I have an existing system using Symfony 3.4 and FOSUserBundle 2.1.2. We have a concept of a Locked User (originally in FOSUserBundle but since that was removed now in our own bundle). Symfony core Security checks if the user is locked during authorisation, and if it is throws a
LockedException. That exception results in a logon failure, and a simple text message being shown on the FOSUserBundle login page.
Users can be locked and unlocked at will, but there is also specific reason in the system for a user to be locked as part of the onboarding process, and if the user is in that state I would like to show a different page to the user on login, saying “your account is locked because XYZ, please wait for us to notify you that everything has been set up correctly”. However, I can’t see how to make that happen within the FOSUserBundle framework.
Typically one uses Events for that sort of thing, but there doesn’t appear to be an event at that precise point that helps – they’re not specific enough, and don’t allow conditional redirection.
I started to try overriding the FOSUserBundle
SecurityController to introduce some logic of my own, which I think would work, but bundle inheritance will not be supported when we move to Symfony 4.x (soon).
Migrating to the more modern Symfony Guard approach to security would give us the flexibility we need, and we will do this at some point (FOSUserBundle itself doesn’t support the most recent versions of Symfony anyway), but prefer not to right now.
Is there an approach that will allow us to redirect locked users conditionally while still working within the FOSUserBundle process?
Thanks in advance!
Source: Symfony Questions