Merge branch '3.0'v3.1.0-BETA1

* 3.0: (31 commits)
  Drop hirak/prestissimo
  [MonologBridge] Uninstallable together with symfony/http-kernel in 3.0.6
  bumped Symfony version to 3.0.7
  updated VERSION for 3.0.6
  updated CHANGELOG for 3.0.6
  bumped Symfony version to 2.8.7
  updated VERSION for 2.8.6
  updated CHANGELOG for 2.8.6
  bumped Symfony version to 2.7.14
  updated VERSION for 2.7.13
  updated CHANGELOG for 2.7.13
  bumped Symfony version to 2.3.42
  [Debug] Fix fatal error handlers on PHP 7
  updated VERSION for 2.3.41
  update CONTRIBUTORS for 2.3.41
  updated CHANGELOG for 2.3.41
  fixed bad merge
  Fixed issue with blank password with Ldap
  limited the maximum length of a submitted username
  [2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
  ...

Conflicts:
	src/Symfony/Component/DependencyInjection/Compiler/AutowirePass.php
	src/Symfony/Component/DependencyInjection/Tests/Compiler/AutowirePassTest.php
	src/Symfony/Component/HttpKernel/Kernel.php

3 files changed, 6 insertions, 2 deletions

diff --git a/Core/Authentication/Provider/LdapBindAuthenticationProvider.php b/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
index 950b603..5ebb09a 100644
--- a/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
+++ b/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
@@ -73,6 +73,10 @@ class LdapBindAuthenticationProvider extends UserAuthenticationProvider
         $username = $token->getUsername();
         $password = $token->getCredentials();
 
+        if ('' === $password) {
+            throw new BadCredentialsException('The presented password must not be empty.');
+        }
+
         try {
             $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_DN);
             $dn = str_replace('{username}', $username, $this->dnString);
diff --git a/Core/Authentication/Token/AnonymousToken.php b/Core/Authentication/Token/AnonymousToken.php
index e1dfef4..2c73cb4 100644
--- a/Core/Authentication/Token/AnonymousToken.php
+++ b/Core/Authentication/Token/AnonymousToken.php
@@ -26,7 +26,7 @@ class AnonymousToken extends AbstractToken
      * Constructor.
      *
      * @param string          $secret A secret used to make sure the token is created by the app and not by a malicious client
-     * @param string          $user   The user
+     * @param string|object   $user   The user can be a UserInterface instance, or an object implementing a __toString method or the username as a regular string.
      * @param RoleInterface[] $roles  An array of roles
      */
     public function __construct($secret, $user, array $roles = array())
diff --git a/Core/Authentication/Token/PreAuthenticatedToken.php b/Core/Authentication/Token/PreAuthenticatedToken.php
index 1798203..5a3fc95 100644
--- a/Core/Authentication/Token/PreAuthenticatedToken.php
+++ b/Core/Authentication/Token/PreAuthenticatedToken.php
@@ -26,7 +26,7 @@ class PreAuthenticatedToken extends AbstractToken
     /**
      * Constructor.
      *
-     * @param string|object            $user        The user
+     * @param string|object            $user        The user can be a UserInterface instance, or an object implementing a __toString method or the username as a regular string.
      * @param mixed                    $credentials The user credentials
      * @param string                   $providerKey The provider key
      * @param RoleInterface[]|string[] $roles       An array of roles