New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use a UserChecker #56
Conversation
Perhaps the documentation should even go as far as recommending (or requiring?) to set a user provider? Not doing so is a security issue. The default user checker checks for inactive or locked accounts, but users generated by this bundles user_provider generally pass all those checks, even when they should not. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
What's the plan for this merge request? We need this feature in order to use this Bundle and would appreciate if those changes would be merged. |
Is there any progress or ETA about merging this PR? It is fixing a severe security flaw and it is 9 months old. |
I'm guess the project was abandoned. The author does not reply any pull-request. I'm considering creating a fork project. |
@xthiago Im searching for some collaborators to help me with this repository, do you want to participate? |
@sandermarechal could you please up to date this PR and resolve conflicts for merging? thanks |
e2ccad8
to
2362061
Compare
I have rebased on master and resolved all the conflicts. Only, I could not run the tests locally because I do not have the mongodb extension installed and composer refuses to install. Perhaps the mongodb extension should be optional for testing, just skipping the tests? |
Use a UserChecker during authentication. This fixes #52