ago UserProfile.php 5 years ago UserRegistered.php 5 years ago
UserNotices.php
151 lines
1 <?php // phpcs:ignore
2
3 namespace WP2FA\Admin;
4
5 use WP2FA\Utils\DateTimeUtils;
6 use \WP2FA\WP2FA as WP2FA;
7 use \WP2FA\Authenticator\Authentication as Authentication;
8
9 /**
10 * UserNotices - Class for displaying notices to our users.
11 */
12 class UserNotices {
13
14 /**
15 * Lets set things up
16 */
17 public function __construct() {
18 $enforcement_policy = WP2FA::get_wp2fa_setting( 'enforcement-policy' );
19 if ( ! empty( $enforcement_policy ) ) {
20 // Check we are supposed to, before adding action to show nag.
21 if ( in_array( $enforcement_policy, [ 'all-users', 'certain-roles-only', 'certain-users-only', 'superadmins-only' ] ) ) {
22 add_action( 'admin_notices', array( $this, 'user_setup_2fa_nag' ) );
23 add_action( 'network_admin_notices', array( $this, 'user_setup_2fa_nag' ) );
24 } elseif ( 'do-not-enforce' === WP2FA::get_wp2fa_setting( 'enforcement-policy' ) ) {
25 add_action( 'admin_notices', array( $this, 'user_reconfigure_2fa_nag' ) );
26 add_action( 'network_admin_notices', array( $this, 'user_setup_2fa_nag' ) );
27 }
28 }
29 }
30
31 /**
32 * The nag content
33 */
34 public function user_setup_2fa_nag( $is_shortcode = '', $configure_2fa_url = '' ) {
35
36 $user = wp_get_current_user();
37
38 if ( isset( $_GET['user_id'] ) ) {
39 $current_profile_user_id = (int) $_GET['user_id'];
40 } elseif ( ! empty( $user ) ) {
41 $current_profile_user_id = $user->ID;
42 } else {
43 $current_profile_user_id = false;
44 }
45
46 if ( ! $current_profile_user_id || isset( $_GET['user_id'] ) && $_GET['user_id'] !== $user->ID || get_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly', true ) ) {
47 return;
48 }
49
50 $class = 'notice notice-info wp-2fa-nag';
51 $grace_expiry = get_user_meta( $user->ID, 'wp_2fa_grace_period_expiry', true );
52 $reconfigure_2fa = get_user_meta( $user->ID, 'wp_2fa_user_needs_to_reconfigure_2fa', true );
53
54 if ( $reconfigure_2fa ) {
55 $message = esc_html__( 'The 2FA method you were using is no longer allowed on this website. Please reconfigure 2FA using one of the supported methods within', 'wp-2fa' );
56 } else {
57 $message = esc_html__( 'This website’s administrator requires you to enable 2FA authentication', 'wp-2fa' );
58 }
59
60 $is_nag_dismissed = get_user_meta( $user->ID, 'wp_2fa_update_nag_dismissed', true );
61 $is_nag_needed = Authentication::is_user_eligible_for_2fa( $user->ID );
62 $is_user_excluded = WP2FA::is_user_excluded( $user->ID );
63 $enabled_methods = get_user_meta( $user->ID, 'wp_2fa_enabled_methods', true );
64 $page_url = ( WP2FA::is_this_multisite() ) ? 'index.php' : 'options-general.php';
65 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
66 $new_page_permalink = get_permalink( $new_page_id );
67
68 $setup_url = add_query_arg(
69 array(
70 'page' => 'wp-2fa-setup',
71 ),
72 admin_url( $page_url )
73 );
74
75 // Allow setup URL to be customized if outputting via shortcode.
76 if ( isset( $is_shortcode ) && 'output_shortcode' === $is_shortcode && ! empty( $configure_2fa_url ) ) {
77 $setup_url = $configure_2fa_url;
78 }
79
80 // If we have a custom page generated, lets use it.
81 if ( ! empty( $new_page_id ) && $new_page_permalink ) {
82 $setup_url = $new_page_permalink;
83 }
84
85
86 // If the nag has not already been dismissed, and of course if the user is eligible, lets show them something.
87 if ( ! $is_nag_dismissed && $is_nag_needed && empty( $enabled_methods ) && ! $is_user_excluded && ! empty( $grace_expiry ) ) {
88 printf(
89 '<div class="%1$s"><p>%2$s <span class="grace-period-countdown">%3$s</span> <a href="%4$s" class="button button-primary">%5$s</a> <a href="#" class="button button-secondary dismiss-user-configure-nag">%6$s</a></p></div>',
90 esc_attr( $class ),
91 esc_html( $message ),
92 esc_attr( DateTimeUtils::format_grace_period_expiration_string(null, $grace_expiry) ),
93 esc_url( $setup_url ),
94 esc_html__( 'Configure 2FA now', 'wp-2fa' ),
95 esc_html__( 'Remind me on next login', 'wp-2fa' )
96 );
97 }
98 }
99
100 /**
101 * The nag content
102 */
103 public function user_reconfigure_2fa_nag() {
104 $class = 'notice notice-info wp-2fa-nag';
105 $grace_period = WP2FA::get_wp2fa_setting( 'grace-period-expiry-time' );
106 $user = wp_get_current_user();
107 $reconfigure_2fa = get_user_meta( $user->ID, 'wp_2fa_user_needs_to_reconfigure_2fa', true );
108
109 $message = esc_html__( 'The 2FA method you were using is no longer allowed on this website. Please reconfigure 2FA using one of the supported methods.', 'wp-2fa' );
110
111 $enabled_methods = get_user_meta( $user->ID, 'wp_2fa_enabled_methods', true );
112 // If the nag has not already been dismissed, and of course if the user is eligible, lets show them something.
113 if ( ! empty( $reconfigure_2fa ) && empty( $enabled_methods ) ) {
114 printf(
115 '<div class="%1$s"><p>%2$s <a href="%4$s" class="button button-primary">%5$s</a> <a href="#" class="button button-secondary dismiss-user-reconfigure-nag">%6$s</a></p></div>',
116 esc_attr( $class ),
117 esc_html( $message ),
118 esc_attr( $grace_period ),
119 esc_url( admin_url( 'options-general.php?page=wp-2fa-setup' ) ),
120 esc_html__( 'Configure 2FA now', 'wp-2fa' ),
121 esc_html__( 'I\'ll do it later', 'wp-2fa' )
122 );
123 }
124 }
125
126 /**
127 * Dismiss notice and setup a user meta value so we know its been dismissed
128 */
129 public function dismiss_nag() {
130 $user = wp_get_current_user();
131 $updated = update_user_meta( $user->ID, 'wp_2fa_update_nag_dismissed', true );
132 }
133
134 /**
135 * Dismiss reconfigure nag
136 */
137 public function dismiss_reconfigure_nag() {
138 $user = wp_get_current_user();
139 $updated = delete_user_meta( $user->ID, 'wp_2fa_user_needs_to_reconfigure_2fa' );
140 }
141
142 /**
143 * Reset the nag when the user logs out, so they get it again next time.
144 */
145 public function reset_nag() {
146 $user = wp_get_current_user();
147 $deleted = delete_user_meta( $user->ID, 'wp_2fa_update_nag_dismissed' );
148 }
149
150 }
151