feature #16395 checkCredentials() force it to be an affirmative yes! (weaverryan)

This PR was squashed before being merged into the 2.8 branch (closes #16395).

Discussion
----------

checkCredentials() force it to be an affirmative yes!

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | no (because 2.8 isn't released)
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

This changes `GuardAuthenticatorInterface::checkCredentials()`: you now *must* return true in order for authentication to pass.

Before: You could do nothing (i.e. return null) and authentication would pass. You threw an AuthenticationException to cause a failure.

New: You *must* return `true` for authentication to pass. If you do nothing, we will throw a `BadCredentialsException` on your behalf. You can still throw your own exception.

This was a suggestion at symfony_live to make things more secure. I think it makes sense.

Commits
-------

14acadd checkCredentials() force it to be an affirmative yes!

1 files changed, 5 insertions, 1 deletions

diff --git a/Guard/GuardAuthenticatorInterface.php b/Guard/GuardAuthenticatorInterface.php
index 2db313c..6e62ae6 100644
--- a/Guard/GuardAuthenticatorInterface.php
+++ b/Guard/GuardAuthenticatorInterface.php
@@ -73,7 +73,11 @@ interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface
     public function getUser($credentials, UserProviderInterface $userProvider);
 
     /**
-     * Throw an AuthenticationException if the credentials are invalid.
+     * Returns true if the credentials are valid.
+     *
+     * If any value other than true is returned, authentication will
+     * fail. You may also throw an AuthenticationException if you wish
+     * to cause authentication to fail.
      *
      * The *credentials* are the return value from getCredentials()
      *