Add user checker for depracated AdvancedUserInterface in auth bundle #194

catalyst/auth-bundle/Entity/User.php

@@ -3,9 +3,12 @@
 namespace Catalyst\AuthBundle\Entity;
 
 use Doctrine\ORM\Mapping as ORM;
+use Doctrine\Common\Collections\ArrayCollection;
+use Serializable;
+use Symfony\Component\Security\Core\User\UserInterface;
 
 // base User class
-abstract class User
+abstract class User implements UserInterface,Serializable
 {
 	// NOTE: doctrine annotations for roles have to be declared on the child class
     protected $roles;

catalyst/auth-bundle/Exception/AccountDisabledException.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace Catalyst\AuthBundle\Exception;
+
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
+
+class AccountDisabledException extends AccountStatusException
+{
+    public function getMessageKey()
+    {
+        return 'Account has been disabled.';
+    }
+}

catalyst/auth-bundle/Service/UserChecker.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace Catalyst\AuthBundle\Service;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Catalyst\AuthBundle\Entity\User;
+use Catalyst\AuthBundle\Exception\AccountDisabledException;
+
+class UserChecker implements UserCheckerInterface
+{
+    public function checkPreAuth(UserInterface $user)
+    {
+        // do nothing
+        return;
+    }
+
+    public function checkPostAuth(UserInterface $user)
+    {
+        // handle catalyst suth users
+        if (!($user instanceof User))
+            return;
+        
+        // check if enabled
+        if (!$user->isEnabled())
+        {
+            throw new AccountDisabledException("Account has been disabled.");
+        }
+    }
+}

config/packages/security.yaml

@@ -35,6 +35,7 @@ security:
             simple_preauth:
                 authenticator: Catalyst\APIBundle\Security\APIKeyAuthenticator
             provider: api_key_user_provider
+            user_checker: Catalyst\AuthBundle\Service\UserChecker
 
         main:
             provider: user_provider
@@ -48,6 +49,7 @@ security:
                 secret: '%env(APP_SECRET)%'
                 lifetime: 604800
                 path: /
+            user_checker: Catalyst\AuthBundle\Service\UserChecker
 
             # activate different ways to authenticate
 

config/services.yaml

@@ -53,6 +53,8 @@ services:
             $user_class: "App\\Entity\\User"
         tags: ['security.voter']
 
+    Catalyst\AuthBundle\Service\UserChecker:
+
     App\Service\FileUploader:
         arguments:
             $target_dir: '%image_upload_directory%'

src/Entity/User.php

@@ -4,12 +4,10 @@ namespace App\Entity;
 
 use Catalyst\AuthBundle\Entity\User as BaseUser;
 
-use Symfony\Component\Security\Core\User\AdvancedUserInterface;
 use Doctrine\ORM\Mapping as ORM;
 use Doctrine\Common\Collections\ArrayCollection;
 use Symfony\Component\Validator\Constraints as Assert;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
-use Serializable;
 
 /**
  * @ORM\Entity
@@ -17,7 +15,7 @@ use Serializable;
  * @UniqueEntity("username")
  * @UniqueEntity("email")
  */
-class User extends BaseUser implements AdvancedUserInterface, Serializable
+class User extends BaseUser
 {
     /**
      * @ORM\Id