Merge branch '2.8'

* 2.8: (29 commits)
  Updating AbstractVoter so that the method receives the TokenInterface
  Adding the necessary files so that Guard can be its own installable component
  Fix syntax in a test
  Normalize the way we check versions
  Avoid errors when generating the logout URL when there is no firewall key
  Removing unnecessary override
  fabbot
  Adding a new exception and throwing it when the User changes
  Fixing a bug where having an authentication failure would log you out.
  Tweaks thanks to Wouter
  Adding logging  on this step and switching the order - not for any huge reason
  Adding a base class to assist with form login authentication
  Allowing for other authenticators to be checked
  meaningless author and license changes
  Adding missing factory registration
  Thanks again fabbot!
  A few more changes thanks to @iltar
  Splitting the getting of the user and checking credentials into two steps
  Tweaking docblock on interface thanks to @iltar
  Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
  ...

Conflicts:
	UPGRADE-2.8.md
	src/Symfony/Bridge/Twig/Tests/Node/DumpNodeTest.php
	src/Symfony/Bundle/FrameworkBundle/Command/ServerCommand.php
	src/Symfony/Component/Validator/Tests/Constraints/AbstractComparisonValidatorTestCase.php
	src/Symfony/Component/Validator/Tests/Constraints/IdenticalToValidatorTest.php
	src/Symfony/Component/Validator/Tests/Constraints/RangeValidatorTest.php

1 files changed, 150 insertions, 0 deletions

diff --git a/Guard/GuardAuthenticatorInterface.php b/Guard/GuardAuthenticatorInterface.php
new file mode 100644
index 0000000..2db313c
--- /dev/null
+++ b/Guard/GuardAuthenticatorInterface.php
@@ -0,0 +1,150 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Guard;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
+
+/**
+ * The interface for all "guard" authenticators.
+ *
+ * The methods on this interface are called throughout the guard authentication
+ * process to give you the power to control most parts of the process from
+ * one location.
+ *
+ * @author Ryan Weaver <ryan@knpuniversity.com>
+ */
+interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface
+{
+    /**
+     * Get the authentication credentials from the request and return them
+     * as any type (e.g. an associate array). If you return null, authentication
+     * will be skipped.
+     *
+     * Whatever value you return here will be passed to getUser() and checkCredentials()
+     *
+     * For example, for a form login, you might:
+     *
+     *      return array(
+     *          'username' => $request->request->get('_username'),
+     *          'password' => $request->request->get('_password'),
+     *      );
+     *
+     * Or for an API token that's on a header, you might use:
+     *
+     *      return array('api_key' => $request->headers->get('X-API-TOKEN'));
+     *
+     * @param Request $request
+     *
+     * @return mixed|null
+     */
+    public function getCredentials(Request $request);
+
+    /**
+     * Return a UserInterface object based on the credentials.
+     *
+     * The *credentials* are the return value from getCredentials()
+     *
+     * You may throw an AuthenticationException if you wish. If you return
+     * null, then a UsernameNotFoundException is thrown for you.
+     *
+     * @param mixed                 $credentials
+     * @param UserProviderInterface $userProvider
+     *
+     * @throws AuthenticationException
+     *
+     * @return UserInterface|null
+     */
+    public function getUser($credentials, UserProviderInterface $userProvider);
+
+    /**
+     * Throw an AuthenticationException if the credentials are invalid.
+     *
+     * The *credentials* are the return value from getCredentials()
+     *
+     * @param mixed         $credentials
+     * @param UserInterface $user
+     *
+     * @throws AuthenticationException
+     */
+    public function checkCredentials($credentials, UserInterface $user);
+
+    /**
+     * Create an authenticated token for the given user.
+     *
+     * If you don't care about which token class is used or don't really
+     * understand what a "token" is, you can skip this method by extending
+     * the AbstractGuardAuthenticator class from your authenticator.
+     *
+     * @see AbstractGuardAuthenticator
+     *
+     * @param UserInterface $user
+     * @param string        $providerKey The provider (i.e. firewall) key
+     *
+     * @return GuardTokenInterface
+     */
+    public function createAuthenticatedToken(UserInterface $user, $providerKey);
+
+    /**
+     * Called when authentication executed, but failed (e.g. wrong username password).
+     *
+     * This should return the Response sent back to the user, like a
+     * RedirectResponse to the login page or a 403 response.
+     *
+     * If you return null, the request will continue, but the user will
+     * not be authenticated. This is probably not what you want to do.
+     *
+     * @param Request                 $request
+     * @param AuthenticationException $exception
+     *
+     * @return Response|null
+     */
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception);
+
+    /**
+     * Called when authentication executed and was successful!
+     *
+     * This should return the Response sent back to the user, like a
+     * RedirectResponse to the last page they visited.
+     *
+     * If you return null, the current request will continue, and the user
+     * will be authenticated. This makes sense, for example, with an API.
+     *
+     * @param Request        $request
+     * @param TokenInterface $token
+     * @param string         $providerKey The provider (i.e. firewall) key
+     *
+     * @return Response|null
+     */
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey);
+
+    /**
+     * Does this method support remember me cookies?
+     *
+     * Remember me cookie will be set if *all* of the following are met:
+     *  A) This method returns true
+     *  B) The remember_me key under your firewall is configured
+     *  C) The "remember me" functionality is activated. This is usually
+     *      done by having a _remember_me checkbox in your form, but
+     *      can be configured by the "always_remember_me" and "remember_me_parameter"
+     *      parameters under the "remember_me" firewall key
+     *
+     * @return bool
+     */
+    public function supportsRememberMe();
+}