From d74e10803c3ddc7c2d6d36e1c092d9fa0f3822ff Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Tue, 21 Jan 2025 02:04:29 +0000 Subject: [PATCH] Add UserChecker to check for expired passwords, ensure users have active accounts --- src/Security/UserChecker.php | 48 ++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 src/Security/UserChecker.php diff --git a/src/Security/UserChecker.php b/src/Security/UserChecker.php new file mode 100644 index 0000000..361a153 --- /dev/null +++ b/src/Security/UserChecker.php @@ -0,0 +1,48 @@ +isActive()) { + // the message passed to this exception is meant to be displayed to the user + throw new CustomUserMessageAccountStatusException('Your user account has been deactivated by an Admin, please follow up with your Admin to reactivate it.'); + } + } + + public function checkPostAuth(UserInterface $user): void + { + $dt = new DateTime('now', new DateTimeZone($_ENV['COMPANY_TIMEZONE'])); + $dt->sub(DateInterval::createFromDateString('120 days')); + + if (!$user instanceof AppUser) { + return; + } + + if (!\in_array('ROLE_USER', $user->getRoles())) { + throw new AccessDeniedException('You do not have access to this system, please contact an Admin'); + } + + // user account is expired, the user may be notified + if ($user->getPasswordChanged() < $dt) { + $this->addFlash('warning', 'Your password has expired. Please change it now!'); + $this->redirectToRoute('app_profile'); + } + } +} \ No newline at end of file