src/EventSubscriber/ResetPasswordBlockedCreator.php line 52

  1. <?php
  2. namespace App\EventSubscriber;
  4. use Symfony\Component\EventDispatcher\EventSubscriberInterface,
  5.     Symfony\Component\HttpKernel\KernelEvents,
  6.     Symfony\Component\HttpKernel\Event\ViewEvent,
  7.     Symfony\Component\HttpFoundation\RequestStack;
  9. use ApiPlatform\Symfony\EventListener\EventPriorities;
  11. use App\DTO\ResetPasswordLinkDTO,
  12.     App\DTO\ResetPasswordChangeDTO,
  13.     App\DTO\CustomerResetPasswordLinkDTO,
  14.     App\DTO\CustomerResetPasswordChangeDTO,
  15.     App\Repository\ResetPasswordBlockedRepository,
  16.     App\Repository\ResetPasswordEntryRepository,
  17.     App\StateProcessor\ResetPassword\EntityCreator,
  18.     App\Entity\Admin,
  19.     App\Entity\Customer;
  21. final class ResetPasswordBlockedCreator implements EventSubscriberInterface
  22. {
  23.     const PERIOD '15 secs';
  24.     const MAX 3;
  26.     private RequestStack $requestStack;
  27.     private ResetPasswordBlockedRepository $blockedRepository;
  28.     private ResetPasswordEntryRepository $entryRepository;
  29.     private EntityCreator $entityCreator;
  31.     public function __construct(
  32.         RequestStack $requestStack,
  33.         ResetPasswordBlockedRepository $blockedRepository,
  34.         ResetPasswordEntryRepository $entryRepository,
  35.         EntityCreator $entityCreator
  36.     ) {
  37.         $this->requestStack $requestStack;
  38.         $this->blockedRepository $blockedRepository;
  39.         $this->entryRepository $entryRepository;
  40.         $this->entityCreator $entityCreator;
  41.     }
  43.     public static function getSubscribedEvents(): array
  44.     {
  45.         return [
  46.             KernelEvents::VIEW => [
  47.                 ['create'EventPriorities::PRE_VALIDATE]
  48.             ]
  49.         ];
  50.     }
  52.     public function create(ViewEvent $event): void
  53.     {
  54.         $entity $event->getControllerResult();
  56.         if (! $entity instanceof ResetPasswordLinkDTO
  57.             && ! $entity instanceof ResetPasswordChangeDTO
  58.             && ! $entity instanceof CustomerResetPasswordLinkDTO
  59.             && ! $entity instanceof CustomerResetPasswordChangeDTO
  60.         ) {
  61.             return;
  62.         }
  64.         $className $entity instanceof ResetPasswordLinkDTO || $entity instanceof ResetPasswordChangeDTO
  65.             Admin::class
  66.             : Customer::class;
  68.         $failedAttempts $this->entryRepository->findAllFailedAttemptsSince(
  69.             ip$this->requestStack->getCurrentRequest()?->getClientIp() ?? 'unkown',
  70.             since: new \DateTimeImmutable('- ' self::PERIOD),
  71.             limitself::MAX,
  72.             className$className
  73.         );
  75.         if (count($failedAttempts) < self::MAX) {
  76.             return;
  77.         }
  79.         $this->blockedRepository->persist(
  80.             $this->entityCreator->block($className),
  81.             true
  82.         );
  84.         return;
  85.     }
  86. }