PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.8.0
WP 2FA – Two-factor authentication for WordPress v2.8.0
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / class-user-notices.php
wp-2fa / includes / classes / Admin Last commit date
Controllers 1 year ago Fly-Out 1 year ago Helpers 1 year ago Methods 1 year ago SettingsPages 1 year ago Views 1 year ago class-help-contact-us.php 1 year ago class-plugin-updated-notice.php 1 year ago class-premium-features.php 1 year ago class-settings-page.php 1 year ago class-setup-wizard.php 1 year ago class-user-listing.php 1 year ago class-user-notices.php 1 year ago class-user-profile.php 1 year ago class-user-registered.php 1 year ago index.php 1 year ago
class-user-notices.php
261 lines
1 <?php
2 /**
3 * Responsible for WP2FA user's notifying.
4 *
5 * @package wp2fa
6 * @subpackage user-utils
7 * @copyright 2024 Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 namespace WP2FA\Admin;
13
14 use WP2FA\WP2FA;
15 use WP2FA\Extensions_Loader;
16 use WP2FA\Admin\Helpers\WP_Helper;
17 use WP2FA\Freemius\User_Licensing;
18 use WP2FA\Admin\Controllers\Methods;
19 use WP2FA\Admin\Helpers\User_Helper;
20 use WP2FA\Admin\Controllers\Settings;
21 use WP2FA\Admin\Views\Grace_Period_Notifications;
22 use WP2FA\Extensions\WhiteLabeling\White_Labeling_Render;
23
24 /**
25 * User_Notices class with user notification filters
26 *
27 * @since 2.4.0
28 */
29 if ( ! class_exists( '\WP2FA\Admin\User_Notices' ) ) {
30 /**
31 * User_Notices - Class for displaying notices to our users.
32 */
33 class User_Notices {
34
35 /**
36 * Lets set things up
37 */
38 public static function init() {
39 $enforcement_policy = WP2FA::get_wp2fa_setting( 'enforcement-policy' );
40 if ( ! empty( $enforcement_policy ) ) {
41 // Check we are supposed to, before adding action to show nag.
42 if ( in_array( $enforcement_policy, array( 'all-users', 'certain-roles-only', 'certain-users-only', 'superadmins-only', 'superadmins-siteadmins-only', 'enforce-on-multisite', true ), true ) ) {
43 $global_methods = Methods::get_available_2fa_methods();
44 $user = User_Helper::get_user_object();
45 $users_method = User_Helper::get_enabled_method_for_user( User_Helper::get_user_object() );
46
47 if ( Grace_Period_Notifications::notify_using_dashboard( User_Helper::get_user_object() ) ) {
48 add_action( 'admin_notices', array( __CLASS__, 'user_setup_2fa_nag' ) );
49 add_action( 'network_admin_notices', array( __CLASS__, 'user_setup_2fa_nag' ) );
50 }
51
52 // If enaabled method is no longer available, show nag so users reconfigures using an available remaining method.
53 if ( User_Helper::is_enforced( $user ) && ! empty( $users_method ) && empty( \array_intersect( array( $users_method ), $global_methods ) ) ) {
54 }
55 } elseif ( 'do-not-enforce' === WP2FA::get_wp2fa_setting( 'enforcement-policy' ) ) {
56 add_action( 'admin_notices', array( __CLASS__, 'user_reconfigure_2fa_nag' ) );
57 add_action( 'network_admin_notices', array( __CLASS__, 'user_setup_2fa_nag' ) );
58 }
59 }
60 }
61
62 /**
63 * The nag content
64 *
65 * @param string $is_shortcode - Is that a call from shortcode.
66 * @param string $configure_2fa_url - The configuration url.
