first commit

bundles/KupShop/TwoFactorBundle/EventSubscriber/ExceptionSubscriber.php

@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+
+namespace KupShop\TwoFactorBundle\EventSubscriber;
+
+use KupShop\KupShopBundle\Context\UserContext;
+use Psr\Log\LoggerInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpKernel\Event\ExceptionEvent;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\HttpKernel\KernelEvents;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use Symfony\Contracts\Service\Attribute\Required;
+
+class ExceptionSubscriber implements EventSubscriberInterface
+{
+    #[Required]
+    public LoggerInterface $logger;
+
+    #[Required]
+    public UserContext $userContext;
+
+    public static function getSubscribedEvents()
+    {
+        return [
+            KernelEvents::EXCEPTION => [
+                ['handleRedirect', 200],
+            ],
+        ];
+    }
+
+    public function handleRedirect(ExceptionEvent $event)
+    {
+        $exception = $event->getThrowable();
+
+        $redirectSet = false;
+        if ($exception instanceof AccessDeniedHttpException || $exception instanceof AccessDeniedException) {
+            if ($exception->getMessage() == 'User is not in a two-factor authentication process.') {
+                $redirectSet = true;
+                $event->setResponse(new RedirectResponse(path('home')));
+            }
+
+            $email = 'none';
+            if ($user = $this->userContext->getActive()) {
+                $email = $user->email;
+            }
+
+            $this->logger->notice("[TwoFactorBundle] Handle exception, user: {$email}", [
+                'exception' => $exception->getMessage(),
+                'exception_class' => get_class($exception),
+                'redirect_set' => $redirectSet,
+            ]);
+        }
+    }
+}