CronTasks.php
96 lines
| 1 | <?php // phpcs:ignore |
| 2 | |
| 3 | namespace WP2FA\Cron; |
| 4 | |
| 5 | use WP2FA\Admin\SettingsPage; |
| 6 | use WP2FA\Utils\UserUtils; |
| 7 | use \WP2FA\WP2FA as WP2FA; |
| 8 | use \WP2FA\Authenticator\Authentication as Authentication; |
| 9 | |
| 10 | /** |
| 11 | * Class for handling our crons. |
| 12 | */ |
| 13 | class CronTasks { |
| 14 | |
| 15 | /** |
| 16 | * Constructor. |
| 17 | */ |
| 18 | public function __construct() { |
| 19 | add_action( 'wp_2fa_check_grace_period_status', array( $this, 'wp_2fa_check_users_grace_period_status' ) ); |
| 20 | add_action( 'init', array( $this, 'register_check_users_grace_period_status_event' ) ); |
| 21 | } |
| 22 | |
| 23 | // This function will run once the 'wp_2fa_check_users_grace_period_status' is called |
| 24 | public function wp_2fa_check_users_grace_period_status() { |
| 25 | $users_args = array( |
| 26 | 'fields' => array( 'ID' ), |
| 27 | ); |
| 28 | if ( WP2FA::is_this_multisite() ) { |
| 29 | $users_args['blog_id'] = 0; |
| 30 | } |
| 31 | $settings = new SettingsPage(); |
| 32 | $users = UserUtils::get_all_user_ids( 'query', $users_args ); |
| 33 | |
| 34 | if ( ! is_array( $users ) ) { |
| 35 | $users = explode( ',', $users ); |
| 36 | } |
| 37 | |
| 38 | if ( ! empty( $users ) && 'do-not-enforce' !== WP2FA::get_wp2fa_setting( 'enforcement-policy' ) && ! empty( WP2FA::get_wp2fa_setting( 'enable_grace_cron' ) ) ) { |
| 39 | foreach ( $users as $user_id ) { |
| 40 | $grace_period_expiry_time = get_user_meta( $user_id, 'wp_2fa_grace_period_expiry', true ); |
| 41 | $grace_period_expired = get_user_meta( $user_id, 'wp_2fa_user_grace_period_expired', true ); |
| 42 | $locked_notification = get_user_meta( $user_id, 'wp_2fa_locked_account_notification', true ); |
| 43 | $is_user_forced_to_setup = get_user_meta( $user_id, 'wp_2fa_user_enforced_instantly', true ); |
| 44 | $is_needed = Authentication::is_user_eligible_for_2fa( $user_id ); |
| 45 | $is_user_excluded = WP2FA::is_user_excluded( $user_id ); |
| 46 | $time_now = time(); |
| 47 | if ( $grace_period_expiry_time < $time_now && $is_needed && ! $is_user_excluded && ! $is_user_forced_to_setup ) { |
| 48 | $grace_expired = update_user_meta( $user_id, 'wp_2fa_user_grace_period_expired', true ); |
| 49 | |
| 50 | // Send the email to alert the user, only if we have not done so before. |
| 51 | if ( ! $locked_notification ) { |
| 52 | $this->send_expired_grace_email( $user_id ); |
| 53 | $locked_account_notification = update_user_meta( $user_id, 'wp_2fa_locked_account_notification', true ); |
| 54 | } |
| 55 | |
| 56 | // Check if we also want to destory the user session now that the grace period has expired. |
| 57 | if ( ! empty( WP2FA::get_wp2fa_setting( 'enable_destroy_session' ) ) ) { |
| 58 | // Grab user session and kill it, preferably with fire. |
| 59 | $manager = \WP_Session_Tokens::get_instance( $user_id ); |
| 60 | $manager->destroy_all(); |
| 61 | } |
| 62 | } |
| 63 | } |
| 64 | } |
| 65 | } |
| 66 | |
| 67 | // Function which will register the event |
| 68 | function register_check_users_grace_period_status_event() { |
| 69 | // Make sure this event hasn't been scheduled |
| 70 | if ( ! wp_next_scheduled( 'wp_2fa_check_grace_period_status' ) && ! empty( WP2FA::get_wp2fa_setting( 'enable_grace_cron' ) ) ) { |
| 71 | // Schedule the event |
| 72 | wp_schedule_event( time(), 'hourly', 'wp_2fa_check_grace_period_status' ); |
| 73 | } |
| 74 | } |
| 75 | |
| 76 | /** |
| 77 | * Send email to setup authentication |
| 78 | */ |
| 79 | public static function send_expired_grace_email( $user_id ) { |
| 80 | // Bail if the user has not enabled this email. |
| 81 | if ( 'enable_account_locked_email' !== WP2FA::get_wp2fa_email_templates( 'send_account_locked_email' ) ) { |
| 82 | return false; |
| 83 | } |
| 84 | |
| 85 | // Grab user data |
| 86 | $user = get_userdata( $user_id ); |
| 87 | // Grab user email |
| 88 | $email = $user->user_email; |
| 89 | |
| 90 | $subject = wp_strip_all_tags( WP2FA::replace_email_strings( WP2FA::get_wp2fa_email_templates( 'user_account_locked_email_subject' ), $user_id ) ); |
| 91 | $message = wpautop( WP2FA::replace_email_strings( WP2FA::get_wp2fa_email_templates( 'user_account_locked_email_body' ), $user_id ) ); |
| 92 | |
| 93 | SettingsPage::send_email( $email, $subject, $message ); |
| 94 | } |
| 95 | } |
| 96 |