src/EventSubscriber/LoginSuspensionCheckSubscriber.php line 69

  1. <?php
  3. declare(strict_types=1);
  5. namespace App\EventSubscriber;
  7. use App\Entity\Students;
  8. use App\Security\Exception\StudentSuspendedException;
  9. use App\Security\StudentSuspensionChecker;
  10. use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
  11. use Lexik\Bundle\JWTAuthenticationBundle\Events;
  12. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  13. use Symfony\Component\HttpFoundation\JsonResponse;
  14. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  15. use Symfony\Component\HttpKernel\KernelEvents;
  17. /**
  18.  * Subscriber that blocks suspended students from logging in.
  19.  * Intercepts the authentication success event BEFORE the JWT token is returned.
  20.  */
  21. class LoginSuspensionCheckSubscriber implements EventSubscriberInterface
  22. {
  23.     public function __construct(
  24.         private StudentSuspensionChecker $suspensionChecker
  25.     ) {
  26.     }
  28.     public static function getSubscribedEvents(): array
  29.     {
  30.         return [
  31.             Events::AUTHENTICATION_SUCCESS => ['onAuthenticationSuccess'0],
  32.             KernelEvents::EXCEPTION => ['onKernelException'10], // Higher priority to run before other exception handlers
  33.         ];
  34.     }
  36.     /**
  37.      * Called when login credentials are valid, before JWT token is returned.
  38.      * Blocks suspended students by throwing an exception.
  39.      */
  40.     public function onAuthenticationSuccess(AuthenticationSuccessEvent $event): void
  41.     {
  42.         $user $event->getUser();
  44.         // Only check for users with associated Person entity
  45.         if ($user === null || !method_exists($user'getPerson') || $user->getPerson() === null) {
  46.             return;
  47.         }
  49.         $person $user->getPerson();
  51.         // Only check suspension for Students
  52.         if (!$person instanceof Students) {
  53.             return;
  54.         }
  56.         // Check suspension status
  57.         $suspensionDetails $this->suspensionChecker->getSuspensionDetails($person);
  59.         if ($suspensionDetails['suspended']) {
  60.             throw new StudentSuspendedException(
  61.                 $person->getMatricNo() ?? 'UNKNOWN'
  62.             );
  63.         }
  64.     }
  66.     /**
  67.      * Handle StudentSuspendedException during login and return 500 response.
  68.      */
  69.     public function onKernelException(ExceptionEvent $event): void
  70.     {
  71.         $exception $event->getThrowable();
  73.         if (!$exception instanceof StudentSuspendedException) {
  74.             return;
  75.         }
  77.         // Return 500 status code as requested
  78.         $response = new JsonResponse([
  79.             'error' => 'Account suspended, contact admin',
  80.             'message' => 'Your account is suspended for this session. Please contact the administrator.'
  81.         ], 500);
  83.         $event->setResponse($response);
  84.     }
  85. }