6.0.0-beta6
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
3/30/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#14467] authLockUser method missing
*
Your Email Address
*
Spam protection
Enter the letters below:
.__.. ..__..__.. , | ||_/ [__][__] \./ |__\| \| || | |
Comment
> > Yes, something doesn't look right there. > Horde_Core_Auth_Application::lockUser is an override of > Horde_Auth_Base::lockUser. It looks like it was added to give > applications the ability to provide their own method of locking users > - though none of our applications seem to implement this. > > The 'lock' capability is set if the 'lock_api' parameter is passed > when contructing an Auth object, and this is done when the > 'login_block' parameter is set in the config. Now, the > hasCapability() method is called in > Horde_Core_Auth_Application::lockUser - the > Horde_Core_Auth_Application::hasCapability method explicitly states > that the 'lock' ability is determined by "Horde", and NOT by > applications - yet, when that check is true, we call the application > method. That is broken. If we truly want to allow the applications to > provide their own lock mechanisms we need to first check the > appCapability, and if that fails, then check Horde.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers