vendor/scheb/2fa-bundle/Security/Http/Firewall/ExceptionListener.php line 58

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Scheb\TwoFactorBundle\Security\Http\Firewall;
  7. use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
  8. use Scheb\TwoFactorBundle\Security\Http\Authentication\AuthenticationRequiredHandlerInterface;
  9. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvent;
  10. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvents;
  11. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  12. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  13. use Symfony\Component\HttpKernel\KernelEvents;
  14. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  15. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  16. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  18. /**
  19. * @final
  20. */
  21. class ExceptionListener implements EventSubscriberInterface
  22. {
  23. // Just before the firewall's Symfony\Component\Security\Http\Firewall\ExceptionListener
  24. private const LISTENER_PRIORITY = 2;
  26. /**
  27. * @var string
  28. */
  29. private $firewallName;
  31. /**
  32. * @var TokenStorageInterface
  33. */
  34. private $tokenStorage;
  36. /**
  37. * @var AuthenticationRequiredHandlerInterface
  38. */
  39. private $authenticationRequiredHandler;
  41. /**
  42. * @var EventDispatcherInterface
  43. */
  44. private $eventDispatcher;
  46. public function __construct(
  47. string $firewallName,
  48. TokenStorageInterface $tokenStorage,
  49. AuthenticationRequiredHandlerInterface $authenticationRequiredHandler,
  50. EventDispatcherInterface $eventDispatcher
  51. ) {
  52. $this->firewallName = $firewallName;
  53. $this->tokenStorage = $tokenStorage;
  54. $this->authenticationRequiredHandler = $authenticationRequiredHandler;
  55. $this->eventDispatcher = $eventDispatcher;
  56. }
  58. public function onKernelException(ExceptionEvent $event): void
  59. {
  60. $exception = $event->getThrowable();
  61. do {
  62. if ($exception instanceof AccessDeniedException) {
  63. $this->handleAccessDeniedException($event);
  65. return;
  66. }
  67. } while (null !== $exception = $exception->getPrevious());
  68. }
  70. private function handleAccessDeniedException(ExceptionEvent $exceptionEvent): void
  71. {
  72. $token = $this->tokenStorage->getToken();
  73. if (!($token instanceof TwoFactorTokenInterface && $token->getProviderKey(true) === $this->firewallName)) {
  74. return;
  75. }
  77. /** @var TwoFactorTokenInterface $token */
  78. $request = $exceptionEvent->getRequest();
  80. $event = new TwoFactorAuthenticationEvent($request, $token);
  81. $this->eventDispatcher->dispatch($event, TwoFactorAuthenticationEvents::REQUIRE);
  83. $response = $this->authenticationRequiredHandler->onAuthenticationRequired($request, $token);
  84. $exceptionEvent->allowCustomResponseCode();
  85. $exceptionEvent->setResponse($response);
  86. }
  88. public static function getSubscribedEvents(): array
  89. {
  90. return [
  91. KernelEvents::EXCEPTION => ['onKernelException', self::LISTENER_PRIORITY],
  92. ];
  93. }
  94. }