Merge branch '3.4' into 4.1

javiereguiluz · javiereguiluz · commit df3dd4aeb37b · 2018-10-19T08:37:06.000+02:00
* 3.4:
  Fixing bad logic, caused by merge originally
  Mentioned user_checkers in the main security config reference
  If multiple guard authenticators have different providers, link to the details on chaining providers together.
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -490,6 +490,15 @@ multiple firewalls, the "context" could actually be shared:
     ignored and you won't be able to authenticate on multiple firewalls at the
     same time.
 
+User Checkers
+-------------
+
+During the authentication of a user, additional checks might be required to
+verify if the identified user is allowed to log in. Each firewall can include
+a ``user_checker`` option to define the service used to perform those checks.
+
+Learn more about user checkers in :doc:`/security/user_checkers`.
+
 .. _`PBKDF2`: https://en.wikipedia.org/wiki/PBKDF2
 .. _`ircmaxell/password-compat`: https://packagist.org/packages/ircmaxell/password-compat
 .. _`libsodium`: https://pecl.php.net/package/libsodium
diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
@@ -438,10 +438,8 @@ can ignore this. Here is an example of good and bad behavior::
 
     public function supports(Request $request)
     {
-        // GOOD behavior: only authenticate on a specific route
-        if ($request->attributes->get('_route') !== 'login_route' || !$request->isMethod('POST')) {
-            return true;
-        }
+        // GOOD behavior: only authenticate (i.e. return true) on a specific route
+        return 'login_route' === $request->attributes->get('_route') && $request->isMethod('POST');
 
         // e.g. your login system authenticates by the user's IP address
         // BAD behavior: So, you decide to *always* return true so that
diff --git a/security/multiple_guard_authenticators.rst b/security/multiple_guard_authenticators.rst
@@ -78,6 +78,9 @@ This is how your security configuration can look in action:
             ),
         ));
 
+If your authenticators need separate providers, you will need to create a 
+:doc:`chain of user providers </security/multiple_user_providers>`.
+
 There is one limitation with this approach - you have to use exactly one entry point.
 
 Multiple Authenticators with Separate Entry Points
