Merge branch '3.0' into 3.1

* 3.0:
  [travis] Fix deps=low/high builds
  fixed CS
  skip test with current phpunit bridge
  Fix for #19183 to add support for new PHP MongoDB extension in sessions.
  [Console] Fix for block() padding formatting after #19189
  [Security][Guard] check if session exist before using it
  bumped Symfony version to 3.0.9
  updated VERSION for 3.0.8
  updated CHANGELOG for 3.0.8
  bumped Symfony version to 2.8.9
  updated VERSION for 2.8.8
  updated CHANGELOG for 2.8.8
  bumped Symfony version to 2.7.16
  updated VERSION for 2.7.15
  update CONTRIBUTORS for 2.7.15
  updated CHANGELOG for 2.7.15
  Fix some lowest deps
  Fixed typos in the expectedException annotations

Conflicts:
	src/Symfony/Component/HttpKernel/Kernel.php
	src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php

3 files changed, 233 insertions, 68 deletions

diff --git a/Guard/Authenticator/AbstractFormLoginAuthenticator.php b/Guard/Authenticator/AbstractFormLoginAuthenticator.php
index d10e486..f99900b 100644
--- a/Guard/Authenticator/AbstractFormLoginAuthenticator.php
+++ b/Guard/Authenticator/AbstractFormLoginAuthenticator.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Guard\Authenticator;
 
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
@@ -45,7 +46,10 @@ abstract class AbstractFormLoginAuthenticator extends AbstractGuardAuthenticator
      */
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
     {
-        $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
+        if ($request->getSession() instanceof SessionInterface) {
+            $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
+        }
+
         $url = $this->getLoginUrl();
 
         return new RedirectResponse($url);
@@ -65,12 +69,16 @@ abstract class AbstractFormLoginAuthenticator extends AbstractGuardAuthenticator
         @trigger_error(sprintf('The AbstractFormLoginAuthenticator::onAuthenticationSuccess() implementation was deprecated in Symfony 3.1 and will be removed in Symfony 4.0. You should implement this method yourself in %s and remove getDefaultSuccessRedirectUrl().', get_class($this)), E_USER_DEPRECATED);
 
         if (!method_exists($this, 'getDefaultSuccessRedirectUrl')) {
-            throw new \Exception(sprintf('You must implement onAuthenticationSuccess() or getDefaultSuccessRedirectURL() in %s.', get_class($this)));
+            throw new \Exception(sprintf('You must implement onAuthenticationSuccess() or getDefaultSuccessRedirectUrl() in %s.', get_class($this)));
         }
 
-        // if the user hits a secure page and start() was called, this was
+        $targetPath = null;
+
+        // if the user hit a secure page and start() was called, this was
         // the URL they were on, and probably where you want to redirect to
-        $targetPath = $this->getTargetPath($request->getSession(), $providerKey);
+        if ($request->getSession() instanceof SessionInterface) {
+            $targetPath = $this->getTargetPath($request->getSession(), $providerKey);
+        }
 
