12 files changed, 34 insertions, 61 deletions

diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php
index 1765f7f..99f92b8 100644
--- a/Http/Firewall/AbstractAuthenticationListener.php
+++ b/Http/Firewall/AbstractAuthenticationListener.php
@@ -273,7 +273,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
             return $targetUrl;
         }
 
-        if ($this->options['use_referer'] && $targetUrl = $request->headers->get('Referer')) {
+        if ($this->options['use_referer'] && ($targetUrl = $request->headers->get('Referer')) && $targetUrl !== $request->getUriForPath($this->options['login_path'])) {
             return $targetUrl;
         }
 
diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php
index d282452..96b8f07 100644
--- a/Http/Firewall/ContextListener.php
+++ b/Http/Firewall/ContextListener.php
@@ -22,6 +22,7 @@ use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
 use Symfony\Component\Security\Core\SecurityContext;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 
 /**
@@ -43,6 +44,12 @@ class ContextListener implements ListenerInterface
             throw new \InvalidArgumentException('$contextKey must not be empty.');
         }
 
+        foreach ($userProviders as $userProvider) {
+            if (!$userProvider instanceof UserProviderInterface) {
+                throw new \InvalidArgumentException(sprintf('User provider "%s" must implement "Symfony\Component\Security\Core\User\UserProviderInterface".', get_class($userProvider)));
+            }
+        }
+
         $this->context = $context;
         $this->userProviders = $userProviders;
         $this->contextKey = $contextKey;
@@ -96,19 +103,19 @@ class ContextListener implements ListenerInterface
             return;
         }
 
-        if (null === $token = $this->context->getToken()) {
-            return;
+        if (null !== $this->logger) {
+            $this->logger->debug('Write SecurityContext in the session');
         }
 
-        if (null === $token || $token instanceof AnonymousToken) {
+        if (null === $session = $event->getRequest()->getSession()) {
             return;
         }
 
-        if (null !== $this->logger) {
-            $this->logger->debug('Write SecurityContext in the session');
+        if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) {
+            $session->remove('_security_'.$this->contextKey);
+        } else {
+            $session->set('_security_'.$this->contextKey, serialize($token));
         }
-
-        $event->getRequest()->getSession()->set('_security_'.$this->contextKey, serialize($token));
     }
 
     /**
diff --git a/Http/Firewall/ExceptionListener.php b/Http/Firewall/ExceptionListener.php
index f61df81..674c648 100644
--- a/Http/Firewall/ExceptionListener.php
+++ b/Http/Firewall/ExceptionListener.php
@@ -15,7 +15,6 @@ use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
-use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Security\Core\Exception\AccountStatusException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
@@ -160,10 +159,9 @@ class ExceptionListener
 
         $this->setTargetPath($request);
 
-        if ($authException instanceof AccountStatusException && ($token = $this->context->getToken()) instanceof UsernamePasswordToken) {
+        if ($authException instanceof AccountStatusException) {
             // remove the security token to prevent infinite redirect loops
             $this->context->setToken(null);
-            $request->getSession()->remove('_security_'.$token->getProviderKey());
         }
 
         return $this->authenticationEntryPoint->start($request, $authException);
diff --git a/Http/Firewall/LogoutListener.php b/Http/Firewall/LogoutListener.php
index 4bfa7e1..bb90b6a 100644
--- a/Http/Firewall/LogoutListener.php
+++ b/Http/Firewall/LogoutListener.php
@@ -16,6 +16,7 @@ use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
 use Symfony\Component\Security\Http\Logout\LogoutHandlerInterface;
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\Security\Http\HttpUtils;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 
@@ -56,8 +57,6 @@ class LogoutListener implements ListenerInterface
      * Adds a logout handler
      *
      * @param LogoutHandlerInterface $handler
-     *
-     * @return void
      */
     public function addHandler(LogoutHandlerInterface $handler)
     {
@@ -73,7 +72,7 @@ class LogoutListener implements ListenerInterface
     {
         $request = $event->getRequest();
 
-        if (!$this->httpUtils->checkRequestPath($request, $this->logoutPath)) {
+        if (!$this->requiresLogout($request)) {
             return;
         }
 
@@ -98,4 +97,20 @@ class LogoutListener implements ListenerInterface
 
         $event->setResponse($response);
     }
+
+    /**
+     * Whether this request is asking for logout.
+     *
+     * The default implementation only processed requests to a specific path,
+     * but a subclass could change this to logout requests where
+     * certain parameters is present.
+     *
+     * @param Request $request
+     *
+     * @return Boolean
+     */
+    protected function requiresLogout(Request $request)
+    {
+        return $this->httpUtils->checkRequestPath($request, $this->logoutPath);
+    }
 }
diff --git a/Http/HttpUtils.php b/Http/HttpUtils.php
index cac130e..f62f84d 100644
--- a/Http/HttpUtils.php
+++ b/Http/HttpUtils.php
@@ -52,7 +52,6 @@ class HttpUtils
         if ('/' === $path[0]) {
             $path = $request->getUriForPath($path);
         } elseif (0 !== strpos($path, 'http')) {
-            $this->resetLocale($request);
             $path = $this->generateUrl($path, true);
         }
 
@@ -70,7 +69,6 @@ class HttpUtils
     public function createRequest(Request $request, $path)
     {
         if ($path && '/' !== $path[0] && 0 !== strpos($path, 'http')) {
-            $this->resetLocale($request);
             $path = $this->generateUrl($path, true);
         }
         if (0 !== strpos($path, 'http')) {
@@ -120,27 +118,6 @@ class HttpUtils
         return $path === $request->getPathInfo();
     }
 
