Blocked users can still login

here's a patch that fixes this (and also the access rules denials hopefully)
ported from ldapauth.module

Applied this to head as well as the 5.x branch. Will consider rolling a new release for this functionality.

Woops forgot to mark as fixed.

just did CVS update
somehow the code is indented a little too much in CVS
here's a trivial patch that lines things up nicely..

It's probably worth a new release, since blocked users should not get in and that was a nasty bug
not sure if you want to include some of the other stuff in there as part of the release as well, .. like the filtering

Risto

Yes, that was because I didn't use the patch command to apply it. It's important to know that Head is Drupal6 now, so I manually put this in so that I could get it into HEAD. I still need to find the time to reproduce what you did with the coding standards patch. If it's not too much trouble, it would greatly reduce my work if you provided patches against HEAD as well, so that these features will be available for 6.x as well.

marking as active, because of the issue where user's who can edit their username aren't blocked by this patch

what if we save whatever comes back after the ttransform hook into the user object
and then check for blocked users after we load the user into a temporary $account variable and if the current or the original is blocked then deny access .. might work

ps
no problem :)
i'll roll patches for both DRUAPL-5 and head from now on

Here's a patch against HEAD that takes care of this issue. I wrote a copy of _cas_external_user_is_blocked which probably should be in core, but I don't have the patience ;).

Tested this pretty thorougly so committing. Review still welcome.