src/Event/TwoFactorListener.php line 30

  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Event;
  7. use App\Controller\SecurityController;
  8. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  9. use Symfony\Component\HttpFoundation\RedirectResponse;
  10. use Symfony\Component\HttpKernel\Event\RequestEvent;
  11. use Symfony\Component\Routing\RouterInterface;
  13. use function str_contains;
  15. class TwoFactorListener implements EventSubscriberInterface
  16. {
  17.     public function __construct(
  18.         private readonly RouterInterface $router,
  19.         private readonly string $env,
  20.     ) {
  21.     }
  23.     public static function getSubscribedEvents(): array
  24.     {
  25.         return [
  26.             RequestEvent::class => 'onKernelRequest',
  27.         ];
  28.     }
  30.     public function onKernelRequest(RequestEvent $event): void
  31.     {
  32.         if ($this->env !== 'prod') {
  33.             return;
  34.         }
  36.         $route $event->getRequest()->get('_route');
  38.         if (!$route || str_contains((string) $route'admin') === false) {
  39.             return;
  40.         }
  42.         $session $event->getRequest()->getSession();
  44.         if (!$session->get(SecurityController::SESSION_2FA_KEY)) {
  45.             $event->setResponse(new RedirectResponse($this->router->generate('app_twofactor')));
  46.         }
  47.     }
  48. }