67 *
68 * @return void
69 */
70 public static function user_setup_2fa_nag( $is_shortcode = '', $configure_2fa_url = '' ) {
71
72 if ( isset( $_GET['user_id'] ) ) { // phpcs:ignore
73 $current_profile_user_id = (int) $_GET['user_id']; // phpcs:ignore
74 } elseif ( ! is_null( User_Helper::get_user_object() ) ) {
75 $current_profile_user_id = User_Helper::get_user_object()->ID;
76 } else {
77 $current_profile_user_id = false;
78 }
79
80 if ( ! $current_profile_user_id ||
81 isset( $_GET['user_id'] ) && // phpcs:ignore
82 $_GET['user_id'] !== User_Helper::get_user_object()->ID || // phpcs:ignore
83 User_Helper::get_user_enforced_instantly( User_Helper::get_user_object() ) ) {
84 return;
85 }
86
87 $grace_expiry = (int) User_Helper::get_user_expiry_date( User_Helper::get_user_object() );
88
89 $class = 'notice notice-info wp-2fa-nag';
90
91 if ( User_Helper::get_user_needs_to_reconfigure_2fa( User_Helper::get_user_object() ) ) {
92 $message = WP2FA::get_wp2fa_white_label_setting( 'default-2fa-resetup-required-notice', true );
93 } else {
94 $message = WP2FA::get_wp2fa_white_label_setting( 'default-2fa-required-notice', true );
95 }
96
97 $is_nag_dismissed = User_Helper::get_nag_status();
98 $is_nag_needed = User_Helper::is_enforced( User_Helper::get_user_object()->ID );
99 $is_user_excluded = User_Helper::is_excluded( User_Helper::get_user_object()->ID );
100 $enabled_methods = User_Helper::get_enabled_method_for_user( User_Helper::get_user_object() );
101 $new_page_id = WP2FA::get_wp2fa_setting( 'custom-user-page-id' );
102
103 if ( empty( $new_page_id ) ) {
104 $new_page_id = Settings::get_custom_settings_page_id( '', User_Helper::get_user_object() );
105 }
106
107 $new_page_permalink = get_permalink( $new_page_id );
108
109 $setup_url = Settings::get_setup_page_link();
110
111 // Allow setup URL to be customized if outputting via shortcode.
112 if ( isset( $is_shortcode ) && 'output_shortcode' === $is_shortcode && ! empty( $configure_2fa_url ) ) {
113 $setup_url = $configure_2fa_url;
114 }
115
116 // Stop the page from being a link to a page this user cant access if needed.
117 if ( WP_Helper::is_multisite() && ! is_user_member_of_blog( User_Helper::get_user_object()->ID ) ) {
118 $new_page_id = false;
119 }
120
121 // If we have a custom page generated, lets use it.
122 if ( ! empty( $new_page_id ) && $new_page_permalink ) {
123 $setup_url = $new_page_permalink;
124 }
125
126 // If the nag has not already been dismissed, and of course if the user is eligible, lets show them something.
127 if ( ! $is_nag_dismissed && $is_nag_needed && empty( $enabled_methods ) && ! $is_user_excluded && ! empty( $grace_expiry ) ) {
128
129 $show = true;
130
131 if ( class_exists( '\WP2FA\Freemius\User_Licensing' ) ) {
132 if ( Extensions_Loader::use_proxytron() ) {
133 $show = User_Licensing::enable_2fa_user_setting( true );
134 }
135 }
136
137 if ( $show ) {
138 echo '<div class="' . \esc_attr( $class ) . '">';
139 echo wpautop( \wp_kses_post( WP2FA::replace_remaining_grace_period( $message, (int) $grace_expiry ) ) ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
140 echo ' <a href="' . \esc_url( $setup_url ) . '" class="button button-primary">' . \esc_html__( 'Configure 2FA now', 'wp-2fa' ) . '</a>';
141 echo ' <a href="#" class="button button-secondary dismiss-user-configure-nag">' . \esc_html__( 'Remind me on next login', 'wp-2fa' ) . '</a></p>';
142 echo '</div>';
143 }
144 } else {
145 self::user_reconfigure_2fa_nag();
146 }
147 }
148
149 /**
150 * The nag content
151 */
152 public static function user_reconfigure_2fa_nag() {
153
154 // If the nag has not already been dismissed, and of course if the user is eligible, lets show them something.
155 if ( User_Helper::needs_to_reconfigure_method() ) {
156 $class = 'notice notice-info wp-2fa-nag';
157
158 $message = \esc_html__( 'The 2FA method you were using is no longer allowed on this website. Please reconfigure 2FA using one of the supported methods.', 'wp-2fa' );
159
160 echo '<div class="' . \esc_attr( $class ) . '"><p>' . \esc_html( $message );
161 echo ' <a href="' . \esc_url( Settings::get_setup_page_link() ) . '" class="button button-primary">' . \esc_html__( 'Configure 2FA now', 'wp-2fa' ) . '</a>';
162 echo ' <a href="#" class="button button-secondary wp-2fa-button-secondary dismiss-user-reconfigure-nag">' . \esc_html__( 'I\'ll do it later', 'wp-2fa' ) . '</a></p>';
163 echo '</div>';
164 }
165 }
166
167
168 /**
169 * Dismiss notice and setup a user meta value so we know its been dismissed
170 */
171 public static function dismiss_nag() {
172 User_Helper::set_nag_status( true );
173 }
174
175 /**
176 * Reset the nag when the user logs out, so they get it again next time.
