Pascal, you are right, but this is not in a released tarball version. If you download sfDoctrineGuardPlugin from the symfony site today, you still get version 3.0.0 which does not have this important fix. Hopefully Jon Wage can take care of that. For our own projects we will switch tto using the 1.2 branch via svn externals at least for now
Does anyone know whether this has been fixed in the Propel sfGuardPlugin releases (svn and/or tarballs)? On Thu, Sep 10, 2009 at 4:46 PM, [MA]Pascal<[email protected]> wrote: > > Hi, > > I see two places in sfDoctrineGuard where it's implemented : > > 1 - In > http://trac.symfony-project.org/browser/plugins/sfDoctrineGuardPlugin/trunk/lib/validator/sfGuardValidatorUser.class.php#L35 > > if ($username && $user = Doctrine::getTable('sfGuardUser')- >>retrieveByUsername($username)) > > retrieveByUsername is a custom method defined in > http://trac.symfony-project.org/browser/plugins/sfDoctrineGuardPlugin/trunk/lib/model/doctrine/PluginsfGuardUserTable.class.php#L7 > doing : > > public static function retrieveByUsername($username, $isActive = true) > { > .... > ->addWhere('u.is_active = ?', $isActive) > .... > } > > 2 - In In > http://trac.symfony-project.org/browser/plugins/sfDoctrineGuardPlugin/trunk/lib/validator/sfGuardValidatorUser.class.php#L38 > > if ($user->getIsActive() && $user->checkPassword($password)) > > Looks good huh ? > > Cheers > [MA]Pascal > > On Sep 10, 10:32 pm, Tom Boutell <[email protected]> wrote: >> Today it was pointed out to me that sfDoctrineApplyPlugin still lets >> you log in if you haven't validated your account yet. >> >> "Impossible," I thought. "I know for a fact that I'm setting is_active >> explicitly to false when I save a new account. And I only set it to >> true when you validate your account. >> >> As it turns out that's true. It does get saved with is_active set to >> false. But it doesn't matter because sfDoctrineGuardPlugin doesn't >> actually check is_active in sfGuardAuth. >> >> I figured I must just be missing it, so I grepped my way through the >> whole thing... nope. It is not checked anywhere. Not in the form, not >> in the validator, not in the action. >> >> And it's not checked in the old Symfony 1.0 Propel version of >> sfGuardPlugin, either. >> >> This leaves me with questions: >> >> 1. Is this a bug (going wayyyy back), or did I miss something? >> 2. If I did miss something, what is the real purpose of is_active? >> 3. If it is a bug, will it be fixed promptly? >> >> I'd like to get this figured out quickly so that I can work around it >> in sfDoctrineApplyPlugin and sfApplyPlugin if that is necessary. >> >> Thanks! >> >> -- >> Tom Boutell >> P'unk Avenue >> 215 755 1330 >> punkave.com >> window.punkave.com > > > -- Tom Boutell P'unk Avenue 215 755 1330 punkave.com window.punkave.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
