search

djoos / EscapeWSSEAuthenticationBundle

Symfony bundle to implement WSSE authentication
http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
137 stars 59 forks source link

Bundle ignores isEnabled() flag #76

Closed Drachenkaetzchen closed 8 years ago

Drachenkaetzchen commented 8 years ago

I configured EscapeWSSEAuthenticationBundle with FOSUserBundle as user provider. However, it seems that the enabled/disabled user flag is ignored.

I think that it should be checked if the user object returned by the user provider is an instance of AdvancedUserInterface, and if so, it should check for isEnabled and proceed accordingly.

djoos commented 8 years ago

Hi @felicitus,

first of all sorry for the late reply. You're right here, handling an AdvancedUserInterface User is not part of the bundle as it stands.

Thanks for your initial work on this! I was wondering: should we try and delegate this to the UserChecker.php instead?

Example providers: UserAuthenticationProvider and DaoAuthenticationProvider.

The big benefit of using the UserChecker is obviously that other than isEnabled(), isAccountNonLocked(), isAccountNonExpired() and isCredentialsNonExpired() are handled as well.

What do you think?

Thanks in advance for your feedback! David

djoos commented 8 years ago

See PR #68, we'll try to get that PR merged in ASAP.

Kind regards, David

djoos commented 8 years ago

Merged!