Merge branch '2.8'

* 2.8: (29 commits)
  Updating AbstractVoter so that the method receives the TokenInterface
  Adding the necessary files so that Guard can be its own installable component
  Fix syntax in a test
  Normalize the way we check versions
  Avoid errors when generating the logout URL when there is no firewall key
  Removing unnecessary override
  fabbot
  Adding a new exception and throwing it when the User changes
  Fixing a bug where having an authentication failure would log you out.
  Tweaks thanks to Wouter
  Adding logging  on this step and switching the order - not for any huge reason
  Adding a base class to assist with form login authentication
  Allowing for other authenticators to be checked
  meaningless author and license changes
  Adding missing factory registration
  Thanks again fabbot!
  A few more changes thanks to @iltar
  Splitting the getting of the user and checking credentials into two steps
  Tweaking docblock on interface thanks to @iltar
  Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
  ...

Conflicts:
	UPGRADE-2.8.md
	src/Symfony/Bridge/Twig/Tests/Node/DumpNodeTest.php
	src/Symfony/Bundle/FrameworkBundle/Command/ServerCommand.php
	src/Symfony/Component/Validator/Tests/Constraints/AbstractComparisonValidatorTestCase.php
	src/Symfony/Component/Validator/Tests/Constraints/IdenticalToValidatorTest.php
	src/Symfony/Component/Validator/Tests/Constraints/RangeValidatorTest.php

3 files changed, 180 insertions, 0 deletions

diff --git a/Guard/Token/GuardTokenInterface.php b/Guard/Token/GuardTokenInterface.php
new file mode 100644
index 0000000..f0db250
--- /dev/null
+++ b/Guard/Token/GuardTokenInterface.php
@@ -0,0 +1,25 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Guard\Token;
+
+/**
+ * A marker interface that both guard tokens implement.
+ *
+ * Any tokens passed to GuardAuthenticationProvider (i.e. any tokens that
+ * are handled by the guard auth system) must implement this
+ * interface.
+ *
+ * @author Ryan Weaver <ryan@knpuniversity.com>
+ */
+interface GuardTokenInterface
+{
+}
diff --git a/Guard/Token/PostAuthenticationGuardToken.php b/Guard/Token/PostAuthenticationGuardToken.php
new file mode 100644
index 0000000..36c40ca
--- /dev/null
+++ b/Guard/Token/PostAuthenticationGuardToken.php
@@ -0,0 +1,90 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Guard\Token;
+
+use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
+use Symfony\Component\Security\Core\Role\RoleInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * Used as an "authenticated" token, though it could be set to not-authenticated later.
+ *
+ * If you're using Guard authentication, you *must* use a class that implements
+ * GuardTokenInterface as your authenticated token (like this class).
+ *
+ * @author Ryan Weaver <ryan@knpuniversity.com>n@gmail.com>
+ */
+class PostAuthenticationGuardToken extends AbstractToken implements GuardTokenInterface
+{
+    private $providerKey;
+
+    /**
+     * @param UserInterface            $user        The user!
+     * @param string                   $providerKey The provider (firewall) key
+     * @param RoleInterface[]|string[] $roles       An array of roles
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function __construct(UserInterface $user, $providerKey, array $roles)
+    {
+        parent::__construct($roles);
+
+        if (empty($providerKey)) {
+            throw new \InvalidArgumentException('$providerKey (i.e. firewall key) must not be empty.');
+        }
+
+        $this->setUser($user);
+        $this->providerKey = $providerKey;
+
+        // this token is meant to be used after authentication success, so it is always authenticated
+        // you could set it as non authenticated later if you need to
+        parent::setAuthenticated(true);
+    }
+
+    /**
+     * This is meant to be only an authenticated token, where credentials
+     * have already been used and are thus cleared.
+     *
+     * {@inheritdoc}
+     */
+    public function getCredentials()
+    {
+        return array();
+    }
+
+    /**
+     * Returns the provider (firewall) key.
+     *
+     * @return string
+     */
+    public function getProviderKey()
+    {
+        return $this->providerKey;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function serialize()
+    {
+        return serialize(array($this->providerKey, parent::serialize()));
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function unserialize($serialized)
+    {
+        list($this->providerKey, $parentStr) = unserialize($serialized);
+        parent::unserialize($parentStr);
+    }
+}
diff --git a/Guard/Token/PreAuthenticationGuardToken.php b/Guard/Token/PreAuthenticationGuardToken.php
new file mode 100644
index 0000000..abbe985
--- /dev/null
+++ b/Guard/Token/PreAuthenticationGuardToken.php
@@ -0,0 +1,65 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Guard\Token;
+
+use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
+
+/**
+ * The token used by the guard auth system before authentication.
+ *
+ * The GuardAuthenticationListener creates this, which is then consumed
+ * immediately by the GuardAuthenticationProvider. If authentication is
+ * successful, a different authenticated token is returned
+ *
+ * @author Ryan Weaver <ryan@knpuniversity.com>
+ */
+class PreAuthenticationGuardToken extends AbstractToken implements GuardTokenInterface
+{
+    private $credentials;
+    private $guardProviderKey;
+
+    /**
+     * @param mixed  $credentials
+     * @param string $guardProviderKey Unique key that bind this token to a specific GuardAuthenticatorInterface
+     */
+    public function __construct($credentials, $guardProviderKey)
+    {
+        $this->credentials = $credentials;
+        $this->guardProviderKey = $guardProviderKey;
+
+        parent::__construct(array());
+
+        // never authenticated
+        parent::setAuthenticated(false);
+    }
+
+    public function getGuardProviderKey()
+    {
+        return $this->guardProviderKey;
+    }
+
+    /**
+     * Returns the user credentials, which might be an array of anything you
+     * wanted to put in there (e.g. username, password, favoriteColor).
+     *
+     * @return mixed The user credentials
+     */
+    public function getCredentials()
+    {
+        return $this->credentials;
+    }
+
+    public function setAuthenticated($authenticated)
+    {
+        throw new \LogicException('The PreAuthenticationGuardToken is *never* authenticated.');
+    }
+}