I'm not sure whether to file this in the Entity issue queue or the Logintoboggan queue; I am tentatively filing it with Logintoboggan.

After updating Entity API to rc2 from rc1, Logintoboggan no longer correctly adds the "non-authenticated" role upon user registration; thus, users are no longer required to verify their accounts, breaking a basic function of the module. Reverting to Entity API rc1 resolves the issue, so the cause appears to be an incompatibility between Entity rc2 and Logintoboggan 1.3.

Here are my Logintoboggan settings:
Set password: Checked
Non-authenticated role: unverified (special role I created)
Immediate login: Unchecked

Comments

ptmkenny’s picture

The same problem is occurring with Entity API rc3 as well. Could someone who knows more than me confirm whether this is a Logintoboggan or Entity API issue?

ptmkenny’s picture

I still haven't found the cause of this issue. However, the Rules module, as of 2.1, now requires rc2+ of Entity API to enable the Rules translations submodule. Although Logintoboggan does not depend on Rules, it does include a Rules integration submodule, so I assume that a defect that breaks compatibility with Rules would qualify it as a bug for this module.

I would appreciate if someone could comment as to whether this issue has been filed in the appropriate issue queue.

ptmkenny’s picture

I still haven't been able to solve this, but here are the results of my debugging efforts so far:

In the logintoboggan_user_register_submit() function, $form_state['values']['roles'] gets set properly with the value for the pre-auth role (213229730 in my case).

After the line $edit = array_intersect_key((array) $account, $form_state['values']);, $account includes the roles in the array (2 + 213229730) (verified using dpm() via the devel module).

The roles in the _logintoboggan_user_roles_alter() function also look ok before the validation e-mail is sent; however, after the validation e-mail is sent, the pre-auth role is somehow removed from the roles array (I have been unable to discover the cause of this, but this appears to me to be the source of the problem.)

I grepped entity rc1 and rc3 for "roles" and compared those lines using diff; however, all lines that refer to roles are the same between both versions of the module, so I was unable to determine what changes in Entity that causes the pre-auth rule to be removed.

Anonymous’s picture

I'm using both Logintoboggan and Entity API rc3. The pre-auth role is assigned, properly.

Are you sure the pre-auth is removed? Regarding the concept of LT I would expect the auth-role is added again, so the users get the sum of pre-auth and auth permissions.

ptmkenny’s picture

Yes, it appears to be removed, as it is added to $account and then later it is gone.

The user account is not getting validated; my rules that trigger on validation are not being triggered.

Yes, in theory it should be that the pre-auth role is added, the auth role is removed, and then upon validation the pre-auth role is removed and the auth role is being added. However, what I am seeing is that the pre-auth role is added and then the pre-auth role is removed. I will continue to look into this and report back.

ptmkenny’s picture

Title: Enabling Entity API 1.0-rc2 breaks user verification; automatically allows all users to log in » Enabling Entity API 1.0-rc2 and Pathauto 1.1 together breaks user verification; automatically allows all users to log in

Ok, I uncovered that Pathauto is also at fault here.

Entity-rc3 + Pathauto-1.1 + Logintoboggan-1.3 = Auth role is not added

Entity-rc3 + Logintoboggan-1.3 = Ok

Entity-rc1 + Pathauto-1.1 + Logintoboggan-1.3 = Ok

I will look at this again after I get some sleep.

ptmkenny’s picture

Ok, here is what I have found out so far. This error occurs if a pattern is set for user accounts on the Pathauto URL Alias Patterns page.

Removing the pattern for user accounts resolves the issue.

Pathauto's queries also make use of the Entity API; the code that causes the issue can be found in the _pathauto_set_alias() function, but I am unsure how to patch it to ensure compatibility among the three modules so that a custom path can be set for users.

Anonymous’s picture

Patching pathauto to make LT work is no good idea I think ;)

I had the inverse issue to this one: the user remains in the pre-auth role and doesn't join auth role during validation. Pre-auth seems to be an open-heart operation and IMHO isn't hardened enough against D7. The other parts of Logintoboggan seem to work well anyway, like doubled e-mail field and e-mail login.

Actually, I'd strongly suggest to put pre-auth for D7 into dev status and add that information to the user interface very clearly. For first by adding a notice to the UI. And ultimately by moving it to a sub-module, so it may be used and maintained seperately.

I don't want to disrespect the module and its developers. But it's not fair to let implementors experience such unpredictable problems when they have to meet a dead-line.

What do you think, shouldn't we add such an issue?

I'd also like to know if the maintainer has an opinion about this!

ptmkenny’s picture

Title: Enabling Entity API 1.0-rc2 and Pathauto 1.1 together breaks user verification; automatically allows all users to log in » Enabling Entity API 1.0-rc3 and Pathauto 1.3 together breaks user verification; automatically allows all users to log in

Contrary to what I wrote in #7, even if no pattern is set, the pre-auth role is not added when using the latest versions of the modules (entity-rc3, pathautho-1.2).

ptmkenny’s picture

Issue summary: View changes

clarified that it is upon user registration