swissChili | f0cbdc3 | 2023-01-05 17:21:38 -0500 | [diff] [blame] | 1 | <?php |
| 2 | if ( ! class_exists( 'WC_Abstract_Privacy' ) ) { |
| 3 | return; |
| 4 | } |
| 5 | |
| 6 | class WC_Stripe_Privacy extends WC_Abstract_Privacy { |
| 7 | /** |
| 8 | * Constructor |
| 9 | */ |
| 10 | public function __construct() { |
| 11 | parent::__construct( __( 'Stripe', 'woocommerce-gateway-stripe' ) ); |
| 12 | |
| 13 | $this->add_exporter( 'woocommerce-gateway-stripe-order-data', __( 'WooCommerce Stripe Order Data', 'woocommerce-gateway-stripe' ), [ $this, 'order_data_exporter' ] ); |
| 14 | |
| 15 | if ( function_exists( 'wcs_get_subscriptions' ) ) { |
| 16 | $this->add_exporter( 'woocommerce-gateway-stripe-subscriptions-data', __( 'WooCommerce Stripe Subscriptions Data', 'woocommerce-gateway-stripe' ), [ $this, 'subscriptions_data_exporter' ] ); |
| 17 | } |
| 18 | |
| 19 | $this->add_exporter( 'woocommerce-gateway-stripe-customer-data', __( 'WooCommerce Stripe Customer Data', 'woocommerce-gateway-stripe' ), [ $this, 'customer_data_exporter' ] ); |
| 20 | |
| 21 | $this->add_eraser( 'woocommerce-gateway-stripe-customer-data', __( 'WooCommerce Stripe Customer Data', 'woocommerce-gateway-stripe' ), [ $this, 'customer_data_eraser' ] ); |
| 22 | $this->add_eraser( 'woocommerce-gateway-stripe-order-data', __( 'WooCommerce Stripe Data', 'woocommerce-gateway-stripe' ), [ $this, 'order_data_eraser' ] ); |
| 23 | |
| 24 | add_filter( 'woocommerce_get_settings_account', [ $this, 'account_settings' ] ); |
| 25 | } |
| 26 | |
| 27 | /** |
| 28 | * Add retention settings to account tab. |
| 29 | * |
| 30 | * @param array $settings |
| 31 | * @return array $settings Updated |
| 32 | */ |
| 33 | public function account_settings( $settings ) { |
| 34 | $insert_setting = [ |
| 35 | [ |
| 36 | 'title' => __( 'Retain Stripe Data', 'woocommerce-gateway-stripe' ), |
| 37 | 'desc_tip' => __( 'Retains any Stripe data such as Stripe customer ID, source ID.', 'woocommerce-gateway-stripe' ), |
| 38 | 'id' => 'woocommerce_gateway_stripe_retention', |
| 39 | 'type' => 'relative_date_selector', |
| 40 | 'placeholder' => __( 'N/A', 'woocommerce-gateway-stripe' ), |
| 41 | 'default' => '', |
| 42 | 'autoload' => false, |
| 43 | ], |
| 44 | ]; |
| 45 | |
| 46 | $index = null; |
| 47 | |
| 48 | foreach ( $settings as $key => $value ) { |
| 49 | if ( 'sectionend' === $value['type'] && 'personal_data_retention' === $value['id'] ) { |
| 50 | $index = $key; |
| 51 | break; |
| 52 | } |
| 53 | } |
| 54 | |
| 55 | if ( ! is_null( $index ) ) { |
| 56 | array_splice( $settings, $index, 0, $insert_setting ); |
| 57 | } |
| 58 | |
| 59 | return $settings; |
| 60 | } |
| 61 | |
| 62 | /** |
| 63 | * Returns a list of orders that are using one of Stripe's payment methods. |
| 64 | * |
| 65 | * @param string $email_address |
| 66 | * @param int $page |
| 67 | * |
| 68 | * @return array WP_Post |
| 69 | */ |
| 70 | protected function get_stripe_orders( $email_address, $page ) { |
| 71 | $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. |
| 72 | |
| 73 | $order_query = [ |
| 74 | 'payment_method' => [ 'stripe', 'stripe_alipay', 'stripe_bancontact', 'stripe_eps', 'stripe_giropay', 'stripe_ideal', 'stripe_multibanco', 'stripe_p24', 'stripe_sepa', 'stripe_sofort' ], |
| 75 | 'limit' => 10, |
| 76 | 'page' => $page, |
| 77 | ]; |
| 78 | |
| 79 | if ( $user instanceof WP_User ) { |
