Updating the error message of an AuthenticationEntryPointInterface returns a non-Response object

src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

@@ -203,7 +203,15 @@ class ExceptionListener
             }
         }
 
-        return $this->authenticationEntryPoint->start($request, $authException);
+        $response = $this->authenticationEntryPoint->start($request, $authException);
+
+        if (!$response instanceof Response) {
+            $given = is_object($response) ? get_class($response) : gettype($response);
+
+            throw new \LogicException(sprintf('The %s::start() method must return a Response object (%s returned)', get_class($this->authenticationEntryPoint), $given));
+        }
+
+        return $response;
     }
 
     /**

src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php

@@ -65,6 +65,20 @@ class ExceptionListenerTest extends \PHPUnit_Framework_TestCase
         );
     }
 
+    public function testExceptionWhenEntryPointReturnsBadValue()
+    {
+        $event = $this->createEvent(new AuthenticationException());
+
+        $entryPoint = $this->getMock('Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface');
+        $entryPoint->expects($this->once())->method('start')->will($this->returnValue('NOT A RESPONSE'));
+
+        $listener = $this->createExceptionListener(null, null, null, $entryPoint);
+        $listener->onKernelException($event);
+        // the exception has been replaced by our LogicException
+        $this->assertInstanceOf('LogicException', $event->getException());
+        $this->assertStringEndsWith('start() method must return a Response object (string returned)', $event->getException()->getMessage());
+    }
+
     /**
      * @dataProvider getAccessDeniedExceptionProvider
      */