<?php
namespace App\EventListener;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\security\Core\Exception\AuthenticationException;
use Symfony\Component\security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Exception\SessionUnavailableException;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\RouterInterface;
class RequestListener
{
protected $container;
protected $tokenStorage;
//pass in container to get parameter set in parameter.yml file.
//public function __construct($container, TokenStorageInterface $tokenStorage)
public function __construct($container, TokenStorageInterface $tokenStorage)
{
$this->container = $container;
$this->tokenStorage = $tokenStorage;
}
public function onKernelRequest(GetResponseEvent $event)
{
if ($this->tokenStorage->getToken() != null && $this->tokenStorage->getToken()->getUsername() != 'anon.') {
$request = $event->getRequest();
if ($request->hasSession()) {
$session = $request->getSession();
if (isset($_COOKIE["PHPSESSID"])) {
$session_created = $session->getMetadataBag()->getCreated();
$session_lifetime = $session->getMetadataBag()->getLifetime();
$session_expire_time = $session_created + $session_lifetime;
$time_to_expire = $session_expire_time - time();
$session_last_used = $session->getMetadataBag()->getLastUsed();
//only ask user to extend the session when we have less than 15 minutes left
$minutes_before_prompt = $this->container->getParameter("session_timeout_timer_minutes");
if ($session_last_used < $session_expire_time && $time_to_expire > 0 && $time_to_expire < $minutes_before_prompt * 60) {
$request->getSession()->getFlashBag()->add('timeout-modal', $time_to_expire);
}
$showDisclaimer = $this->container->getParameter("enable_disclaimer");
if (isset($showDisclaimer) && $showDisclaimer == 'yes' && ($request->getRequestUri() != '/policies' && $request->getRequestUri() != '/policies-submit')) {
$user_accepted = $session->get('user_accepted_terms');
if ($user_accepted == '' || $user_accepted == 'no') {
$event->setResponse(new RedirectResponse('/policies'));
}
}
//check if the user has entered a token and matched the 2FA. Otherwise always redirect them to the token page
$participant_token_matched = $session->get('participant_token_matched');
//only check this for exchange subdomain
$host = $request->getHost();
if ($host == $this->container->getParameter('exchange_subdomain')) {
if(strpos($request->getRequestUri(), "cookie-js-error") === false ){
if (($participant_token_matched == '' || $participant_token_matched != 'yes')){
if( strpos($request->getRequestUri(), "token-2fa/") === false && strpos($request->getRequestUri(), "helpdesk") === false && strpos($request->getRequestUri(), "maintenance-mode") === false){
//$token_route = $this->router->generate('display-token-form');
$event->setResponse(new RedirectResponse('token-2fa/display-token-form'));
}
}else{
if(strpos($request->getRequestUri(), "login") !== false){
$event->setResponse(new RedirectResponse('/dashboard'));
}
}
}
}
}
}
}
}
}