[Security] fixed pre/post authentication checks

fabpot · fabpot · commit ef0cdb376df5 · 2013-12-31T11:55:25.000+01:00
diff --git a/User/UserChecker.php b/User/UserChecker.php
@@ -32,22 +32,6 @@ public function checkPreAuth(UserInterface $user)
             return;
         }
 
-        if (!$user->isCredentialsNonExpired()) {
-            $ex = new CredentialsExpiredException('User credentials have expired.');
-            $ex->setUser($user);
-            throw $ex;
-        }
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function checkPostAuth(UserInterface $user)
-    {
-        if (!$user instanceof AdvancedUserInterface) {
-            return;
-        }
-
         if (!$user->isAccountNonLocked()) {
             $ex = new LockedException('User account is locked.');
             $ex->setUser($user);
@@ -66,4 +50,20 @@ public function checkPostAuth(UserInterface $user)
             throw $ex;
         }
     }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function checkPostAuth(UserInterface $user)
+    {
+        if (!$user instanceof AdvancedUserInterface) {
+            return;
+        }
+
+        if (!$user->isCredentialsNonExpired()) {
+            $ex = new CredentialsExpiredException('User credentials have expired.');
+            $ex->setUser($user);
+            throw $ex;
+        }
+    }
 }