         if (!$targetPath) {
             $targetPath = $this->getDefaultSuccessRedirectUrl();
diff --git a/Guard/Tests/Authenticator/AbstractFormLoginAuthenticatorTest.php b/Guard/Tests/Authenticator/AbstractFormLoginAuthenticatorTest.php
deleted file mode 100644
index e86b5ad..0000000
--- a/Guard/Tests/Authenticator/AbstractFormLoginAuthenticatorTest.php
+++ /dev/null
@@ -1,64 +0,0 @@
-<?php
-
-/*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Symfony\Component\Security\Guard\Tests\Authenticator;
-
-use Symfony\Component\HttpFoundation\RedirectResponse;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\Security\Core\User\UserInterface;
-use Symfony\Component\Security\Core\User\UserProviderInterface;
-use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
-
-class AbstractFormLoginAuthenticatorTest extends \PHPUnit_Framework_TestCase
-{
-    /**
-     * @group legacy
-     */
-    public function testLegacyWithLoginUrl()
-    {
-        $request = new Request();
-        $request->setSession($this->getMock('Symfony\Component\HttpFoundation\Session\Session'));
-
-        $authenticator = new LegacyFormLoginAuthenticator();
-        /** @var RedirectResponse $actualResponse */
-        $actualResponse = $authenticator->onAuthenticationSuccess(
-            $request,
-            $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'),
-            'provider_key'
-        );
-
-        $this->assertEquals('/default_url', $actualResponse->getTargetUrl());
-    }
-}
-
-class LegacyFormLoginAuthenticator extends AbstractFormLoginAuthenticator
-{
-    protected function getDefaultSuccessRedirectUrl()
-    {
-        return '/default_url';
-    }
-
-    protected function getLoginUrl()
-    {
-    }
-
-    public function getCredentials(Request $request)
-    {
-    }
-
-    public function getUser($credentials, UserProviderInterface $userProvider)
-    {
-    }
-
-    public function checkCredentials($credentials, UserInterface $user)
-    {
-    }
-}
diff --git a/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php b/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php
new file mode 100644
index 0000000..e35564b
--- /dev/null
+++ b/Guard/Tests/Authenticator/FormLoginAuthenticatorTest.php
@@ -0,0 +1,221 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Guard\Tests\Authenticator;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
+
+/**
+ * @author Jean Pasdeloup <jpasdeloup@sedona.fr>
+ */
+class FormLoginAuthenticatorTest extends \PHPUnit_Framework_TestCase
+{
+    private $requestWithoutSession;
+    private $requestWithSession;
+    private $authenticator;
+
+    const LOGIN_URL = 'http://login';
+    const DEFAULT_SUCCESS_URL = 'http://defaultsuccess';
+    const CUSTOM_SUCCESS_URL = 'http://customsuccess';
+
+    public function testAuthenticationFailureWithoutSession()
+    {
+        $failureResponse = $this->authenticator->onAuthenticationFailure($this->requestWithoutSession, new AuthenticationException());
+
+        $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
+        $this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
+    }
+
+    public function testAuthenticationFailureWithSession()
+    {
+        $this->requestWithSession->getSession()
+            ->expects($this->once())
+            ->method('set');
+
+        $failureResponse = $this->authenticator->onAuthenticationFailure($this->requestWithSession, new AuthenticationException());
+
+        $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
+        $this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testAuthenticationSuccessWithoutSession()
+    {
+        $token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithoutSession, $token, 'providerkey');
+
+        $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
+        $this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl());
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testAuthenticationSuccessWithSessionButEmpty()
+    {
+        $token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->requestWithSession->getSession()
+            ->expects($this->once())
+            ->method('get')
+            ->will($this->returnValue(null));
+
+        $redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey');
+
+        $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
+        $this->assertEquals(self::DEFAULT_SUCCESS_URL, $redirectResponse->getTargetUrl());
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testAuthenticationSuccessWithSessionAndTarget()
+    {
+        $token = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->requestWithSession->getSession()
+            ->expects($this->once())
+            ->method('get')
+            ->will($this->returnValue(self::CUSTOM_SUCCESS_URL));
+
+        $redirectResponse = $this->authenticator->onAuthenticationSuccess($this->requestWithSession, $token, 'providerkey');
+
+        $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $redirectResponse);
+        $this->assertEquals(self::CUSTOM_SUCCESS_URL, $redirectResponse->getTargetUrl());
+    }
+
+    public function testRememberMe()
+    {
+        $doSupport = $this->authenticator->supportsRememberMe();
+
+        $this->assertTrue($doSupport);
+    }
+
+    public function testStartWithoutSession()
+    {
+        $failureResponse = $this->authenticator->start($this->requestWithoutSession, new AuthenticationException());
+
+        $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
+        $this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
+    }
+
+    public function testStartWithSession()
+    {
+        $failureResponse = $this->authenticator->start($this->requestWithSession, new AuthenticationException());
+
+        $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $failureResponse);
+        $this->assertEquals(self::LOGIN_URL, $failureResponse->getTargetUrl());
+    }
+
+    protected function setUp()
+    {
+        $this->requestWithoutSession = new Request(array(), array(), array(), array(), array(), array());
+        $this->requestWithSession = new Request(array(), array(), array(), array(), array(), array());
+
+        $session = $this->getMockBuilder('Symfony\\Component\\HttpFoundation\\Session\\SessionInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->requestWithSession->setSession($session);
+
+        $this->authenticator = new TestFormLoginAuthenticator();
+        $this->authenticator
+            ->setLoginUrl(self::LOGIN_URL)
+            ->setDefaultSuccessRedirectUrl(self::DEFAULT_SUCCESS_URL)
+        ;
+    }
+
+    protected function tearDown()
+    {
+        $this->request = null;
+        $this->requestWithSession = null;
+    }
+}
+
+class TestFormLoginAuthenticator extends AbstractFormLoginAuthenticator
+{
+    private $loginUrl;
+    private $defaultSuccessRedirectUrl;
+
+    /**
+     * @param mixed $defaultSuccessRedirectUrl
+     *
+     * @return TestFormLoginAuthenticator
+     */
+    public function setDefaultSuccessRedirectUrl($defaultSuccessRedirectUrl)
+    {
+        $this->defaultSuccessRedirectUrl = $defaultSuccessRedirectUrl;
+
+        return $this;
+    }
+
+    /**
+     * @param mixed $loginUrl
+     *
+     * @return TestFormLoginAuthenticator
+     */
+    public function setLoginUrl($loginUrl)
+    {
+        $this->loginUrl = $loginUrl;
+
+        return $this;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getLoginUrl()
+    {
+        return $this->loginUrl;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getDefaultSuccessRedirectUrl()
+    {
+        return $this->defaultSuccessRedirectUrl;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getCredentials(Request $request)
+    {
+        return 'credentials';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getUser($credentials, UserProviderInterface $userProvider)
+    {
+        return $userProvider->loadUserByUsername($credentials);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function checkCredentials($credentials, UserInterface $user)
+    {
+        return true;
+    }
+}