Hello,
I have a question about Security in Symfony2.
In my user entity i have a column enabled, when the user registred for the
first time I set *enabled *to *false* like the FOSUserBundle.
before validate the registration ( confirmation by email => set enabled to
true ), i can authenticate the user and he can access to his account...
how to check if the user is enabled or not?? ( i don't want to verify that
in every action..)
is that implemented by symfony ??
in the UserChcker class i see :
public function checkPostAuth(UserInterface $user)
{
if (!$user instanceof AdvancedUserInterface) {
return;
}
if (!$user->isAccountNonLocked()) {
throw new LockedException('User account is locked.', $user);
}
if (!$user->isEnabled()) {
throw new DisabledException('User account is disabled.', $user);
}
if (!$user->isAccountNonExpired()) {
throw new AccountExpiredException('User account has expired.',
$user);
}
}
Thanks
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
