Merge branch '4.4'

* 4.4: (23 commits)
  [HttpFoundation] fix docblock
  [HttpKernel] Flatten "exception" controller argument if not typed
  Fix MySQL column type definition.
  Link the right file depending on the new version
  [Cache] Redis Tag Aware warn on wrong eviction policy
  [HttpClient] fix HttpClientDataCollector
  [HttpKernel] collect bundle classes, not paths
  [Config] fix id-generation for GlobResource
  [HttpKernel] dont check cache freshness more than once per process
  [Finder] Allow ssh2 stream wrapper for sftp
  [FrameworkBundle] fix wiring of httplug client
  add FrameworkBundle requirement
  [SecurityBundle] add tests with empty authenticator
  [Security] always check the token on non-lazy firewalls
  [DI] Use reproducible entropy to generate env placeholders
  [WebProfilerBundle] Require symfony/twig-bundle
  [Mailer] Add UPGRADE entry about the null transport DSN
  bumped Symfony version to 4.3.9
  updated VERSION for 4.3.8
  updated CHANGELOG for 4.3.8
  ...

Author: nicolas-grekas

Firewall/AccessListener.php

@@ -18,6 +18,7 @@
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
 use Symfony\Component\Security\Http\AccessMapInterface;
+use Symfony\Component\Security\Http\Event\LazyResponseEvent;
 
 /**
  * AccessListener enforces access control rules.
@@ -49,6 +50,10 @@ public function __construct(TokenStorageInterface $tokenStorage, AccessDecisionM
      */
     public function __invoke(RequestEvent $event)
     {
+        if (!$event instanceof LazyResponseEvent && null === $token = $this->tokenStorage->getToken()) {
+            throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
+        }
+
         $request = $event->getRequest();
 
         list($attributes) = $this->map->getPatterns($request);
@@ -57,7 +62,7 @@ public function __invoke(RequestEvent $event)
             return;
         }
 
-        if (null === $token = $this->tokenStorage->getToken()) {
+        if ($event instanceof LazyResponseEvent && null === $token = $this->tokenStorage->getToken()) {
             throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
         }
 

Tests/Firewall/AccessListenerTest.php

@@ -18,6 +18,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
 use Symfony\Component\Security\Http\AccessMapInterface;
+use Symfony\Component\Security\Http\Event\LazyResponseEvent;
 use Symfony\Component\Security\Http\Firewall\AccessListener;
 
 class AccessListenerTest extends TestCase
@@ -219,7 +220,7 @@ public function testHandleWhenAccessMapReturnsEmptyAttributes()
             ->willReturn($request)
         ;
 
-        $listener($event);
+        $listener(new LazyResponseEvent($event));
     }
 
     public function testHandleWhenTheSecurityTokenStorageHasNoToken()