| 80 | $order_query['customer_id'] = (int) $user->ID; |
| 81 | } else { |
| 82 | $order_query['billing_email'] = $email_address; |
| 83 | } |
| 84 | |
| 85 | return wc_get_orders( $order_query ); |
| 86 | } |
| 87 | |
| 88 | /** |
| 89 | * Gets the message of the privacy to display. |
| 90 | */ |
| 91 | public function get_privacy_message() { |
| 92 | |
| 93 | $message = sprintf( |
| 94 | /* translators: 1) HTML anchor open tag 2) HTML anchor closing tag */ |
| 95 | esc_html__( 'By using this extension, you may be storing personal data or sharing data with an external service. %1$sLearn more about how this works, including what you may want to include in your privacy policy%2$s.', 'woocommerce-gateway-stripe' ), |
| 96 | '<a href="https://woocommerce.com/document/privacy-payments/#section-3" target="_blank">', |
| 97 | '</a>' |
| 98 | ); |
| 99 | |
| 100 | return wpautop( $message ); |
| 101 | } |
| 102 | |
| 103 | /** |
| 104 | * Handle exporting data for Orders. |
| 105 | * |
| 106 | * @param string $email_address E-mail address to export. |
| 107 | * @param int $page Pagination of data. |
| 108 | * |
| 109 | * @return array |
| 110 | */ |
| 111 | public function order_data_exporter( $email_address, $page = 1 ) { |
| 112 | $done = false; |
| 113 | $data_to_export = []; |
| 114 | |
| 115 | $orders = $this->get_stripe_orders( $email_address, (int) $page ); |
| 116 | |
| 117 | $done = true; |
| 118 | |
| 119 | if ( 0 < count( $orders ) ) { |
| 120 | foreach ( $orders as $order ) { |
| 121 | $data_to_export[] = [ |
| 122 | 'group_id' => 'woocommerce_orders', |
| 123 | 'group_label' => __( 'Orders', 'woocommerce-gateway-stripe' ), |
| 124 | 'item_id' => 'order-' . $order->get_id(), |
| 125 | 'data' => [ |
| 126 | [ |
| 127 | 'name' => __( 'Stripe payment id', 'woocommerce-gateway-stripe' ), |
| 128 | 'value' => get_post_meta( $order->get_id(), '_stripe_source_id', true ), |
| 129 | ], |
| 130 | [ |
| 131 | 'name' => __( 'Stripe customer id', 'woocommerce-gateway-stripe' ), |
| 132 | 'value' => get_post_meta( $order->get_id(), '_stripe_customer_id', true ), |
| 133 | ], |
| 134 | ], |
| 135 | ]; |
| 136 | } |
| 137 | |
| 138 | $done = 10 > count( $orders ); |
| 139 | } |
| 140 | |
| 141 | return [ |
| 142 | 'data' => $data_to_export, |
| 143 | 'done' => $done, |
| 144 | ]; |
| 145 | } |
| 146 | |
| 147 | /** |
| 148 | * Handle exporting data for Subscriptions. |
| 149 | * |
| 150 | * @param string $email_address E-mail address to export. |
| 151 | * @param int $page Pagination of data. |
| 152 | * |
| 153 | * @return array |
| 154 | */ |
| 155 | public function subscriptions_data_exporter( $email_address, $page = 1 ) { |
| 156 | $done = false; |
| 157 | $page = (int) $page; |
| 158 | $data_to_export = []; |
| 159 | |
| 160 | $meta_query = [ |
| 161 | 'relation' => 'AND', |
| 162 | [ |
| 163 | 'key' => '_payment_method', |
| 164 | 'value' => [ 'stripe', 'stripe_alipay', 'stripe_bancontact', 'stripe_eps', 'stripe_giropay', 'stripe_ideal', 'stripe_multibanco', 'stripe_p24', 'stripe_sepa', 'stripe_sofort' ], |
| 165 | 'compare' => 'IN', |
| 166 | ], |
| 167 | [ |
| 168 | 'key' => '_billing_email', |
| 169 | 'value' => $email_address, |
| 170 | 'compare' => '=', |
| 171 | ], |
| 172 | ]; |
| 173 | |
| 174 | $subscription_query = [ |
| 175 | 'posts_per_page' => 10, |
| 176 | 'page' => $page, |
| 177 | 'meta_query' => $meta_query, |
| 178 | ]; |
| 179 | |
