<?php
namespace App\EventSubscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ControllerEvent;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Core\Security;
class PasswordChangeSubscriber implements EventSubscriberInterface
{
private $security;
private $router;
public function __construct(Security $security, RouterInterface $router)
{
$this->security = $security;
$this->router = $router;
}
public static function getSubscribedEvents(): array
{
return [
KernelEvents::CONTROLLER => 'onKernelController',
];
}
public function onKernelController(ControllerEvent $event): void
{
// 🚫 Ignore les sous-requêtes (très important)
if (!$event->isMainRequest()) {
return;
}
$request = $event->getRequest();
$route = $request->attributes->get('_route');
$user = $this->security->getUser();
// 🚫 Si pas connecté → ne rien faire
if (!$user) {
return;
}
// ✅ Si le mot de passe a déjà été changé → OK
if ($user->isPasswordChanged()) {
return;
}
// 🚫 Si route non définie (par ex. pour un asset) → ignorer
if (!$route) {
return;
}
// 🚫 Si on est sur les routes autorisées → ignorer
$excludedRoutes = [
'app_user_change_password', // route du changement
'login',
'logout',
'_wdt', // Web Debug Toolbar
'_profiler', // Profiler
'_errors', // gestion des erreurs internes
];
foreach ($excludedRoutes as $prefix) {
if (strpos($route, $prefix) === 0) {
return;
}
}
// ✅ Redirige uniquement si on n’est pas déjà sur la bonne page
$response = new RedirectResponse($this->router->generate('app_user_change_password'));
$event->setController(fn() => $response);
}
}