-    // hack (don't have a better solution for now)
-    private function resetLocale(Request $request)
-    {
-        $context = $this->router->getContext();
-        if ($context->getParameter('_locale')) {
-            return;
-        }
-
-        try {
-            $parameters = $this->router->match($request->getPathInfo());
-
-            if (isset($parameters['_locale'])) {
-                $context->setParameter('_locale', $parameters['_locale']);
-            } elseif ($session = $request->getSession()) {
-                $context->setParameter('_locale', $session->getLocale());
-            }
-        } catch (\Exception $e) {
-            // let's hope user doesn't use the locale in the path
-        }
-    }
-
     private function generateUrl($route, $absolute = false)
     {
         if (null === $this->router) {
diff --git a/Http/Logout/CookieClearingLogoutHandler.php b/Http/Logout/CookieClearingLogoutHandler.php
index ddb24e3..6838be5 100644
--- a/Http/Logout/CookieClearingLogoutHandler.php
+++ b/Http/Logout/CookieClearingLogoutHandler.php
@@ -40,8 +40,6 @@ class CookieClearingLogoutHandler implements LogoutHandlerInterface
      * @param Request        $request
      * @param Response       $response
      * @param TokenInterface $token
-     *
-     * @return void
      */
     public function logout(Request $request, Response $response, TokenInterface $token)
     {
diff --git a/Http/Logout/LogoutHandlerInterface.php b/Http/Logout/LogoutHandlerInterface.php
index 079cc00..71be388 100644
--- a/Http/Logout/LogoutHandlerInterface.php
+++ b/Http/Logout/LogoutHandlerInterface.php
@@ -30,8 +30,6 @@ interface LogoutHandlerInterface
      * @param Request        $request
      * @param Response       $response
      * @param TokenInterface $token
-     *
-     * @return void
      */
     function logout(Request $request, Response $response, TokenInterface $token);
 }
diff --git a/Http/Logout/SessionLogoutHandler.php b/Http/Logout/SessionLogoutHandler.php
index 0a7e5cd..e91cf17 100644
--- a/Http/Logout/SessionLogoutHandler.php
+++ b/Http/Logout/SessionLogoutHandler.php
@@ -28,8 +28,6 @@ class SessionLogoutHandler implements LogoutHandlerInterface
      * @param Request        $request
      * @param Response       $response
      * @param TokenInterface $token
-     *
-     * @return void
      */
     public function logout(Request $request, Response $response, TokenInterface $token)
     {
diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php
index 94f8830..2bf8734 100644
--- a/Http/RememberMe/AbstractRememberMeServices.php
+++ b/Http/RememberMe/AbstractRememberMeServices.php
@@ -144,8 +144,6 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
      * @param Request        $request
      * @param Response       $response
      * @param TokenInterface $token
-     *
-     * @return void
      */
     public function logout(Request $request, Response $response, TokenInterface $token)
     {
@@ -157,8 +155,6 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
      * an attempted authentication fails.
      *
      * @param Request $request
-     *
-     * @return void
      */
     public final function loginFail(Request $request)
     {
@@ -173,8 +169,6 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
      * @param Request        $request
      * @param Response       $response
      * @param TokenInterface $token    The token that resulted in a successful authentication
-     *
-     * @return void
      */
     public final function loginSuccess(Request $request, Response $response, TokenInterface $token)
     {
@@ -224,8 +218,6 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
      * @param Request        $request
      * @param Response       $response
      * @param TokenInterface $token
-     *
-     * @return void
      */
     abstract protected function onLoginSuccess(Request $request, Response $response, TokenInterface $token);
 
@@ -268,8 +260,6 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
      * Deletes the remember-me cookie
      *
      * @param Request $request
-     *
-     * @return void
      */
     protected function cancelCookie(Request $request)
     {
diff --git a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
index e9d22ba..b87c9e4 100644
--- a/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
+++ b/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
@@ -35,8 +35,6 @@ class PersistentTokenBasedRememberMeServices extends AbstractRememberMeServices
      * Sets the token provider
      *
      * @param TokenProviderInterface $tokenProvider
-     *
-     * @return void
      */
     public function setTokenProvider(TokenProviderInterface $tokenProvider)
     {
diff --git a/Http/RememberMe/RememberMeServicesInterface.php b/Http/RememberMe/RememberMeServicesInterface.php
index b824538..0497c69 100644
--- a/Http/RememberMe/RememberMeServicesInterface.php
+++ b/Http/RememberMe/RememberMeServicesInterface.php
@@ -60,8 +60,6 @@ interface RememberMeServicesInterface
      * This method needs to take care of invalidating the cookie.
      *
      * @param Request $request
-     *
-     * @return void
      */
     function loginFail(Request $request);
 
@@ -79,8 +77,6 @@ interface RememberMeServicesInterface
      * @param Request        $request
      * @param Response       $response
      * @param TokenInterface $token
-     *
-     * @return void
      */
     function loginSuccess(Request $request, Response $response, TokenInterface $token);
 }
diff --git a/Http/Session/SessionAuthenticationStrategyInterface.php b/Http/Session/SessionAuthenticationStrategyInterface.php
index 54924ac..5bc6b80 100644
--- a/Http/Session/SessionAuthenticationStrategyInterface.php
+++ b/Http/Session/SessionAuthenticationStrategyInterface.php
@@ -32,8 +32,6 @@ interface SessionAuthenticationStrategyInterface
      *
      * @param Request        $request
      * @param TokenInterface $token
-     *
-     * @return void
      */
     function onAuthentication(Request $request, TokenInterface $token);
 }