So is 1.2 branch of sfDoctrineGuardPlugin the recommended one to use for project?
On Fri, Sep 11, 2009 at 9:13 AM, Tom Boutell <[email protected]> wrote: > > Pascal, you are right, but this is not in a released tarball version. > If you download sfDoctrineGuardPlugin from the symfony site today, you > still get version 3.0.0 which does not have this important fix. > Hopefully Jon Wage can take care of that. For our own projects we will > switch tto using the 1.2 branch via svn externals at least for now > > Does anyone know whether this has been fixed in the Propel > sfGuardPlugin releases (svn and/or tarballs)? > > On Thu, Sep 10, 2009 at 4:46 PM, [MA]Pascal<[email protected]> wrote: >> >> Hi, >> >> I see two places in sfDoctrineGuard where it's implemented : >> >> 1 - In >> http://trac.symfony-project.org/browser/plugins/sfDoctrineGuardPlugin/trunk/lib/validator/sfGuardValidatorUser.class.php#L35 >> >> if ($username && $user = Doctrine::getTable('sfGuardUser')- >>>retrieveByUsername($username)) >> >> retrieveByUsername is a custom method defined in >> http://trac.symfony-project.org/browser/plugins/sfDoctrineGuardPlugin/trunk/lib/model/doctrine/PluginsfGuardUserTable.class.php#L7 >> doing : >> >> public static function retrieveByUsername($username, $isActive = true) >> { >> .... >> ->addWhere('u.is_active = ?', $isActive) >> .... >> } >> >> 2 - In In >> http://trac.symfony-project.org/browser/plugins/sfDoctrineGuardPlugin/trunk/lib/validator/sfGuardValidatorUser.class.php#L38 >> >> if ($user->getIsActive() && $user->checkPassword($password)) >> >> Looks good huh ? >> >> Cheers >> [MA]Pascal >> >> On Sep 10, 10:32 pm, Tom Boutell <[email protected]> wrote: >>> Today it was pointed out to me that sfDoctrineApplyPlugin still lets >>> you log in if you haven't validated your account yet. >>> >>> "Impossible," I thought. "I know for a fact that I'm setting is_active >>> explicitly to false when I save a new account. And I only set it to >>> true when you validate your account. >>> >>> As it turns out that's true. It does get saved with is_active set to >>> false. But it doesn't matter because sfDoctrineGuardPlugin doesn't >>> actually check is_active in sfGuardAuth. >>> >>> I figured I must just be missing it, so I grepped my way through the >>> whole thing... nope. It is not checked anywhere. Not in the form, not >>> in the validator, not in the action. >>> >>> And it's not checked in the old Symfony 1.0 Propel version of >>> sfGuardPlugin, either. >>> >>> This leaves me with questions: >>> >>> 1. Is this a bug (going wayyyy back), or did I miss something? >>> 2. If I did miss something, what is the real purpose of is_active? >>> 3. If it is a bug, will it be fixed promptly? >>> >>> I'd like to get this figured out quickly so that I can work around it >>> in sfDoctrineApplyPlugin and sfApplyPlugin if that is necessary. >>> >>> Thanks! >>> >>> -- >>> Tom Boutell >>> P'unk Avenue >>> 215 755 1330 >>> punkave.com >>> window.punkave.com >> > >> > > > > -- > Tom Boutell > P'unk Avenue > 215 755 1330 > punkave.com > window.punkave.com > > > > -- Blue Horn Ltd - System Development http://bluehorn.co.nz --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
