src/TSMS/UserBundle/EventListener/PasswordValidityListener.php line 93

Open in your IDE?
  1. <?php
  2. /**
  3. * Copyright (C) SUEZ Smart Solutions - All Rights Reserved
  4. * On’Connect Gateway Management, 2018
  5. * Unauthorized copying of this file, via any medium is strictly prohibited
  6. * Proprietary and confidential
  7. * For the full copyright and license information, please report to the LICENSE CONTRACT.
  8. */
  10. namespace TSMS\UserBundle\EventListener;
  12. use DateTime;
  13. use FOS\UserBundle\Model\UserManagerInterface;
  14. use FOS\UserBundle\Util\TokenGenerator;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Component\HttpFoundation\RedirectResponse;
  17. use Symfony\Component\HttpKernel\Event\GetResponseEvent;
  18. use Symfony\Component\Routing\RouterInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  20. use TSMS\CoreBundle\Entity\User;
  21. use Exception;
  23. class PasswordValidityListener implements EventSubscriberInterface
  24. {
  25.     /**
  26.      * @var UserManagerInterface
  27.      */
  28.     protected $userManager;
  30.     /**
  31.      * @var RouterInterface
  32.      */
  33.     protected $router;
  35.     /**
  36.      * @var TokenStorageInterface
  37.      */
  38.     protected $tokenStorage;
  40.     /**
  41.      * @var TokenGenerator
  42.      */
  43.     protected $tokenGenerator;
  45.     /**
  46.      * @var int Password validity
  47.      */
  48.     protected $passwordValidity;
  50.     /**
  51.      * @var array
  52.      */
  53.     protected $whitelistCheckValidityPassword;
  55.     /**
  56.      * @param UserManagerInterface $userManager
  57.      * @param RouterInterface $router
  58.      * @param TokenStorageInterface $tokenStorage
  59.      * @param TokenGenerator $tokenGenerator
  60.      * @param int $passwordValidity
  61.      * @param array $whitelistCheckValidityPassword
  62.      */
  63.     public function __construct(
  64.         UserManagerInterface $userManager,
  65.         RouterInterface $router,
  66.         TokenStorageInterface $tokenStorage,
  67.         TokenGenerator $tokenGenerator,
  68.         $passwordValidity,
  69.         $whitelistCheckValidityPassword
  70.     ) {
  71.         $this->userManager       $userManager;
  72.         $this->router            $router;
  73.         $this->tokenStorage      $tokenStorage;
  74.         $this->tokenGenerator    $tokenGenerator;
  75.         $this->passwordValidity  $passwordValidity;
  76.         $this->whitelistCheckValidityPassword  $whitelistCheckValidityPassword;
  77.     }
  79.     /**
  80.      * @return array
  81.      */
  82.     public static function getSubscribedEvents()
  83.     {
  84.         return array(
  85.             'kernel.request' => 'onKernelRequest',
  86.         );
  87.     }
  89.     /**
  90.      * @param GetResponseEvent $event
  91.      * @throws Exception
  92.      */
  93.     public function onKernelRequest(GetResponseEvent $event)
  94.     {
  95.         if (!$this->tokenStorage->getToken()) {
  96.             return;
  97.         }
  99.         /** @var User $user */
  100.         $user $this->tokenStorage->getToken()->getUser();
  102.         if (!($user instanceof User)) {
  103.             return;
  104.         }
  106.         if (!$this->isPasswordNeedsChange($user)) {
  107.             return;
  108.         }
  110.         $user->setPasswordRequestedAt(new DateTime());
  111.         $token $user->getConfirmationToken();
  113.         if (!$token) {
  114.             $token $this->tokenGenerator->generateToken();
  115.             $user->setConfirmationToken($token);
  116.         }
  117.         $this->userManager->updateUser($user);
  119.         $redirectUrl $this->router->generate('fos_user_resetting_reset', ['token' => $token]);
  120.         $this->addFlashBagError($event);
  122.         if ($event->getRequest()->getRequestUri() !== $redirectUrl) {
  123.             $event->setResponse(new RedirectResponse($redirectUrl));
  124.         }
  125.     }
  127.     /**
  128.      * Adds flashbag notice to notify user their password is expired.
  129.      *
  130.      * Also I didn't want to have to mock a million stuff in my test.
  131.      *
  132.      * @param GetResponseEvent $event
  133.      */
  134.     protected function addFlashBagError($event)
  135.     {
  136.         $event->getRequest()->getSession()->getFlashBag()->set('error''resetting.reset.password_expired');
  137.     }
  139.     /**
  140.      * Checks if user's password is fresh enough. If not, it must be redefined.
  141.      *
  142.      * @param User $user User logging in
  143.      *
  144.      * @return bool Does password need to be changed
  145.      * @throws Exception
  146.      */
  147.     protected function isPasswordNeedsChange(User $user)
  148.     {
  150.         // We don't check whitelist
  151.         if (in_array($user->getUsername(), $this->whitelistCheckValidityPassword )) {
  152.             return false;
  153.         }
  155.         // We don't check internal users' password expiration because they can not change their passwords
  156.         if ($user->isInternal()) {
  157.             return false;
  158.         }
  160.         // not datetime => not redefined => need to change
  161.         if (!($user->getPasswordChangedAt() instanceof DateTime)) {
  162.             return true;
  163.         }
  165.         $diff $user->getPasswordChangedAt()->diff(new \DateTime());
  167.         return $diff->format('%a') > $this->passwordValidity;
  168.     }
  169. }