src/EventSubscriber/AuthSubscriber.php line 46

Open in your IDE?
  1. <?php
  3. namespace App\EventSubscriber;
  5. use App\Domain\Exception\Restrict\RestrictException;
  6. use App\Services\Clients\ClientSystemState\ClientSystemStateService;
  7. use App\Services\Auth\TokenClientUserService;
  8. use App\Entity\OA2User;
  9. use Symfony\Component\DependencyInjection\ContainerInterface;
  10. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  11. use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
  12. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  14. class AuthSubscriber implements EventSubscriberInterface
  15. {
  16.     /**
  17.      * @var TokenClientUserService
  18.      */
  19.     private $tokenService;
  20.     /**
  21.      * @var ClientSystemStateService
  22.      */
  23.     private $systemStateService;
  25.     /**
  26.      * @var ContainerInterface
  27.      */
  28.     private $container;
  30.     private $allowedForPasswordExpired = [
  31.         'loginBankUser'// /bank/login
  32.         'updateBankUserByOwner'// /bank/updateUser
  33.         'bankUserProfile'// /bank/getProfile
  34.     ];
  36.     public function __construct(
  37.         TokenClientUserService $tokenService,
  38.         ClientSystemStateService $systemStateService,
  39.         ContainerInterface $container
  40.     ) {
  41.         $this->tokenService $tokenService;
  42.         $this->systemStateService $systemStateService;
  43.         $this->container $container;
  44.     }
  46.     public function onKernelController(FilterControllerEvent $event)
  47.     {
  48.         $controller $event->getController();
  50.         /*
  51.          * $controller passed can be either a class or a Closure.
  52.          * This is not usual in Symfony but it may happen.
  53.          * If it is a class, it comes in array format
  54.          */
  55.         if (!is_array($controller)) {
  56.             return;
  57.         }
  59.         $route $event->getRequest()->attributes->get('_route');
  61.         /** @var TokenStorageInterface $tokenStorage */
  62.         $tokenStorage $this->container->get('security.token_storage');
  63.         $token $tokenStorage->getToken();
  64.         if ($token === null) {
  65.             return;
  66.         }
  68.         /** @var OA2User $user */
  69.         $user $token->getUser();
  70.         if (!$user instanceof OA2User || !$user->isBankUser()) {
  71.             return;
  72.         }
  73.         // If bank user was authorized by permanent token we don't need to check expiration password
  74.         if ($user->getBankUser()->permanentTokenIsActive($event->getRequest()->headers->get('BANK-AUTH-TOKEN'))) {
  75.             return;
  76.         }
  77.         if ($user->isPasswordExpired() && !in_array($route$this->allowedForPasswordExpired)) {
  78.             throw new RestrictException('Password is expired');
  79.         }
  80.     }
  82.     public static function getSubscribedEvents()
  83.     {
  84.         return [
  85.             'kernel.controller' => 'onKernelController',
  86.         ];
  87.     }
  88. }