/** * {@inheritdoc} */ public function checkPostAuth(UserInterface $user) { if (!$user instanceof AdvancedUserInterface) { return; } if (!$user->isCredentialsNonExpired()) { $ex = new CredentialsExpiredException('User credentials have expired.'); $ex->setUser($user); throw $ex; } }
/** * Based on the LDAP error code and the LDAP type, throw any specific exceptions detected. * * @param UserInterface $user The user object. * @param int $code The extended LDAP error code. * @param string $ldapType The LDAP type used for authentication. */ public function checkLdapErrorCode(UserInterface $user, $code, $ldapType) { if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_LOCKED) { $ex = new LockedException('User account is locked.'); $ex->setUser($user); throw $ex; } if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_PASSWORD_MUST_CHANGE) { $ex = new CredentialsExpiredException('User credentials have expired.'); $ex->setUser($user); throw $ex; } if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_DISABLED) { $ex = new DisabledException('User account is disabled.'); $ex->setUser($user); throw $ex; } }
/** * * @param string $message * @param integer $code * @param Exception|null $previous * @param string $realmName */ public function __construct($message = '', $code = 401, Exception $previous = null, $realmName = 'API') { if (empty($message)) { $message = $this->getMessageKey(); } parent::__construct($message, $code, $previous); $this->statusCode = $code; $this->errorCode = 'invalid_token'; $this->realmName = $realmName; }