src/Component/Event/AjaxAuthenticationListener.php line 29

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Component\Event;
  5. use Symfony\Component\HttpFoundation\Response;
  6. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  7. use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
  8. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  9. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  11. /**
  12. * This Listener ensures that a Forbidden response is returned on Ajax Responses
  13. * when there is an Authentication Exception. This class is courtesy of:
  14. * https://gist.github.com/xanf/1015146
  15. *
  16. * @todo This class makes no distinction between a user not being logged in VS
  17. * being logged in and actually not having access to the URL. This distinction
  18. * should probably be made so that we don't reload the page on the JS side when
  19. * we should actually just be returning a forbidden response?
  20. *
  21. */
  22. class AjaxAuthenticationListener
  23. {
  24. /**
  25. * Handles security related exceptions.
  26. *
  27. * @param ExceptionEvent $event An GetResponseForExceptionEvent instance
  28. */
  29. public function onCoreException(ExceptionEvent $event): void
  30. {
  31. $exception = $event->getThrowable();
  32. $request = $event->getRequest();
  34. if ($request->isXmlHttpRequest() && ($exception instanceof AuthenticationException || $exception instanceof AccessDeniedException)) {
  35. $event->setResponse(new Response('', 403));
  36. }
  37. }
  38. }