PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.4.0
WP 2FA – Two-factor authentication for WordPress v2.4.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / class-user-notices.php
wp-2fa / includes / classes / Admin Last commit date
Controllers 3 years ago Helpers 3 years ago SettingsPages 3 years ago Views 3 years ago class-help-contact-us.php 3 years ago class-premium-features.php 3 years ago class-settings-page.php 3 years ago class-settingspage.php 3 years ago class-setup-wizard.php 3 years ago class-user-listing.php 3 years ago class-user-notices.php 3 years ago class-user-profile.php 3 years ago class-user-registered.php 3 years ago class-user.php 3 years ago index.php 5 years ago
class-user-notices.php
180 lines
1 <?php
2 /**
3 * Responsible for WP2FA user's notifying.
4 *
5 * @package wp2fa
6 * @subpackage user-utils
7 * @copyright 2023 WP White Security
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 namespace WP2FA\Admin;
13
14 use WP2FA\Admin\User;
15 use \WP2FA\WP2FA as WP2FA;
16 use WP2FA\Utils\Date_Time_Utils;
17 use WP2FA\Admin\Helpers\WP_Helper;
18 use WP2FA\Admin\Helpers\User_Helper;
19 use WP2FA\Admin\Controllers\Settings;
20
21 /**
22 * User_Notices class with user notification filters
23 *
24 * @since 2.4.0
25 */
26 if ( ! class_exists( '\WP2FA\Admin\User_Notices' ) ) {
27 /**
28 * User_Notices - Class for displaying notices to our users.
29 */
30 class User_Notices {
31 /**
32 * The WP User
33 *
34 * @var User
35 */
36 private static $wp2fa_user;
37
38 /**
39 * Lets set things up
40 */
41 public static function init() {
42 $enforcement_policy = WP2FA::get_wp2fa_setting( 'enforcement-policy' );
43 if ( ! empty( $enforcement_policy ) ) {
44 // Check we are supposed to, before adding action to show nag.
45 if ( in_array( $enforcement_policy, array( 'all-users', 'certain-roles-only', 'certain-users-only', 'superadmins-only', 'superadmins-siteadmins-only', 'enforce-on-multisite', true ), true ) ) {
46 add_action( 'admin_notices', array( __CLASS__, 'user_setup_2fa_nag' ) );
47 add_action( 'network_admin_notices', array( __CLASS__, 'user_setup_2fa_nag' ) );
48 } elseif ( 'do-not-enforce' === WP2FA::get_wp2fa_setting( 'enforcement-policy' ) ) {
49 add_action( 'admin_notices', array( __CLASS__, 'user_reconfigure_2fa_nag' ) );
50 add_action( 'network_admin_notices', array( __CLASS__, 'user_setup_2fa_nag' ) );
51 }
52 }
53 }
54
55 /**
56 * The nag content
57 *
58 * @param string $is_shortcode - Is that a call from shortcode.
59 * @param string $configure_2fa_url - The configuration url.
60 *
61 * @return void
62 */
63 public static function user_setup_2fa_nag( $is_shortcode = '', $configure_2fa_url = '' ) {
64
65 self::ensure_user();
66
67 if ( isset( $_GET['user_id'] ) ) { // phpcs:ignore
68 $current_profile_user_id = (int) $_GET['user_id']; // phpcs:ignore
69 } elseif ( ! is_null( self::$wp2fa_user->get_2fa_wp_user() ) ) {
70 $current_profile_user_id = self::$wp2fa_user->get_2fa_wp_user()->ID;
71 } else {
72 $current_profile_user_id = false;
73 }
74
75 if ( ! $current_profile_user_id ||
76 isset( $_GET['user_id'] ) && // phpcs:ignore
77 $_GET['user_id'] !== self::$wp2fa_user->get_2fa_wp_user()->ID || // phpcs:ignore
78 User_Helper::get_user_enforced_instantly( self::$wp2fa_user->get_2fa_wp_user() ) ) {
79 return;
80 }
81
82 $grace_expiry = (int) User_Helper::get_user_expiry_date( self::$wp2fa_user->get_2fa_wp_user() );
83
84 $class = 'notice notice-info wp-2fa-nag';
85
86 if ( User_Helper::get_user_needs_to_reconfigure_2fa( self::$wp2fa_user->get_2fa_wp_user() ) ) {
87 $message = esc_html__( 'The 2FA method you were using is no longer allowed on this website. Please reconfigure 2FA using one of the supported methods ', 'wp-2fa' );
88 } else {
89 $message = esc_html__( 'This website\'s administrator requires you to enable two-factor authentication (2FA) ', 'wp-2fa' );
90 }
91
92 $is_nag_dismissed = User_Helper::get_nag_status();
93 $is_nag_needed = User_Helper::is_enforced( self::$wp2fa_user->get_2fa_wp_user()->ID );
94 $is_user_excluded = User_Helper::is_excluded( self::$wp2fa_user->get_2fa_wp_user()->ID );
95 $enabled_methods = User_Helper::get_enabled_method_for_user( self::$wp2fa_user->get_2fa_wp_user() );
96 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
97 $new_page_permalink = get_permalink( $new_page_id );
98
99 $setup_url = Settings::get_setup_page_link();
100
101 // Allow setup URL to be customized if outputting via shortcode.
