You are here

Home » API reference » SAML Authentication 4.x » AccessDeniedSubscriber.php » AccessDeniedSubscriber

public function AccessDeniedSubscriber::onException in SAML Authentication 4.x

Same name and namespace in other branches
  1. 8.3 src/EventSubscriber/AccessDeniedSubscriber.php \Drupal\samlauth\EventSubscriber\AccessDeniedSubscriber::onException()
  2. 8.2 src/EventSubscriber/AccessDeniedSubscriber.php \Drupal\samlauth\EventSubscriber\AccessDeniedSubscriber::onException()

Redirects users when access is denied.

Parameters

\Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event: The event to process.

File

src/EventSubscriber/AccessDeniedSubscriber.php, line 55

Class

AccessDeniedSubscriber
Exception subscriber intercepting various "access denied" situations.

Namespace

Drupal\samlauth\EventSubscriber

Code

public function onException(GetResponseForExceptionEvent $event) {
  $exception = $event
    ->getException();

  // If our own routes threw a TooManyRequestsHttpException, don't spend time
  // redirecting to another page and rendering that. (Rendering would need to
  // be done from scratch because the page needs to include includes the
  // error message). Just a simple text string should do.
  if ($exception instanceof TooManyRequestsHttpException) {
    $route_name = $this
      ->getCurrentRouteName($event);
    if (in_array($route_name, self::FLOOD_CONTROL_ROUTES)) {
      $event
        ->setResponse(new Response($exception
        ->getMessage(), $exception
        ->getStatusCode()));
    }
  }

  // Authenticated access to /saml/login redirects to the user profile. This
  // is done in an event subscriber (rather than just opening up the route
  // and returning a redirect response from the controller route) because
  // this is what Core does for /user/login too. (Maybe it's a bit faster.
  // Maybe it's easier to override.) All our other routes do their
  // redirecting inside SamlController because there's more logic behind the
  // decision where to route.
  if ($exception instanceof AccessDeniedHttpException && $this->account
    ->isAuthenticated() && $this
    ->getCurrentRouteName($event) === 'samlauth.saml_controller_login') {
    $redirect_url = Url::fromRoute('entity.user.canonical', [
      'user' => $this->account
        ->id(),
    ], [
      'absolute' => TRUE,
    ]);
    $event
      ->setResponse(new RedirectResponse($redirect_url
      ->toString()));
  }
}