vendor/scheb/2fa-bundle/Security/Http/Firewall/ExceptionListener.php line 34

  1. <?php
  3. declare(strict_types=1);
  5. namespace Scheb\TwoFactorBundle\Security\Http\Firewall;
  7. use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
  8. use Scheb\TwoFactorBundle\Security\Http\Authentication\AuthenticationRequiredHandlerInterface;
  9. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvent;
  10. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvents;
  11. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  12. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  13. use Symfony\Component\HttpKernel\KernelEvents;
  14. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  15. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  16. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  18. /**
  19.  * @final
  20.  */
  21. class ExceptionListener implements EventSubscriberInterface
  22. {
  23.     // Just before the firewall's Symfony\Component\Security\Http\Firewall\ExceptionListener
  24.     private const LISTENER_PRIORITY 2;
  26.     public function __construct(
  27.         private string $firewallName,
  28.         private TokenStorageInterface $tokenStorage,
  29.         private AuthenticationRequiredHandlerInterface $authenticationRequiredHandler,
  30.         private EventDispatcherInterface $eventDispatcher,
  31.     ) {
  32.     }
  34.     public function onKernelException(ExceptionEvent $event): void
  35.     {
  36.         $exception $event->getThrowable();
  37.         do {
  38.             if ($exception instanceof AccessDeniedException) {
  39.                 $this->handleAccessDeniedException($event);
  41.                 return;
  42.             }
  44.             $exception $exception->getPrevious();
  45.         } while (null !== $exception);
  46.     }
  48.     private function handleAccessDeniedException(ExceptionEvent $exceptionEvent): void
  49.     {
  50.         $token $this->tokenStorage->getToken();
  51.         if (!($token instanceof TwoFactorTokenInterface)) {
  52.             return;
  53.         }
  55.         if ($token->getFirewallName() !== $this->firewallName) {
  56.             return;
  57.         }
  59.         $request $exceptionEvent->getRequest();
  60.         $event = new TwoFactorAuthenticationEvent($request$token);
  61.         $this->eventDispatcher->dispatch($eventTwoFactorAuthenticationEvents::REQUIRE);
  63.         $response $this->authenticationRequiredHandler->onAuthenticationRequired($request$token);
  64.         $exceptionEvent->allowCustomResponseCode();
  65.         $exceptionEvent->setResponse($response);
  66.     }
  68.     /**
  69.      * {@inheritdoc}
  70.      */
  71.     public static function getSubscribedEvents(): array
  72.     {
  73.         return [
  74.             KernelEvents::EXCEPTION => ['onKernelException'self::LISTENER_PRIORITY],
  75.         ];
  76.     }
  77. }