PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.4.0
WP 2FA – Two-factor authentication for WordPress v2.4.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / App / grace-period / class-grace-period.php
wp-2fa / includes / classes / App / grace-period Last commit date
class-grace-period.php 3 years ago
class-grace-period.php
188 lines
1 <?php
2 /**
3 * Main file of the grace period settings extension class.
4 *
5 * @package wp2fa
6 * @subpackage grace-period
7 * @since 2.0.0
8 * @copyright 2023 WP White Security
9 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
10 * @link https://wordpress.org/plugins/wp-2fa/
11 */
12
13 namespace WP2FA\App;
14
15 use WP2FA\WP2FA;
16 use WP2FA\Admin\User;
17 use WP2FA\Admin\Helpers\User_Helper;
18 use WP2FA\Admin\Controllers\Settings;
19 use WP2FA\Extensions\RoleSettings\Role_Settings_Controller;
20
21 defined( 'ABSPATH' ) || exit; // Exit if accessed directly.
22
23 /**
24 * Grace period class
25 */
26 if ( ! class_exists( '\WP2FA\App\Grace_Period' ) ) {
27
28 /**
29 * Responsible for users which grace period has expired
30 *
31 * Gives the administrator the ability to select what action the plugin should take:
32 * - Lock the user
33 * - Force the user to set up their 2FA immediately
34 *
35 * @since 2.0.0
36 */
37 class Grace_Period {
38
39 /**
40 * Inits all the hooks
41 *
42 * @return void
43 *
44 * @since 2.0.0
45 */
46 public static function init() {
47 \add_filter( WP_2FA_PREFIX . 'after_grace_period', array( __CLASS__, 'grace_period_options' ), 10, 5 );
48 \add_filter( WP_2FA_PREFIX . 'loop_settings', array( __CLASS__, 'add_setting_value' ) );
49 \add_filter( WP_2FA_PREFIX . 'default_settings', array( __CLASS__, 'add_default_settings' ) );
50 \add_filter( WP_2FA_PREFIX . 'should_account_be_locked_on_grace_period_expiration', array( __CLASS__, 'maybe_prevent_account_lock' ), 10, 2 );
51 }
52
53 /**
54 * Prevent account locking if allowed, depending on the plugin settings.
55 *
56 * @param boolean $state - Current state of the checking.
57 * @param \WP2FA\Admin\User $user - The User class.
58 *
59 * @return bool
60 *
61 * @since 2.0.0
62 */
63 public static function maybe_prevent_account_lock( bool $state, User $user ) {
64 if ( 'configure-right-away' === Settings::get_role_or_default_setting( 'grace-policy-after-expire-action', $user->get_2fa_wp_user() ) ) {
65 User_Helper::set_user_enforced_instantly( true, $user->get_2fa_wp_user() );
66 return false;
67 }
68
69 return $state;
70 }
71
72 /**
73 * Collects the options for the main plugin settings page and returns them
74 *
75 * @param string $content - HTML content.
76 * @param string $role - The name of the role.
77 * @param string $name_prefix - Name prefix for the input name, includes the role name if provided.
78 * @param string $data_role - Data attribute - used by the JS.
79 * @param string $role_id - The role name, used to identify the inputs.
80 *
81 * @return string
82 *
83 * @since 2.0.0
84 */
85 public static function grace_period_options( string $content, string $role = '', string $name_prefix = '', string $data_role = '', string $role_id = '' ) {
86 return $content . self::grace_options( $role, $name_prefix, $data_role, $role_id );
87 }
88
89 /**
90 * Adds global plugin setting options
91 *
92 * @param array $loop_settings - Array with current plugin settings.
93 *
94 * @return array
95 *
96 * @since 2.0.0
97 */
98 public static function add_setting_value( array $loop_settings ) {
99 $loop_settings[] = 'grace-policy-after-expire-action';
100
101 return $loop_settings;
102 }
103
104 /**
105 * Checks the grace policy setting for the given user
106 *
107 * @param \WP_User $user - The user for which we have to check the settings.
108 *
109 * @return boolean
110 *
111 * @since 2.0.0
112 */
113 public static function is_set_up_immediately_set( \WP_User $user ) {
114 if ( 'configure-right-away' === Settings::get_role_or_default_setting( 'grace-policy-after-expire-action', $user ) ) {
115 return true;
116 }
117
118 return false;
119 }
120
121 /**
122 * Adds the extension default settings to the main plugin settings
123 *
124 * @param array $default_settings - array with plugin default settings.
125 *
126 * @return array
127 *
128 * @since 2.0.0
129 */
130 public static function add_default_settings( array $default_settings ) {
131 $default_settings['grace-policy-after-expire-action'] = 'configure-right-away';
132 return $default_settings;
133 }
134
135 /**
136 * Adds options to the settings page
137 *
138 * @param string $role - The name of the role.
139 * @param string $name_prefix - Name prefix for the input name, includes the role name if provided.
140 * @param string $data_role - Data attribute - used by the JS.
141 * @param string $role_id - The role name, used to identify the inputs.
142 *
143 * @return string
144 *
145 * @since 2.0.0
146 */
147 private static function grace_options( string $role = '', string $name_prefix = '', string $data_role = '', string $role_id = '' ): string {
148 ob_start();
149
150 if ( class_exists( 'WP2FA\Extensions\RoleSettings\Role_Settings_Controller' ) ) {
151 $expire_action = Role_Settings_Controller::get_setting( $role, 'grace-policy-after-expire-action', true );
152 } else {
153 $expire_action = Settings::get_role_or_default_setting( 'grace-policy-after-expire-action', null, null, true );
154 }
155
156 ?>
157 <p class="description" style="margin-top: 15px; margin-bottom: 8px;">
158 <?php echo \esc_html__( 'What should the plugin do with users who do not configure 2FA within the grace period?', 'wp-2fa' ); ?>
159 </p>
160 <fieldset>
161 <label for="configure-right-away<?php echo \esc_attr( $role_id ); ?>">
162 <input type="radio" name="<?php echo \esc_attr( $name_prefix ); ?>[grace-policy-after-expire-action]"
163 id="configure-right-away<?php echo \esc_attr( $role_id ); ?>"
164 <?php echo $data_role; // phpcs:ignore?>
165 value="configure-right-away" <?php checked( $expire_action, 'configure-right-away' ); ?> class="js-nested">
166 <span><?php echo \esc_html__( 'Do not let them access the dashboard / user page once they log in until they configure 2FA', 'wp-2fa' ); ?></span>
167 </label>
168
169 <br>
170 <div style="clear:both">
171 <label for="manual-block<?php echo \esc_attr( $role_id ); ?>">
172 <input type="radio" name="<?php echo \esc_attr( $name_prefix ); ?>[grace-policy-after-expire-action]" <?php checked( $expire_action, 'manual-block' ); ?>
173 id="manual-block<?php echo \esc_attr( $role_id ); ?>"
174 <?php echo $data_role; // phpcs:ignore?>
175 value="manual-block" class="js-nested">
176 <span><?php echo \esc_html__( 'Block the user (administrators have to manually unblock them)', 'wp-2fa' ); ?></span>
177 </label>
178 </div>
179 </fieldset>
180 <?php
181 $html_content = ob_get_contents();
182 ob_end_clean();
183
184 return $html_content;
185 }
186 }
187 }
188