| 180 | $subscriptions = wcs_get_subscriptions( $subscription_query ); |
| 181 | |
| 182 | $done = true; |
| 183 | |
| 184 | if ( 0 < count( $subscriptions ) ) { |
| 185 | foreach ( $subscriptions as $subscription ) { |
| 186 | $data_to_export[] = [ |
| 187 | 'group_id' => 'woocommerce_subscriptions', |
| 188 | 'group_label' => __( 'Subscriptions', 'woocommerce-gateway-stripe' ), |
| 189 | 'item_id' => 'subscription-' . $subscription->get_id(), |
| 190 | 'data' => [ |
| 191 | [ |
| 192 | 'name' => __( 'Stripe payment id', 'woocommerce-gateway-stripe' ), |
| 193 | 'value' => get_post_meta( $subscription->get_id(), '_stripe_source_id', true ), |
| 194 | ], |
| 195 | [ |
| 196 | 'name' => __( 'Stripe customer id', 'woocommerce-gateway-stripe' ), |
| 197 | 'value' => get_post_meta( $subscription->get_id(), '_stripe_customer_id', true ), |
| 198 | ], |
| 199 | ], |
| 200 | ]; |
| 201 | } |
| 202 | |
| 203 | $done = 10 > count( $subscriptions ); |
| 204 | } |
| 205 | |
| 206 | return [ |
| 207 | 'data' => $data_to_export, |
| 208 | 'done' => $done, |
| 209 | ]; |
| 210 | } |
| 211 | |
| 212 | /** |
| 213 | * Finds and exports customer data by email address. |
| 214 | * |
| 215 | * @param string $email_address The user email address. |
| 216 | * @param int $page Page. |
| 217 | * @return array An array of personal data in name value pairs |
| 218 | */ |
| 219 | public function customer_data_exporter( $email_address, $page ) { |
| 220 | $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. |
| 221 | $data_to_export = []; |
| 222 | |
| 223 | if ( $user instanceof WP_User ) { |
| 224 | $stripe_user = new WC_Stripe_Customer( $user->ID ); |
| 225 | |
| 226 | $data_to_export[] = [ |
| 227 | 'group_id' => 'woocommerce_customer', |
| 228 | 'group_label' => __( 'Customer Data', 'woocommerce-gateway-stripe' ), |
| 229 | 'item_id' => 'user', |
| 230 | 'data' => [ |
| 231 | [ |
| 232 | 'name' => __( 'Stripe payment id', 'woocommerce-gateway-stripe' ), |
| 233 | 'value' => get_user_option( '_stripe_source_id', $user->ID ), |
| 234 | ], |
| 235 | [ |
| 236 | 'name' => __( 'Stripe customer id', 'woocommerce-gateway-stripe' ), |
| 237 | 'value' => $stripe_user->get_id(), |
| 238 | ], |
| 239 | ], |
| 240 | ]; |
| 241 | } |
| 242 | |
| 243 | return [ |
| 244 | 'data' => $data_to_export, |
| 245 | 'done' => true, |
| 246 | ]; |
| 247 | } |
| 248 | |
| 249 | /** |
| 250 | * Finds and erases customer data by email address. |
| 251 | * |
| 252 | * @param string $email_address The user email address. |
| 253 | * @param int $page Page. |
| 254 | * @return array An array of personal data in name value pairs |
| 255 | */ |
| 256 | public function customer_data_eraser( $email_address, $page ) { |
| 257 | $page = (int) $page; |
| 258 | $user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data. |
| 259 | $stripe_customer_id = ''; |
| 260 | $stripe_source_id = ''; |
| 261 | |
| 262 | if ( $user instanceof WP_User ) { |
| 263 | $stripe_customer_id = get_user_option( '_stripe_customer_id', $user->ID ); |
| 264 | $stripe_source_id = get_user_option( '_stripe_source_id', $user->ID ); |
| 265 | } |
| 266 | |
| 267 | $items_removed = false; |
| 268 | $messages = []; |
| 269 | |
| 270 | if ( ! empty( $stripe_customer_id ) || ! empty( $stripe_source_id ) ) { |
| 271 | $items_removed = true; |
| 272 | delete_user_option( $user->ID, '_stripe_customer_id' ); |
| 273 | delete_user_option( $user->ID, '_stripe_source_id' ); |
