minor #7065 Fix Authenticator Class (getCredentials) example (thtroyer)

xabbuh · xabbuh · commit 8194fb21389f · 2017-05-17T09:21:06.000+02:00
This PR was submitted for the 3.1 branch but it was merged into the 2.8 branch instead (closes #7065). Discussion ---------- Fix Authenticator Class (getCredentials) example The current wording surrounding the getCredentials is misleading. Returning null does stop authentication, but it causes authentication to be successful. The example implies that X-AUTH-TOKEN is required and should be correct. For this behavior, either an AuthenticationException should be thrown or the credential variables should be initialized as empty and passed on to getUser(). Commits ------- 52d56f4 Fix Authenticator Class (getCredentials) example
diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
@@ -165,14 +165,15 @@ This requires you to implement six methods::
     class TokenAuthenticator extends AbstractGuardAuthenticator
     {
         /**
-         * Called on every request. Return whatever credentials you want,
-         * or null to stop authentication.
+         * Called on every request. Return whatever credentials you want to
+         * be passed to getUser(). Returning null will cause this authenticator
+         * to be skipped.
          */
         public function getCredentials(Request $request)
         {
             if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
-                // no token? Return null and no other methods will be called
-                return;
+                // No token?
+                $token = null;
             }
 
             // What you return here will be passed to getUser() as $credentials

Original file line number	Diff line number	Diff line change
`@@ -165,14 +165,15 @@ This requires you to implement six methods::`
`165`	`165`	`class TokenAuthenticator extends AbstractGuardAuthenticator`
`166`	`166`	`{`
`167`	`167`	`/**`
`168`		`- * Called on every request. Return whatever credentials you want,`
`169`		`- * or null to stop authentication.`
	`168`	`+ * Called on every request. Return whatever credentials you want to`
	`169`	`+ * be passed to getUser(). Returning null will cause this authenticator`
	`170`	`+ * to be skipped.`
`170`	`171`	`*/`
`171`	`172`	`public function getCredentials(Request $request)`
`172`	`173`	`{`
`173`	`174`	`if (!$token = $request->headers->get('X-AUTH-TOKEN')) {`
`174`		`- // no token? Return null and no other methods will be called`
`175`		`- return;`
	`175`	`+ // No token?`
	`176`	`+ $token = null;`
`176`	`177`	`}`
`177`	`178`
`178`	`179`	`// What you return here will be passed to getUser() as $credentials`