/**
* Hook that updates the last action after the authentication.
*
* @param OnAuthenticationEvent $event
*/
public function updateOnLogin(OnAuthenticationEvent $event)
{
/** @var \AppBundle\Model\User\User $user */
$user = $event->getUser();
// saving is not necessary since the user will be updated after triggering
// this event during the login
$user->updateLastAction();
}
/**
* Validates the user during the authentication process.
*
* @param OnAuthenticationEvent $event
*
* @throws CredentialException If the user is locked
*/
public function validateUserOnAuthentication(OnAuthenticationEvent $event)
{
/** @var User $user */
$user = $event->getUser();
$isLocked = $user->isLocked();
$isNonApproved = $user->getState() !== User::STATE_APPROVED;
if ($isLocked || $isNonApproved) {
$message = $isNonApproved ? 'BACKEND_AUTH_NON_APPROVED' : 'BACKEND_AUTH_LOCKED';
throw new CredentialException($message);
}
}
/**
* Validates the user during the authentication process.
*
* @param OnAuthenticationEvent $event
*
* @throws CredentialException If the user is locked
*/
public function validateUserOnAuthentication(OnAuthenticationEvent $event)
{
/** @var User $user */
$user = $event->getUser();
$isLocked = $user->isLocked();
$isNonApproved = !$user->isApproved();
if ($isLocked || $isNonApproved || $this->temporaryBlockedAccountProvider->isAccountTemporaryBlocked($user->getId())) {
switch (true) {
// NOTE: it's necessary to check `locked` at first now since `locked` is a state transition that can't be done
// if a user is non-approved, but can be done if the user's approved. Therefore
// it's safe to rely on $isLocked without looking at `$isNonApproved`, but $isNonApproved is false
// if the user's locked since this is another state.
case $isLocked:
$message = 'BACKEND_AUTH_LOCKED';
break;
case $isNonApproved:
$message = 'BACKEND_AUTH_NON_APPROVED';
break;
default:
$message = 'BACKEND_AUTH_BLOCKED';
}
throw new CredentialException($message);
}
}
