/**
* Checks if the passed value is valid.
*
* @param UserInterface $value The value that should be validated
* @param Constraint $constraint The constraint for the validation
*
* @throws UnexpectedTypeException if $value is not instance of \Symfony\Component\Security\Core\User\UserInterface
*/
public function validate($value, Constraint $constraint)
{
if (!$value instanceof UserInterface) {
throw new UnexpectedTypeException($value, 'Symfony\\Component\\Security\\Core\\User\\UserInterface');
}
$user = $this->ldapManager->findUserByUsername($value->getUsername());
if ($user) {
$this->context->addViolation($constraint->message, array('%property%' => $constraint->property));
}
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof LdapUserInterface) {
if (!$this->ldapManager->bind($currentUser, $currentUser->getPassword())) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!$user->getDn()) {
$userLdap = $this->ldapManager->findUserByUsername($user->getUsername());
if (!$userLdap) {
throw new BadCredentialsException(sprintf('User "%s" not found', $user->getUsername()));
}
$user->setDn($userLdap->getDn());
}
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->ldapManager->bind($user, $presentedPassword)) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
}