| 274 | $messages[] = __( 'Stripe User Data Erased.', 'woocommerce-gateway-stripe' ); |
| 275 | } |
| 276 | |
| 277 | return [ |
| 278 | 'items_removed' => $items_removed, |
| 279 | 'items_retained' => false, |
| 280 | 'messages' => $messages, |
| 281 | 'done' => true, |
| 282 | ]; |
| 283 | } |
| 284 | |
| 285 | /** |
| 286 | * Finds and erases order data by email address. |
| 287 | * |
| 288 | * @param string $email_address The user email address. |
| 289 | * @param int $page Page. |
| 290 | * @return array An array of personal data in name value pairs |
| 291 | */ |
| 292 | public function order_data_eraser( $email_address, $page ) { |
| 293 | $orders = $this->get_stripe_orders( $email_address, (int) $page ); |
| 294 | |
| 295 | $items_removed = false; |
| 296 | $items_retained = false; |
| 297 | $messages = []; |
| 298 | |
| 299 | foreach ( (array) $orders as $order ) { |
| 300 | $order = wc_get_order( $order->get_id() ); |
| 301 | |
| 302 | list( $removed, $retained, $msgs ) = $this->maybe_handle_order( $order ); |
| 303 | $items_removed |= $removed; |
| 304 | $items_retained |= $retained; |
| 305 | $messages = array_merge( $messages, $msgs ); |
| 306 | |
| 307 | list( $removed, $retained, $msgs ) = $this->maybe_handle_subscription( $order ); |
| 308 | $items_removed |= $removed; |
| 309 | $items_retained |= $retained; |
| 310 | $messages = array_merge( $messages, $msgs ); |
| 311 | } |
| 312 | |
| 313 | // Tell core if we have more orders to work on still |
| 314 | $done = count( $orders ) < 10; |
| 315 | |
| 316 | return [ |
| 317 | 'items_removed' => $items_removed, |
| 318 | 'items_retained' => $items_retained, |
| 319 | 'messages' => $messages, |
| 320 | 'done' => $done, |
| 321 | ]; |
| 322 | } |
| 323 | |
| 324 | /** |
| 325 | * Handle eraser of data tied to Subscriptions |
| 326 | * |
| 327 | * @param WC_Order $order |
| 328 | * @return array |
| 329 | */ |
| 330 | protected function maybe_handle_subscription( $order ) { |
| 331 | if ( ! class_exists( 'WC_Subscriptions' ) ) { |
| 332 | return [ false, false, [] ]; |
| 333 | } |
| 334 | |
| 335 | if ( ! wcs_order_contains_subscription( $order ) ) { |
| 336 | return [ false, false, [] ]; |
| 337 | } |
| 338 | |
| 339 | $subscription = current( wcs_get_subscriptions_for_order( $order->get_id() ) ); |
| 340 | $subscription_id = $subscription->get_id(); |
| 341 | |
| 342 | $stripe_source_id = get_post_meta( $subscription_id, '_stripe_source_id', true ); |
| 343 | |
| 344 | if ( empty( $stripe_source_id ) ) { |
| 345 | return [ false, false, [] ]; |
| 346 | } |
| 347 | |
| 348 | if ( ! $this->is_retention_expired( $order->get_date_created()->getTimestamp() ) ) { |
| 349 | /* translators: %d Order ID */ |
| 350 | return [ false, true, [ sprintf( __( 'Order ID %d is less than set retention days. Personal data retained. (Stripe)', 'woocommerce-gateway-stripe' ), $order->get_id() ) ] ]; |
| 351 | } |
| 352 | |
| 353 | if ( $subscription->has_status( apply_filters( 'wc_stripe_privacy_eraser_subs_statuses', [ 'on-hold', 'active' ] ) ) ) { |
| 354 | /* translators: %d Order ID */ |
| 355 | return [ false, true, [ sprintf( __( 'Order ID %d contains an active Subscription. Personal data retained. (Stripe)', 'woocommerce-gateway-stripe' ), $order->get_id() ) ] ]; |
| 356 | } |
| 357 | |
| 358 | $renewal_orders = WC_Subscriptions_Renewal_Order::get_renewal_orders( $order->get_id() ); |
