From b6bb84b8f1358f283ad297dc08ccceab2ade2a12 Mon Sep 17 00:00:00 2001
From: Robin Chalas <robin.chalas@gmail.com>
Date: Thu, 19 Oct 2017 14:36:34 +0200
Subject: [PATCH] [Security] Fix BC layer for AbstractGuardAuthenticator
 subclasses

---
 .../Firewall/GuardAuthenticationListener.php  |  9 +++++-
 .../GuardAuthenticationListenerTest.php       | 32 +++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php b/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php
index 4ec0b8f32630d..1cac3c4b7be6b 100644
--- a/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php
+++ b/src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticationListener.php
@@ -14,6 +14,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
 use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
 use Symfony\Component\Security\Guard\GuardAuthenticatorInterface;
 use Symfony\Component\Security\Guard\Token\PreAuthenticationGuardToken;
@@ -124,7 +125,13 @@ private function executeGuardAuthenticator($uniqueGuardKey, GuardAuthenticatorIn
                     return;
                 }
 
-                throw new \UnexpectedValueException(sprintf('The return value of "%s::getCredentials()" must not be null. Return false from "%s::supports()" instead.', get_class($guardAuthenticator), get_class($guardAuthenticator)));
+                if ($guardAuthenticator instanceof AbstractGuardAuthenticator) {
+                    @trigger_error(sprintf('Returning null from "%1$s::getCredentials()" is deprecated since version 3.4 and will throw an \UnexpectedValueException in 4.0. Return false from "%1$s::supports()" instead.', get_class($guardAuthenticator)), E_USER_DEPRECATED);
+
+                    return;
+                }
+
+                throw new \UnexpectedValueException(sprintf('The return value of "%1$s::getCredentials()" must not be null. Return false from "%1$s::supports()" instead.', get_class($guardAuthenticator)));
             }
 
             // create a token with the unique key, so that the provider knows which authenticator to use
diff --git a/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php b/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php
index 5af9f130f8645..626b1cd4098ec 100644
--- a/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php
+++ b/src/Symfony/Component/Security/Guard/Tests/Firewall/GuardAuthenticationListenerTest.php
@@ -15,6 +15,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
 use Symfony\Component\Security\Guard\AuthenticatorInterface;
 use Symfony\Component\Security\Guard\Firewall\GuardAuthenticationListener;
 use Symfony\Component\Security\Guard\GuardAuthenticatorInterface;
@@ -388,6 +389,37 @@ public function testReturnNullFromGetCredentials()
         $listener->handle($this->event);
     }
 
+    /**
+     * @group legacy
+     * @expectedDeprecation Returning null from "%s::getCredentials()" is deprecated since version 3.4 and will throw an \UnexpectedValueException in 4.0. Return false from "%s::supports()" instead.
+     */
+    public function testReturnNullFromGetCredentialsTriggersForAbstractGuardAuthenticatorInstances()
+    {
+        $authenticator = $this->getMockBuilder(AbstractGuardAuthenticator::class)->getMock();
+        $providerKey = 'my_firewall4';
+
+        $authenticator
+            ->expects($this->once())
+            ->method('supports')
+            ->will($this->returnValue(true));
+
+        // this will raise exception
+        $authenticator
+            ->expects($this->once())
+            ->method('getCredentials')
+            ->will($this->returnValue(null));
+
+        $listener = new GuardAuthenticationListener(
+            $this->guardAuthenticatorHandler,
+            $this->authenticationManager,
+            $providerKey,
+            array($authenticator),
+            $this->logger
+        );
+
+        $listener->handle($this->event);
+    }
+
     protected function setUp()
     {
         $this->authenticationManager = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager')