/**
* {@inheritdoc}
*/
public function checkPostAuth(UserInterface $user)
{
if (!$user instanceof AdvancedUserInterface) {
return;
}
if (!$user->isCredentialsNonExpired()) {
$ex = new CredentialsExpiredException('User credentials have expired.');
$ex->setUser($user);
throw $ex;
}
}
/**
* Based on the LDAP error code and the LDAP type, throw any specific exceptions detected.
*
* @param UserInterface $user The user object.
* @param int $code The extended LDAP error code.
* @param string $ldapType The LDAP type used for authentication.
*/
public function checkLdapErrorCode(UserInterface $user, $code, $ldapType)
{
if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_LOCKED) {
$ex = new LockedException('User account is locked.');
$ex->setUser($user);
throw $ex;
}
if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_PASSWORD_MUST_CHANGE) {
$ex = new CredentialsExpiredException('User credentials have expired.');
$ex->setUser($user);
throw $ex;
}
if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_DISABLED) {
$ex = new DisabledException('User account is disabled.');
$ex->setUser($user);
throw $ex;
}
}
/**
*
* @param string $message
* @param integer $code
* @param Exception|null $previous
* @param string $realmName
*/
public function __construct($message = '', $code = 401, Exception $previous = null, $realmName = 'API')
{
if (empty($message)) {
$message = $this->getMessageKey();
}
parent::__construct($message, $code, $previous);
$this->statusCode = $code;
$this->errorCode = 'invalid_token';
$this->realmName = $realmName;
}
