Properly handles "post auth" tokens that have become not authenticated

Here is the flow:

A) You login using guard and are given a PostAuthGuardToken
B) Your user changes between requests - AbstractToken::setUser() and hasUserChanged() - which
    results in the Token becoming "not authenticated"
C) Something calls out to the security system, which then passes the no-longer-authed
    token back into the AuthenticationProviderManager
D) Because the PostauthGuardToken implements GuardTokenInterface, the provider responds
    to it. But, seeing that this is a no-longer-authed PostAuthGuardToken, it returns
    an AnonymousToken, which triggers logout

0 files changed, 0 insertions, 0 deletions