<?phpdeclare(strict_types=1);namespace Scheb\TwoFactorBundle\Security\Http\EventListener;use Scheb\TwoFactorBundle\Security\Http\Authenticator\Passport\Credentials\TwoFactorCodeCredentials;use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\PreparationRecorderInterface;use Symfony\Component\EventDispatcher\EventSubscriberInterface;use Symfony\Component\Security\Core\Exception\AuthenticationException;use Symfony\Component\Security\Http\Event\CheckPassportEvent;use function assert;use function sprintf;/** * @internal */abstract class AbstractCheckCodeListener implements EventSubscriberInterface{ public function __construct(private PreparationRecorderInterface $preparationRecorder) { } public function checkPassport(CheckPassportEvent $event): void { $passport = $event->getPassport(); if (!$passport->hasBadge(TwoFactorCodeCredentials::class)) { return; } $credentialsBadge = $passport->getBadge(TwoFactorCodeCredentials::class); assert($credentialsBadge instanceof TwoFactorCodeCredentials); if ($credentialsBadge->isResolved()) { return; } $credentialsBadge = $passport->getBadge(TwoFactorCodeCredentials::class); assert($credentialsBadge instanceof TwoFactorCodeCredentials); $token = $credentialsBadge->getTwoFactorToken(); $providerName = $token->getCurrentTwoFactorProvider(); if (!$providerName) { throw new AuthenticationException('There is no active two-factor provider.'); } if (!$this->preparationRecorder->isTwoFactorProviderPrepared($token->getFirewallName(), $providerName)) { throw new AuthenticationException(sprintf('The two-factor provider "%s" has not been prepared.', $providerName)); } if (!$this->isValidCode($providerName, $token->getUser(), $credentialsBadge->getCode())) { return; } $token->setTwoFactorProviderComplete($providerName); $credentialsBadge->markResolved(); } abstract protected function isValidCode(string $providerName, object $user, string $code): bool;}