src/AppBundle/Security/LoginLogServiceEventSubscriber.php line 25

Open in your IDE?
  1. <?php
  3. namespace AppBundle\Security;
  5. use AppBundle\Entity\AccessLog;
  6. use AppBundle\Entity\Customer;
  7. use AppBundle\Repository\AccessLogRepository;
  8. use AppBundle\Repository\CustomerRepository;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  11. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  12. use Symfony\Component\Security\Http\Event\LoginFailureEvent;
  14. class LoginLogServiceEventSubscriber implements EventSubscriberInterface
  15. {
  16.     const TO_MANY_FAILURES 5;
  18.     public function __construct(
  19.         private EntityManagerInterface $entityManager,
  20.         private AccessLogRepository $accessLogRepository,
  21.         private CustomerRepository $customerRepository
  22.     ) {
  23.     }
  25.     public function onAuthenticationSuccess(InteractiveLoginEvent $event): void
  26.     {
  27.         $ip $_SERVER['REMOTE_ADDR'];
  28.         /** @var Customer */
  29.         $customer $event->getAuthenticationToken()->getUser();
  31.         $this->logLogin($ip$customer'success');
  32.         $this->setLastLoginOfCustomer($customer);
  33.     }
  35.     public function onAuthenticationFailure(LoginFailureEvent $event): void
  36.     {
  37.         $ip $_SERVER['REMOTE_ADDR'];
  38.         $customer $event?->getPassport()?->getUser();
  40.         $this->logLogin($ip$customer);
  41.         
  42.         $failures $this->getFailedLoginAttemptsByIp($_SERVER['REMOTE_ADDR']);
  43.         $this->slowDownResponseWhenToManyFailures($failures);
  44.     }
  46.     public static function getSubscribedEvents(): array
  47.     {
  48.         return [
  49.             LoginFailureEvent::class => 'onAuthenticationFailure',
  50.             InteractiveLoginEvent::class => 'onAuthenticationSuccess',
  51.         ];
  52.     }
  54.     private function setLastLoginOfCustomer(Customer $customer)
  55.     {
  56.         $customer->setLastLogin(new \DateTime(date('Y-m-d H:i:s')));
  57.         $customer->disableUpdateTimestamps();
  59.         $this->entityManager->persist($customer);
  60.         $this->entityManager->flush();
  61.     }
  63.     private function logLogin(string $ip, ?Customer $customerstring $type 'failure'): void
  64.     {
  65.         $accessLog = new AccessLog();
  66.         $accessLog->setCustomer($customer);
  67.         $accessLog->setType($type);
  68.         $accessLog->setCreated(new \DateTime(date('Y-m-d H:i:s')));
  69.         $accessLog->setIp($ip);
  70.         $this->entityManager->persist($accessLog);
  71.         $this->entityManager->flush();
  72.     }
  73.     
  74.     private function getFailedLoginAttemptsByIp(string $ip): int
  75.     {
  76.         return $this->accessLogRepository->findFailureQtyByIp($ip);
  77.     }
  79.     private function slowDownResponseWhenToManyFailures(int $failures): void
  80.     {
  81.         if ($failures self::TO_MANY_FAILURES) {
  82.             sleep(10);
  83.         }
  84.     }
  85. }