From b5597e8209a4d906383b192062eb5402f53213a2 Mon Sep 17 00:00:00 2001
From: Gunnar Lium <gunnar@aptoma.com>
Date: Mon, 4 Feb 2013 10:27:49 +0100
Subject: [PATCH] [Security] Return 401 when using use_forward for form
 authentication

---
 src/Symfony/Component/Security/CHANGELOG.md                | 1 +
 .../Http/EntryPoint/FormAuthenticationEntryPoint.php       | 7 ++++++-
 .../Http/EntryPoint/FormAuthenticationEntryPointTest.php   | 7 +++++--
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
index 7ce1a4318a..e29de9f794 100644
--- a/src/Symfony/Component/Security/CHANGELOG.md
+++ b/src/Symfony/Component/Security/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 2.3.0
 -----
 
+ * [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication
  * added a `require_previous_session` option to `AbstractAuthenticationListener`
 
 2.2.0
diff --git a/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php b/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
index 2170e9ede7..3eaae820c3 100644
--- a/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
+++ b/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
@@ -53,7 +53,12 @@ class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface
         if ($this->useForward) {
             $subRequest = $this->httpUtils->createRequest($request, $this->loginPath);
 
-            return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+            $response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+            if (200 === $response->getStatusCode()) {
+                $response->headers->set('X-Status-Code', 401);
+            }
+
+            return $response;
         }
 
         return $this->httpUtils->createRedirectResponse($request, $this->loginPath);
diff --git a/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php b/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
index 1cf2c2d21a..cbec1bdd63 100644
--- a/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
+++ b/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
@@ -50,7 +50,7 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase
     {
         $request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
         $subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
-        $response = $this->getMock('Symfony\Component\HttpFoundation\Response');
+        $response = new \Symfony\Component\HttpFoundation\Response('', 200);
 
         $httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils');
         $httpUtils
@@ -70,6 +70,9 @@ class FormAuthenticationEntryPointTest extends \PHPUnit_Framework_TestCase
 
         $entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true);
 
-        $this->assertEquals($response, $entryPoint->start($request));
+        $entryPointResponse = $entryPoint->start($request);
+
+        $this->assertEquals($response, $entryPointResponse);
+        $this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code'));
     }
 }