Any idea how this might happen?
BeforeLogin returns false as desired.
I also tried setting $event->handled true in that case.
I get my flash error message ("You are not allowed to log in"). But the user is logged in.
Is there anything more I need to do? Where in my login controller/model/view do I ever find out beforeLogin failed ??!!
Looking at the code from web/User I see it returns "isValid"
protected function beforeLogin($identity, $cookieBased, $duration)
{
$event = new UserEvent([
'identity' => $identity,
'cookieBased' => $cookieBased,
'duration' => $duration,
]);
$this->trigger(self::EVENT_BEFORE_LOGIN, $event);
return $event->isValid;
}
So I set $event->isValid = false in my beforeLogin and now it works as expected (user not logged in).
The documentation seems clear. This is not how it should work.
Am I looking for my own problem, or have I found a documentation/bug issue in yi2?