/** * {@inheritdoc} */ public function checkPostAuth(UserInterface $user) { if (!$user instanceof AdvancedUserInterface) { return; } if (!$user->isCredentialsNonExpired()) { $ex = new CredentialsExpiredException('User credentials have expired.'); $ex->setUser($user); throw $ex; } }
/** * Based on the LDAP error code and the LDAP type, throw any specific exceptions detected. * * @param UserInterface $user The user object. * @param int $code The extended LDAP error code. * @param string $ldapType The LDAP type used for authentication. */ public function checkLdapErrorCode(UserInterface $user, $code, $ldapType) { if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_LOCKED) { $ex = new LockedException('User account is locked.'); $ex->setUser($user); throw $ex; } if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_PASSWORD_MUST_CHANGE) { $ex = new CredentialsExpiredException('User credentials have expired.'); $ex->setUser($user); throw $ex; } if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_DISABLED) { $ex = new DisabledException('User account is disabled.'); $ex->setUser($user); throw $ex; } }