From 743692c3fd9e6115d8efb910025eaa29f21066ca Mon Sep 17 00:00:00 2001
From: Valentin <udaltsov.valentin@gmail.com>
Date: Sat, 10 Mar 2018 22:15:45 +0300
Subject: [PATCH] AuthenticationUtils::getLastUsername()` now always returns a
 string.

---
 UPGRADE-4.1.md                                                | 1 +
 src/Symfony/Component/Security/CHANGELOG.md                   | 1 +
 .../Security/Http/Authentication/AuthenticationUtils.php      | 4 ++--
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/UPGRADE-4.1.md b/UPGRADE-4.1.md
index d76e3a3796..dd48fff350 100644
--- a/UPGRADE-4.1.md
+++ b/UPGRADE-4.1.md
@@ -65,6 +65,7 @@ Security
  * Using the `AdvancedUserInterface` is now deprecated. To use the existing
    functionality, create a custom user-checker based on the
    `Symfony\Component\Security\Core\User\UserChecker`.
+ * `AuthenticationUtils::getLastUsername()` now always returns a string.
 
 SecurityBundle
 --------------
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
index 717d525f0b..ec33a7af97 100644
--- a/src/Symfony/Component/Security/CHANGELOG.md
+++ b/src/Symfony/Component/Security/CHANGELOG.md
@@ -9,6 +9,7 @@ CHANGELOG
  * Using the AdvancedUserInterface is now deprecated. To use the existing
    functionality, create a custom user-checker based on the
    `Symfony\Component\Security\Core\User\UserChecker`.
+ * `AuthenticationUtils::getLastUsername()` now always returns a string.
 
 4.0.0
 -----
diff --git a/src/Symfony/Component/Security/Http/Authentication/AuthenticationUtils.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticationUtils.php
index ba886373e9..fbdc0bc5eb 100644
--- a/src/Symfony/Component/Security/Http/Authentication/AuthenticationUtils.php
+++ b/src/Symfony/Component/Security/Http/Authentication/AuthenticationUtils.php
@@ -62,12 +62,12 @@ class AuthenticationUtils
         $request = $this->getRequest();
 
         if ($request->attributes->has(Security::LAST_USERNAME)) {
-            return $request->attributes->get(Security::LAST_USERNAME);
+            return $request->attributes->get(Security::LAST_USERNAME, '');
         }
 
         $session = $request->getSession();
 
-        return null === $session ? '' : $session->get(Security::LAST_USERNAME);
+        return null === $session ? '' : $session->get(Security::LAST_USERNAME, '');
     }
 
     /**