I would like to comment on EntityUserProvider's loadUserByAccount() method. Unlike loadUserByUsername() which receives a plain string-form login identifier for authentication, loadUserByAccount() has to retrieve the string identifier from a supplied AccountInterface object. This is very fine.
However it was not at all obvious to me that loadUserByAccount() retrieves the string identifier with a call to MyUserEntity->__toString() when there is a getUsername() method also implemented in AccountInterface. It was more obvious for me to have __toString() return the user's real name shown to others instead of an email address which I use for logging in users. As a result I spent several hours digging the symfony code. Debugging wasn't straight forward as I would only see a successful authentication turn into an anonymous user on the next page load. Thank you, Jaakko R. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
