PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 1.6.0
WP 2FA – Two-factor authentication for WordPress v1.6.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / UserNotices.php
wp-2fa / includes / classes / Admin Last commit date
SettingsPage.php 5 years ago SetupWizard.php 5 years ago UserListing.php 5 years ago UserNotices.php 5 years ago UserProfile.php 5 years ago UserRegistered.php 5 years ago
UserNotices.php
142 lines
1 <?php // phpcs:ignore
2
3 namespace WP2FA\Admin;
4
5 use WP2FA\Utils\DateTimeUtils;
6 use \WP2FA\WP2FA as WP2FA;
7 use \WP2FA\Authenticator\Authentication as Authentication;
8
9 /**
10 * UserNotices - Class for displaying notices to our users.
11 */
12 class UserNotices {
13
14 /**
15 * Lets set things up
16 */
17 public function __construct() {
18 $enforcement_policy = WP2FA::get_wp2fa_setting( 'enforcement-policy' );
19 if ( ! empty( $enforcement_policy ) ) {
20 // Check we are supposed to, before adding action to show nag.
21 if ( in_array( $enforcement_policy, [ 'all-users', 'certain-roles-only', 'certain-users-only', 'superadmins-only' ] ) ) {
22 add_action( 'admin_notices', array( $this, 'user_setup_2fa_nag' ) );
23 add_action( 'network_admin_notices', array( $this, 'user_setup_2fa_nag' ) );
24 } elseif ( 'do-not-enforce' === WP2FA::get_wp2fa_setting( 'enforcement-policy' ) ) {
25 add_action( 'admin_notices', array( $this, 'user_reconfigure_2fa_nag' ) );
26 add_action( 'network_admin_notices', array( $this, 'user_setup_2fa_nag' ) );
27 }
28 }
29 }
30
31 /**
32 * The nag content
33 */
34 public function user_setup_2fa_nag( $is_shortcode = '', $configure_2fa_url = '' ) {
35
36 $user = wp_get_current_user();
37
38 if ( isset( $_GET['user_id'] ) ) {
39 $current_profile_user_id = (int) $_GET['user_id'];
40 } elseif ( ! empty( $user ) ) {
41 $current_profile_user_id = $user->ID;
42 } else {
43 $current_profile_user_id = false;
44 }
45
46 if ( ! $current_profile_user_id || isset( $_GET['user_id'] ) && $_GET['user_id'] !== $user->ID || get_user_meta( $user->ID, 'wp_2fa_user_enforced_instantly', true ) ) {
47 return;
48 }
49
50 $class = 'notice notice-info wp-2fa-nag';
51 $grace_expiry = get_user_meta( $user->ID, 'wp_2fa_grace_period_expiry', true );
52 $reconfigure_2fa = get_user_meta( $user->ID, 'wp_2fa_user_needs_to_reconfigure_2fa', true );
53
54 if ( $reconfigure_2fa ) {
55 $message = esc_html__( 'The 2FA method you were using is no longer allowed on this website. Please reconfigure 2FA using one of the supported methods within', 'wp-2fa' );
56 } else {
57 $message = esc_html__( 'This website’s administrator requires you to enable 2FA authentication', 'wp-2fa' );
58 }
59
60 $is_nag_dismissed = get_user_meta( $user->ID, 'wp_2fa_update_nag_dismissed', true );
61 $is_nag_needed = Authentication::is_user_eligible_for_2fa( $user->ID );
62 $is_user_excluded = WP2FA::is_user_excluded( $user->ID );
63 $enabled_methods = get_user_meta( $user->ID, 'wp_2fa_enabled_methods', true );
64 $page_url = ( WP2FA::is_this_multisite() ) ? 'index.php' : 'options-general.php';
65 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
66 $new_page_permalink = get_permalink( $new_page_id );
67
68 $setup_url = add_query_arg(
69 array(
70 'page' => 'wp-2fa-setup',
71 ),
72 admin_url( $page_url )
73 );
74
75 // Allow setup URL to be customized if outputting via shortcode.
76 if ( isset( $is_shortcode ) && 'output_shortcode' === $is_shortcode && ! empty( $configure_2fa_url ) ) {
77 $setup_url = $configure_2fa_url;
78 }
79
80 // If we have a custom page generated, lets use it.
81 if ( ! empty( $new_page_id ) && $new_page_permalink ) {
82 $setup_url = $new_page_permalink;
83 }
84
85
86 // If the nag has not already been dismissed, and of course if the user is eligible, lets show them something.
87 if ( ! $is_nag_dismissed && $is_nag_needed && empty( $enabled_methods ) && ! $is_user_excluded && ! empty( $grace_expiry ) ) {
88 echo '<div class="'.esc_attr( $class ).'">';
89 echo '<p>'.esc_html( $message );
90 echo ' <span class="grace-period-countdown">'.esc_attr( DateTimeUtils::format_grace_period_expiration_string(null, $grace_expiry) ).'</span>';
91 echo ' <a href="'.esc_url( $setup_url ).'" class="button button-primary">'.esc_html__( 'Configure 2FA now', 'wp-2fa' ).'</a>';
92 echo ' <a href="#" class="button button-secondary dismiss-user-configure-nag">'.esc_html__( 'Remind me on next login', 'wp-2fa' ).'</a></p>';
93 echo '</div>';
94 }
95 }
96
97 /**
98 * The nag content
99 */
100 public function user_reconfigure_2fa_nag() {
101 $class = 'notice notice-info wp-2fa-nag';
102 $user = wp_get_current_user();
103 $reconfigure_2fa = get_user_meta( $user->ID, 'wp_2fa_user_needs_to_reconfigure_2fa', true );
104
105 $message = esc_html__( 'The 2FA method you were using is no longer allowed on this website. Please reconfigure 2FA using one of the supported methods.', 'wp-2fa' );
106
107 $enabled_methods = get_user_meta( $user->ID, 'wp_2fa_enabled_methods', true );
108 // If the nag has not already been dismissed, and of course if the user is eligible, lets show them something.
109 if ( ! empty( $reconfigure_2fa ) && empty( $enabled_methods ) ) {
110 echo '<div class="'.esc_attr( $class ).'"><p>'.esc_html( $message );
111 echo ' <a href="'.esc_url( admin_url( 'options-general.php?page=wp-2fa-setup' ) ).'" class="button button-primary">'.esc_html__( 'Configure 2FA now', 'wp-2fa' ).'</a>';
112 echo ' <a href="#" class="button button-secondary dismiss-user-reconfigure-nag">'.esc_html__( 'I\'ll do it later', 'wp-2fa' ).'</a></p>';
113 echo '</div>';
114 }
115 }
116
117 /**
118 * Dismiss notice and setup a user meta value so we know its been dismissed
119 */
120 public function dismiss_nag() {
121 $user = wp_get_current_user();
122 $updated = update_user_meta( $user->ID, 'wp_2fa_update_nag_dismissed', true );
123 }
124
125 /**
126 * Dismiss reconfigure nag
127 */
128 public function dismiss_reconfigure_nag() {
129 $user = wp_get_current_user();
130 $updated = delete_user_meta( $user->ID, 'wp_2fa_user_needs_to_reconfigure_2fa' );
131 }
132
133 /**
134 * Reset the nag when the user logs out, so they get it again next time.
135 */
136 public function reset_nag() {
137 $user = wp_get_current_user();
138 $deleted = delete_user_meta( $user->ID, 'wp_2fa_update_nag_dismissed' );
139 }
140
141 }
142