Closed ibraheemdev closed 4 years ago
The only thing these do is allow you to protect non-login endpoints from unconfirmed or locked users. If you don't use this, a locked user that gets a session (or a user who becomes locked during their session for other reasons) can still access pages as an example.
Oh, I get it. Because the auth events only protect on login, and once the session is created a locked user can still access pages
There are two middlewares that I don't understand fully:
There seems to be complete overlap between the middlewares and the before auth events. If a route is already protected by
authboss.Middleware
, are the lock and confirm middlewares even needed? What is the use case for them?