Today it was pointed out to me that sfDoctrineApplyPlugin still lets you log in if you haven't validated your account yet.
"Impossible," I thought. "I know for a fact that I'm setting is_active explicitly to false when I save a new account. And I only set it to true when you validate your account. As it turns out that's true. It does get saved with is_active set to false. But it doesn't matter because sfDoctrineGuardPlugin doesn't actually check is_active in sfGuardAuth. I figured I must just be missing it, so I grepped my way through the whole thing... nope. It is not checked anywhere. Not in the form, not in the validator, not in the action. And it's not checked in the old Symfony 1.0 Propel version of sfGuardPlugin, either. This leaves me with questions: 1. Is this a bug (going wayyyy back), or did I miss something? 2. If I did miss something, what is the real purpose of is_active? 3. If it is a bug, will it be fixed promptly? I'd like to get this figured out quickly so that I can work around it in sfDoctrineApplyPlugin and sfApplyPlugin if that is necessary. Thanks! -- Tom Boutell P'unk Avenue 215 755 1330 punkave.com window.punkave.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