| 359 | |
| 360 | foreach ( $renewal_orders as $renewal_order_id ) { |
| 361 | delete_post_meta( $renewal_order_id, '_stripe_source_id' ); |
| 362 | delete_post_meta( $renewal_order_id, '_stripe_refund_id' ); |
| 363 | delete_post_meta( $renewal_order_id, '_stripe_customer_id' ); |
| 364 | } |
| 365 | |
| 366 | delete_post_meta( $subscription_id, '_stripe_source_id' ); |
| 367 | delete_post_meta( $subscription_id, '_stripe_refund_id' ); |
| 368 | delete_post_meta( $subscription_id, '_stripe_customer_id' ); |
| 369 | |
| 370 | return [ true, false, [ __( 'Stripe Subscription Data Erased.', 'woocommerce-gateway-stripe' ) ] ]; |
| 371 | } |
| 372 | |
| 373 | /** |
| 374 | * Handle eraser of data tied to Orders |
| 375 | * |
| 376 | * @param WC_Order $order |
| 377 | * @return array |
| 378 | */ |
| 379 | protected function maybe_handle_order( $order ) { |
| 380 | $order_id = $order->get_id(); |
| 381 | $stripe_source_id = get_post_meta( $order_id, '_stripe_source_id', true ); |
| 382 | $stripe_refund_id = get_post_meta( $order_id, '_stripe_refund_id', true ); |
| 383 | $stripe_customer_id = get_post_meta( $order_id, '_stripe_customer_id', true ); |
| 384 | |
| 385 | if ( ! $this->is_retention_expired( $order->get_date_created()->getTimestamp() ) ) { |
| 386 | /* translators: %d Order ID */ |
| 387 | return [ false, true, [ sprintf( __( 'Order ID %d is less than set retention days. Personal data retained. (Stripe)', 'woocommerce-gateway-stripe' ), $order->get_id() ) ] ]; |
| 388 | } |
| 389 | |
| 390 | if ( empty( $stripe_source_id ) && empty( $stripe_refund_id ) && empty( $stripe_customer_id ) ) { |
| 391 | return [ false, false, [] ]; |
| 392 | } |
| 393 | |
| 394 | delete_post_meta( $order_id, '_stripe_source_id' ); |
| 395 | delete_post_meta( $order_id, '_stripe_refund_id' ); |
| 396 | delete_post_meta( $order_id, '_stripe_customer_id' ); |
| 397 | |
| 398 | return [ true, false, [ __( 'Stripe personal data erased.', 'woocommerce-gateway-stripe' ) ] ]; |
| 399 | } |
| 400 | |
| 401 | /** |
| 402 | * Checks if create date is passed retention duration. |
| 403 | */ |
| 404 | public function is_retention_expired( $created_date ) { |
| 405 | $retention = wc_parse_relative_date_option( get_option( 'woocommerce_gateway_stripe_retention' ) ); |
| 406 | $is_expired = false; |
| 407 | $time_span = time() - strtotime( $created_date ); |
| 408 | if ( empty( $retention['number'] ) || empty( $created_date ) ) { |
| 409 | return false; |
| 410 | } |
| 411 | switch ( $retention['unit'] ) { |
| 412 | case 'days': |
| 413 | $retention = $retention['number'] * DAY_IN_SECONDS; |
| 414 | if ( $time_span > $retention ) { |
| 415 | $is_expired = true; |
| 416 | } |
| 417 | break; |
| 418 | case 'weeks': |
| 419 | $retention = $retention['number'] * WEEK_IN_SECONDS; |
| 420 | if ( $time_span > $retention ) { |
| 421 | $is_expired = true; |
| 422 | } |
| 423 | break; |
| 424 | case 'months': |
| 425 | $retention = $retention['number'] * MONTH_IN_SECONDS; |
| 426 | if ( $time_span > $retention ) { |
| 427 | $is_expired = true; |
| 428 | } |
| 429 | break; |
| 430 | case 'years': |
| 431 | $retention = $retention['number'] * YEAR_IN_SECONDS; |
| 432 | if ( $time_span > $retention ) { |
| 433 | $is_expired = true; |
| 434 | } |
| 435 | break; |
| 436 | } |
| 437 | return $is_expired; |
| 438 | } |
| 439 | } |
| 440 | |
| 441 | new WC_Stripe_Privacy(); |