From 234d537c5b2f8afdd903bfbf969b551d51b80711 Mon Sep 17 00:00:00 2001
From: Tom Troyer <tom.troyer@gmail.com>
Date: Tue, 18 Oct 2016 23:43:42 +0000
Subject: [PATCH 1/5] Fix Authenticator Class (getCredentials) example

The current wording surrounding the getCredentials is misleading.  Returning null does stop authentication, but it causes authentication to be successful.  The example implies that X-AUTH-TOKEN is required and should be correct.  For this behavior, either an AuthenticationException should be thrown or the credential variables should be initialized as empty and passed on to getUser().
---
 security/guard_authentication.rst | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
index 847479c371f..d785e221605 100644
--- a/security/guard_authentication.rst
+++ b/security/guard_authentication.rst
@@ -164,14 +164,16 @@ This requires you to implement six methods::
     class TokenAuthenticator extends AbstractGuardAuthenticator
     {
         /**
-         * Called on every request. Return whatever credentials you want,
-         * or null to stop authentication.
+         * Called on every request. Return whatever credentials you want, which
+         * will be passed to getUser().  Returning null skips all other authentication
+         * steps.  Throwing an AuthenticationException will cause authentication to fail, 
+         * calling onAuthenticationFailure().
          */
         public function getCredentials(Request $request)
         {
             if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
-                // no token? Return null and no other methods will be called
-                return;
+                // No token?  Cause authentication to fail.
+                throw new AuthenticationException();
             }
 
             // What you return here will be passed to getUser() as $credentials

From a5832a2f7a8b5ae12c43242fe5b1b7d866647440 Mon Sep 17 00:00:00 2001
From: Tom Troyer <tom.troyer@gmail.com>
Date: Mon, 31 Oct 2016 00:04:19 +0000
Subject: [PATCH 2/5] Authenticator class example - adjusting solution.

---
 security/guard_authentication.rst | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
index d785e221605..1e25ec5d86d 100644
--- a/security/guard_authentication.rst
+++ b/security/guard_authentication.rst
@@ -164,16 +164,15 @@ This requires you to implement six methods::
     class TokenAuthenticator extends AbstractGuardAuthenticator
     {
         /**
-         * Called on every request. Return whatever credentials you want, which
-         * will be passed to getUser().  Returning null skips all other authentication
-         * steps.  Throwing an AuthenticationException will cause authentication to fail, 
-         * calling onAuthenticationFailure().
+         * Called on every request. Return whatever credentials you want to
+         * be passed to getUser().  Returning null will cause authentication
+         * to be successful, skipping the rest of the authentication process.
          */
         public function getCredentials(Request $request)
         {
             if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
-                // No token?  Cause authentication to fail.
-                throw new AuthenticationException();
+                // No token?
+                $token = null;
             }
 
             // What you return here will be passed to getUser() as $credentials

From df4266e0ac34bb97719a7baba3e39632b50a03cd Mon Sep 17 00:00:00 2001
From: Tom Troyer <tom.troyer@gmail.com>
Date: Wed, 9 Nov 2016 00:03:57 +0000
Subject: [PATCH 3/5] Authenticator class example - fixing comment

---
 security/guard_authentication.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
index 1e25ec5d86d..151ca8a0b99 100644
--- a/security/guard_authentication.rst
+++ b/security/guard_authentication.rst
@@ -165,14 +165,14 @@ This requires you to implement six methods::
     {
         /**
          * Called on every request. Return whatever credentials you want to
-         * be passed to getUser().  Returning null will cause authentication
-         * to be successful, skipping the rest of the authentication process.
+         * be passed to getUser().  Returning null will cause this authenticator
+         * to be skipped.
          */
         public function getCredentials(Request $request)
         {
             if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
-                // No token?
-                $token = null;
+                // No token? 
+                $token = '';
             }
 
             // What you return here will be passed to getUser() as $credentials

From 90de243b905e119940bed679bb741577641375df Mon Sep 17 00:00:00 2001
From: Tom Troyer <tom.troyer@gmail.com>
Date: Wed, 9 Nov 2016 00:12:26 +0000
Subject: [PATCH 4/5] Authenticator class example - adjusting solution from
 feedback

---
 security/guard_authentication.rst | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
index 151ca8a0b99..f3e5338269c 100644
--- a/security/guard_authentication.rst
+++ b/security/guard_authentication.rst
@@ -171,8 +171,11 @@ This requires you to implement six methods::
         public function getCredentials(Request $request)
         {
             if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
-                // No token? 
-                $token = '';
+                // No token?
+                // Throwing an exception will cause authentication
+                //   to fail and prevent other authenticators from
+                //   attempting to authenticate.
+                throw new AuthenticationException('No token provided.');
             }
 
             // What you return here will be passed to getUser() as $credentials

From ebb81536cb140a476bb37f005d08a3eda579fe88 Mon Sep 17 00:00:00 2001
From: Tom Troyer <tom.troyer@gmail.com>
Date: Mon, 28 Nov 2016 00:44:26 +0000
Subject: [PATCH 5/5] Authenticator class example - adjusting solution from
 feedback.

---
 security/guard_authentication.rst | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
index f3e5338269c..ed7d84e2b89 100644
--- a/security/guard_authentication.rst
+++ b/security/guard_authentication.rst
@@ -165,17 +165,14 @@ This requires you to implement six methods::
     {
         /**
          * Called on every request. Return whatever credentials you want to
-         * be passed to getUser().  Returning null will cause this authenticator
+         * be passed to getUser(). Returning null will cause this authenticator
          * to be skipped.
          */
         public function getCredentials(Request $request)
         {
             if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
                 // No token?
-                // Throwing an exception will cause authentication
-                //   to fail and prevent other authenticators from
-                //   attempting to authenticate.
-                throw new AuthenticationException('No token provided.');
+                $token = null;
             }
 
             // What you return here will be passed to getUser() as $credentials