177 *
178 * @param [type] $user_id - The ID of the user.
179 *
180 * @return void
181 */
182 public static function reset_nag( $user_id ) {
183 User_Helper::remove_nag_status( $user_id );
184 }
185
186 /**
187 * Adds setting option in the white label settings page.
188 *
189 * @return void
190 *
191 * @since 2.5.0
192 */
193 public static function white_label_settings_text() {
194 ?>
195 <tr>
196 <th><label for="email-backup-method"><?php \esc_html_e( '2FA mandatory notice', 'wp-2fa' ); ?></label></th>
197 <td>
198 <?php
199 echo White_Labeling_Render::get_method_text_editor( 'default-2fa-required-notice' ); // phpcs:ignore
200 ?>
201 <div style="margin-top: 5px;"><span><strong><i><?php \esc_html_e( 'Note:', 'wp-2fa' ); ?></i></strong> <?php \esc_html_e( 'Only plain text is allowed.', 'wp-2fa' ); ?></span></div>
202 </td>
203 </tr>
204 <tr>
205 <th><label for="email-backup-method"><?php \esc_html_e( '2FA reconfiguration mandatory notice', 'wp-2fa' ); ?></label></th>
206 <td>
207 <?php
208 echo White_Labeling_Render::get_method_text_editor( 'default-2fa-resetup-required-notice' ); // phpcs:ignore
209 ?>
210 <div style="margin-top: 5px;"><span><strong><i><?php \esc_html_e( 'Note:', 'wp-2fa' ); ?></i></strong> <?php \esc_html_e( 'Only plain text is allowed.', 'wp-2fa' ); ?></span></div>
211 </td>
212 </tr>
213 <tr>
214 <th><label><?php \esc_html_e( 'User profile 2FA configuration area title', 'wp-2fa' ); ?></label></th>
215 <td>
216 <?php
217 echo White_Labeling_Render::get_method_text_editor( 'user-profile-form-preamble-title' ); // phpcs:ignore
218 ?>
219 <div style="margin-top: 5px;"><span><strong><i><?php \esc_html_e( 'Note:', 'wp-2fa' ); ?></i></strong> <?php \esc_html_e( 'Only plain text is allowed.', 'wp-2fa' ); ?></span></div>
220 </td>
221 </tr>
222 <tr>
223 <th><label><?php \esc_html_e( 'User profile 2FA configuration area description', 'wp-2fa' ); ?></label></th>
224 <td>
225 <?php
226 echo White_Labeling_Render::get_method_text_editor( 'user-profile-form-preamble-desc' ); // phpcs:ignore
227 ?>
228 <div style="margin-top: 5px;"><span><strong><i><?php \esc_html_e( 'Note:', 'wp-2fa' ); ?></i></strong> <?php \esc_html_e( 'Only plain text is allowed.', 'wp-2fa' ); ?></span></div>
229 </td>
230 </tr>
231 <?php
232 // phpcs:disable
233 // phpcs:enable
234 ?>
235 <?php
236 }
237
238 /**
239 * Adds and filters extension values in the settings store array ($output).
240 *
241 * @param array $output - Array with the currently stored settings.
242 * @param array $input - Array with the input ($_POST) values.
243 *
244 * @return array
245 *
246 * @since 2.5.0
247 */
248 public static function settings_store( array $output, array $input ) {
249 if ( isset( $input['default-2fa-required-notice'] ) ) {
250 $output['default-2fa-required-notice'] = \wp_kses_post( $input['default-2fa-required-notice'] );
251 }
252
253 if ( isset( $input['default-2fa-resetup-required-notice'] ) ) {
254 $output['default-2fa-resetup-required-notice'] = \wp_kses_post( $input['default-2fa-resetup-required-notice'] );
255 }
256
257 return $output;
258 }
259 }
260 }
261