-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAccountStatusChecker.php
More file actions
65 lines (59 loc) · 2.39 KB
/
Copy pathAccountStatusChecker.php
File metadata and controls
65 lines (59 loc) · 2.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<?php
declare(strict_types=1);
namespace App\Security;
use App\Entity\User;
use App\Enum\UserStatus;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAccountStatusException;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* Reject login attempts for any {@see User} whose {@see UserStatus} is
* not {@see UserStatus::Approved}.
*
* Wired on the `main` firewall via `security.yaml`'s `user_checker:`
* key. Symfony Security calls {@see self::checkPreAuth()} before the
* password is verified; throwing a
* {@see CustomUserMessageAccountStatusException} halts the flow and
* surfaces the (localised) translation key on the login form.
*
* A `Blocked` user retains the roles
* they had before being blocked — they just can't sign in to exercise
* them.
*/
final class AccountStatusChecker implements UserCheckerInterface
{
/**
* Refuse pending and blocked users before the password is checked.
*
* Non-`User` implementations fall through (the password checker
* will reject them on its own terms).
*
* @param UserInterface $user the user attempting to authenticate
* @param TokenInterface|null $token unused; Symfony 8 added the slot for hooks that need it
*
* @throws CustomUserMessageAccountStatusException when status is Pending or Blocked
*/
public function checkPreAuth(UserInterface $user, ?TokenInterface $token = null): void
{
if (!$user instanceof User) {
return;
}
// Keys live in the `security` translation domain — see
// translations/security.da.yaml.
match ($user->getStatus()) {
UserStatus::Pending => throw new CustomUserMessageAccountStatusException('account.pending'),
UserStatus::Blocked => throw new CustomUserMessageAccountStatusException('account.blocked'),
UserStatus::Approved => null,
};
}
/**
* Post-auth hook required by the interface; no checks needed here.
*
* @param UserInterface $user the user that just authenticated successfully
* @param TokenInterface|null $token unused; Symfony 8 added the slot for hooks that need it
*/
public function checkPostAuth(UserInterface $user, ?TokenInterface $token = null): void
{
}
}