/**
* {@inheritdoc}
*/
public function checkPostAuth(UserInterface $user)
{
if (!$user instanceof AdvancedUserInterface) {
return;
}
if (!$user->isCredentialsNonExpired()) {
$ex = new CredentialsExpiredException('User credentials have expired.');
$ex->setUser($user);
throw $ex;
}
}
/**
* Based on the LDAP error code and the LDAP type, throw any specific exceptions detected.
*
* @param UserInterface $user The user object.
* @param int $code The extended LDAP error code.
* @param string $ldapType The LDAP type used for authentication.
*/
public function checkLdapErrorCode(UserInterface $user, $code, $ldapType)
{
if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_LOCKED) {
$ex = new LockedException('User account is locked.');
$ex->setUser($user);
throw $ex;
}
if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_PASSWORD_MUST_CHANGE) {
$ex = new CredentialsExpiredException('User credentials have expired.');
$ex->setUser($user);
throw $ex;
}
if ($ldapType == LdapConnection::TYPE_AD && $code == ADResponseCodes::ACCOUNT_DISABLED) {
$ex = new DisabledException('User account is disabled.');
$ex->setUser($user);
throw $ex;
}
}
