It is possible to authenticate with an expired account
authenticationManager->authenticate() works even with expired account: account->getExpirationDate() is in the past.
Updated by Patrick Pussar over 9 years ago
After some investigation I found out that this feature works actually, but only on day basis.
I would assumed that it would work also on Minute basis.
The query defined in AccountRepository.php just checks on day basis:
$query->greaterThan('expirationDate', new \DateTime('today'))
but I would assume this check:
$query->greaterThan('expirationDate', new \DateTime())