48 lines
1.7 KiB
PHP
48 lines
1.7 KiB
PHP
<?php
|
|
|
|
namespace App\Security;
|
|
|
|
use App\Entity\User as AppUser;
|
|
use DateInterval;
|
|
use DateTime;
|
|
use DateTimeZone;
|
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
|
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
|
use Symfony\Component\Security\Core\Exception\CustomUserMessageAccountStatusException;
|
|
use Symfony\Component\Security\Core\User\UserCheckerInterface;
|
|
use Symfony\Component\Security\Core\User\UserInterface;
|
|
|
|
class UserChecker extends AbstractController implements UserCheckerInterface
|
|
{
|
|
public function checkPreAuth(UserInterface $user): void
|
|
{
|
|
if (!$user instanceof AppUser) {
|
|
return;
|
|
}
|
|
|
|
if (!$user->isActive()) {
|
|
// the message passed to this exception is meant to be displayed to the user
|
|
throw new CustomUserMessageAccountStatusException('Your user account has been deactivated by an Admin, please follow up with your Admin to reactivate it.');
|
|
}
|
|
}
|
|
|
|
public function checkPostAuth(UserInterface $user): void
|
|
{
|
|
$dt = new DateTime('now', new DateTimeZone($_ENV['COMPANY_TIMEZONE']));
|
|
$dt->sub(DateInterval::createFromDateString('120 days'));
|
|
|
|
if (!$user instanceof AppUser) {
|
|
return;
|
|
}
|
|
|
|
if (!\in_array('ROLE_USER', $user->getRoles())) {
|
|
throw new AccessDeniedException('You do not have access to this system, please contact an Admin');
|
|
}
|
|
|
|
// user account is expired, the user may be notified
|
|
if ($user->getPasswordChanged() < $dt) {
|
|
$this->addFlash('warning', 'Your password has expired. Please change it now!');
|
|
$this->redirectToRoute('app_profile');
|
|
}
|
|
}
|
|
} |