Use a UserChecker #56
Conversation
|
Perhaps the documentation should even go as far as recommending (or requiring?) to set a user provider? Not doing so is a security issue. The default user checker checks for inactive or locked accounts, but users generated by this bundles user_provider generally pass all those checks, even when they should not. |
|
What's the plan for this merge request? We need this feature in order to use this Bundle and would appreciate if those changes would be merged. |
|
Is there any progress or ETA about merging this PR? It is fixing a severe security flaw and it is 9 months old. |
|
I'm guess the project was abandoned. The author does not reply any pull-request. I'm considering creating a fork project. |
|
@xthiago Im searching for some collaborators to help me with this repository, do you want to participate? |
|
@sandermarechal could you please up to date this PR and resolve conflicts for merging? thanks |
sandermarechal
force-pushed
the
user_checker
branch
from
e2ccad8
to
2362061
Compare
|
I have rebased on master and resolved all the conflicts. Only, I could not run the tests locally because I do not have the mongodb extension installed and composer refuses to install. Perhaps the mongodb extension should be optional for testing, just skipping the tests? |
Use a UserChecker during authentication. This fixes #52