<?php
declare(strict_types=1);
namespace App\Subscriber;
use App\Entity\User;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Event\CheckPassportEvent;
class Check2FaEnabledSubscriber implements EventSubscriberInterface
{
public function __construct(private RouterInterface $router)
{
}
public static function getSubscribedEvents()
{
return [
CheckPassportEvent::class => 'onCheckPassport',
];
}
public function onCheckPassport(CheckPassportEvent $event)
{
$passport = $event->getPassport();
if (!$passport instanceof Passport) {
throw new \Exception('Unexpected passport type');
}
$user = $passport->getUser();
if (!$user instanceof User) {
throw new \Exception('Unexpected user type');
}
if (!$user->isTotpAuthenticationEnabled()) {
$response = new RedirectResponse($this->router->generate('app_2fa_enable'));
return $response->send();
}
}
}