<?phpnamespace App\EventListener;use App\Entity\User;use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticator;use Symfony\Component\HttpFoundation\RequestStack;readonly class JWTCreatedListener{ /** * @param RequestStack $requestStack * @param GoogleAuthenticator $googleAuthenticator */ public function __construct( private RequestStack $requestStack, private GoogleAuthenticator $googleAuthenticator ) { } /** * @param AuthenticationSuccessEvent $event */ public function onAuthenticationSuccessResponse(AuthenticationSuccessEvent $event): void { $data = $event->getData(); $user = $event->getUser(); if (!$user instanceof User) { return; } $data['roles'] = $user->getRoles(); try { if($user->getIsEnabled2FA()) { $payload = json_decode( $this->requestStack->getMainRequest()?->getContent(), true, 512, JSON_THROW_ON_ERROR ); if (isset($payload['code'])) { if (!$this->googleAuthenticator->checkCode($user, $payload['code'])) { unset( $data['token'] ); $data['code'] = $payload['code']; $data['error'] = sprintf('This code %s is not correct !',$payload['code']); $event->getResponse()->setStatusCode($event->getResponse()::HTTP_UNAUTHORIZED); $event->stopPropagation(); } } else { unset( $data['token'] ); $event->getResponse()->setStatusCode($event->getResponse()::HTTP_MULTIPLE_CHOICES); $event->stopPropagation(); } } } catch (\Exception $e){ } $event->setData($data); }}