102 if ( isset( $is_shortcode ) && 'output_shortcode' === $is_shortcode && ! empty( $configure_2fa_url ) ) {
103 $setup_url = $configure_2fa_url;
104 }
105
106 // Stop the page from being a link to a page this user cant access if needed.
107 if ( WP_Helper::is_multisite() && ! is_user_member_of_blog( self::$wp2fa_user->get_2fa_wp_user()->ID ) ) {
108 $new_page_id = false;
109 }
110
111 // If we have a custom page generated, lets use it.
112 if ( ! empty( $new_page_id ) && $new_page_permalink ) {
113 $setup_url = $new_page_permalink;
114 }
115
116 // If the nag has not already been dismissed, and of course if the user is eligible, lets show them something.
117 if ( ! $is_nag_dismissed && $is_nag_needed && empty( $enabled_methods ) && ! $is_user_excluded && ! empty( $grace_expiry ) ) {
118 echo '<div class="' . esc_attr( $class ) . '">';
119 echo '<p>' . esc_html( $message );
120 echo ' <span class="grace-period-countdown">' . esc_attr( Date_Time_Utils::format_grace_period_expiration_string( null, $grace_expiry ) ) . '.</span><br>';
121 echo '<span>Failing to configure 2FA within this time period will result in a locked account. For more information, please contact your website administrator.</span>';
122 echo ' <a href="' . esc_url( $setup_url ) . '" class="button button-primary">' . esc_html__( 'Configure 2FA now', 'wp-2fa' ) . '</a>';
123 echo ' <a href="#" class="button button-secondary dismiss-user-configure-nag">' . esc_html__( 'Remind me on next login', 'wp-2fa' ) . '</a></p>';
124 echo '</div>';
125 } else {
126 self::user_reconfigure_2fa_nag();
127 }
128 }
129
130 /**
131 * The nag content
132 */
133 public static function user_reconfigure_2fa_nag() {
134
135 self::ensure_user();
136
137 // If the nag has not already been dismissed, and of course if the user is eligible, lets show them something.
138 if ( self::$wp2fa_user->needs_to_reconfigure_method() ) {
139 $class = 'notice notice-info wp-2fa-nag';
140
141 $message = esc_html__( 'The 2FA method you were using is no longer allowed on this website. Please reconfigure 2FA using one of the supported methods.', 'wp-2fa' );
142
143 echo '<div class="' . esc_attr( $class ) . '"><p>' . esc_html( $message );
144 echo ' <a href="' . esc_url( Settings::get_setup_page_link() ) . '" class="button button-primary">' . esc_html__( 'Configure 2FA now', 'wp-2fa' ) . '</a>';
145 echo ' <a href="#" class="button button-secondary wp-2fa-button-secondary dismiss-user-reconfigure-nag">' . esc_html__( 'I\'ll do it later', 'wp-2fa' ) . '</a></p>';
146 echo '</div>';
147 }
148 }
149
150 /**
151 * Dismiss notice and setup a user meta value so we know its been dismissed
152 */
153 public static function dismiss_nag() {
154 User_Helper::set_nag_status( true );
155 }
156
157 /**
158 * Reset the nag when the user logs out, so they get it again next time.
159 *
160 * @param [type] $user_id - The ID of the user.
161 *
162 * @return void
163 */
164 public static function reset_nag( $user_id ) {
165 User_Helper::remove_nag_status( $user_id );
166 }
167
168 /**
169 * Sets user variable
170 *
171 * @return void
172 */
173 private static function ensure_user() {
174 if ( ! isset( self::$wp2fa_user ) ) {
175 self::$wp2fa_user = User::get_instance();
176 }
177 }
178 }
179 }
180