Block login when isVerified is False #190
Labels
Status: Reviewed
Has been reviewed by a maintainer
Comments
|
Howdy @keoozDan - In very broad, general terms, it's usually best to allow a user to authenticate (Authentication) regardless if they're "verified" or not. To prevent access (Authorization) to all or part of an application for "non-verified" users, Symfony's Security Voter system can help with that depending on your needs. https://symfony.com/doc/current/security/voters.html If you really want to only allow users who have verified their email address to be able to login (authentication), then you would probably need to use a custom authenticator or some sort of custom security events to handle that gracefully. Hope this helps! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think that user with isVerified is false can login.
How can we block the login because :
1/ In app_verify_email we use : $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
2/ In UserChecker.php : we can't block for false isVerified because we block the verification too
Have you any solution ?
The text was updated successfully, but these errors were encountered: