'afterLogin', AuthenticationManager::EVENT_FAILURE => 'onLoginFailure', SessionManager::EVENT_DESTROY => 'afterLogout', ); } /** * After Login callback * * @access public * @param AuthSuccessEvent $event */ public function afterLogin(AuthSuccessEvent $event) { $userAgent = $this->request->getUserAgent(); $ipAddress = $this->request->getIpAddress(); $this->userLocking->resetFailedLogin($this->userSession->getUsername()); $this->lastLogin->create( $event->getAuthType(), $this->userSession->getId(), $ipAddress, $userAgent ); if ($event->getAuthType() === 'RememberMe') { $this->userSession->validatePostAuthentication(); } if (isset($this->sessionStorage->hasRememberMe) && $this->sessionStorage->hasRememberMe) { $session = $this->rememberMeSession->create($this->userSession->getId(), $ipAddress, $userAgent); $this->rememberMeCookie->write($session['token'], $session['sequence'], $session['expiration']); } } /** * Destroy RememberMe session on logout * * @access public */ public function afterLogout() { $credentials = $this->rememberMeCookie->read(); if ($credentials !== false) { $session = $this->rememberMeSession->find($credentials['token'], $credentials['sequence']); if (! empty($session)) { $this->rememberMeSession->remove($session['id']); } $this->rememberMeCookie->remove(); } } /** * Increment failed login counter * * @access public */ public function onLoginFailure(AuthFailureEvent $event) { $username = $event->getUsername(); if (! empty($username)) { $this->userLocking->incrementFailedLogin($username); if ($this->userLocking->getFailedLogin($username) > BRUTEFORCE_LOCKDOWN) { $this->userLocking->lock($username, BRUTEFORCE_LOCKDOWN_DURATION); } } } }