src/EventSubscriber/PasswordChangeSubscriber.php line 39

Open in your IDE?
  1. <?php
  3. namespace App\EventSubscriber;
  5. use App\Entity\User;
  6. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  7. use Symfony\Component\HttpFoundation\RedirectResponse;
  8. use Symfony\Component\HttpKernel\Event\RequestEvent;
  9. use Symfony\Component\HttpKernel\KernelEvents;
  10. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  11. use Symfony\Component\Security\Core\Security;
  13. class PasswordChangeSubscriber implements EventSubscriberInterface
  14. {
  15.     private $security;
  16.     private $urlGenerator;
  18.     public function __construct(Security $securityUrlGeneratorInterface $urlGenerator)
  19.     {
  20.         $this->security $security;
  21.         $this->urlGenerator $urlGenerator;
  22.     }
  24.     public static function getSubscribedEvents(): array
  25.     {
  26.         return [
  27.             KernelEvents::REQUEST => [
  28.                 ['forcePasswordChange'0],
  29.             ],
  30.         ];
  31.     }
  33.     public function forcePasswordChange(RequestEvent $event): void
  34.     {
  35.         $request $event->getRequest();
  36.         $_route $request->attributes->get('_route');
  38.         // only deal with the main request, disregard subrequests
  39.         if (!$event->isMasterRequest()) {
  40.             return;
  41.         }
  43.         $user $this->security->getUser();
  44.         // if you do not have a valid user, it means it's not an authenticated request, so it's not our concern
  45.         if (!$user instanceof User) {
  46.             return;
  47.         }
  48.         $request $event->getRequest();
  49.         // if it's not their first login, and they do not need to change their password, move on
  50.         // but allow dsgvo, impressum and cookie page
  52.         if (
  53.             !$user->getForcepasswordchange()
  54.             || 'pages_dsgvo' == $request->get('_route')
  55.             || 'pages_impressum' == $request->get('_route')
  56.             || 'pages_cookie' == $request->get('_route')
  57.             || 'install_chose_action' == $request->get('_route')
  58.             || 'qrtickets' == $request->get('_route')
  59.             || 'ticket_install_edit' == $request->get('_route')
  60.             || 'install_begehung' == $request->get('_route')
  61.             || 'elevator_detail_live_qr' == $request->get('_route')
  62.             || 'set_elevator_state_qr' == $request->get('_route')
  63.             || 'set_elevator_state_qr' == $request->get('_route')
  64.             || 'update_timer' == $request->get('_route')
  65.             || 'elevator_acquisition' == $request->get('_route')
  66.             || 'elevator_acquisition_detail' == $request->get('_route')
  67.             || 'elevator_acquisition_finished' == $request->get('_route')
  68.             || 'elevator_acquisition_pdf' == $request->get('_route')
  69.             || 'elevator_acquisition_upload_file' == $request->get('_route')
  70.         ) {
  71.             return;
  72.         }
  74.         // if we get here, it means we need to redirect them to the password change view.
  75.         $redirectTo $this->urlGenerator->generate('firstLogin');
  76.         if (
  77.             $event->getRequest()->getRequestUri() != $redirectTo
  78.             && 'install_chose_action' != $_route
  79.         ) {
  80.             $event->setResponse(new RedirectResponse($redirectTo));
  81.         }
  82.     }
  83. }