Updating the error message of an AuthenticationEntryPointInterface returns a non-Response object

weaverryan · weaverryan · commit 7b6c56c4b33e · 2016-04-27T12:48:29.000-04:00
diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
@@ -203,7 +203,15 @@ private function startAuthentication(Request $request, AuthenticationException $
             }
         }
 
-        return $this->authenticationEntryPoint->start($request, $authException);
+        $response = $this->authenticationEntryPoint->start($request, $authException);
+
+        if (!$response instanceof Response) {
+            $given = is_object($response) ? get_class($response) : gettype($response);
+
+            throw new \LogicException(sprintf('The %s::start() method must return a Response object (%s returned)', get_class($this->authenticationEntryPoint), $given));
+        }
+
+        return $response;
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php
@@ -65,6 +65,20 @@ public function getAuthenticationExceptionProvider()
         );
     }
 
+    public function testExceptionWhenEntryPointReturnsBadValue()
+    {
+        $event = $this->createEvent(new AuthenticationException());
+
+        $entryPoint = $this->getMock('Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface');
+        $entryPoint->expects($this->once())->method('start')->will($this->returnValue('NOT A RESPONSE'));
+
+        $listener = $this->createExceptionListener(null, null, null, $entryPoint);
+        $listener->onKernelException($event);
+        // the exception has been replaced by our LogicException
+        $this->assertInstanceOf('LogicException', $event->getException());
+        $this->assertStringEndsWith('start() method must return a Response object (string returned)', $event->getException()->getMessage());
+    }
+
     /**
      * @dataProvider getAccessDeniedExceptionProvider
      */

Original file line number	Diff line number	Diff line change
`@@ -203,7 +203,15 @@ private function startAuthentication(Request $request, AuthenticationException $`
`203`	`203`	`}`
`204`	`204`	`}`
`205`	`205`
`206`		`- return $this->authenticationEntryPoint->start($request, $authException);`
	`206`	`+ $response = $this->authenticationEntryPoint->start($request, $authException);`
	`207`	`+`
	`208`	`+ if (!$response instanceof Response) {`
	`209`	`+ $given = is_object($response) ? get_class($response) : gettype($response);`
	`210`	`+`
	`211`	`+ throw new \LogicException(sprintf('The %s::start() method must return a Response object (%s returned)', get_class($this->authenticationEntryPoint), $given));`
	`212`	`+ }`
	`213`	`+`
	`214`	`+ return $response;`
`207`	`215`	`}`
`208`	`216`
`209`	`217`	`/**`