Revert "Revert "Merge branch 'superdweebie-rand-bugfix'""

This reverts commit b0ae4689135d62555cf9bbe55cdd7dddcd2d8f05 in order to allow
forward-porting fixes to develop.

Conflicts:
	library/Zend/ModuleManager/ModuleEvent.php

src/Adapter/Http.php

@@ -336,11 +336,11 @@ public function authenticate()
 
         $headers = $this->request->getHeaders();
         if (!$headers->has($getHeader)) {
-            return $this->_challengeClient();
+            return $this->challengeClient();
         }
         $authHeader = $headers->get($getHeader)->getFieldValue();
         if (!$authHeader) {
-            return $this->_challengeClient();
+            return $this->challengeClient();
         }
 
         list($clientScheme) = explode(' ', $authHeader);
@@ -360,7 +360,7 @@ public function authenticate()
         // client sent a scheme that is not the one required
         if (!in_array($clientScheme, $this->acceptSchemes)) {
             // challenge again the client
-            return $this->_challengeClient();
+            return $this->challengeClient();
         }
 
         switch ($clientScheme) {
@@ -377,6 +377,23 @@ public function authenticate()
         return $result;
     }
 
+    /**
+     * @deprecated
+     * @see Http::challengeClient()
+     * @return Authentication\Result Always returns a non-identity Auth result
+     */
+    protected function _challengeClient()
+    {
+        trigger_error(sprintf(
+            'The method "%s" is deprecated and will be removed in the future; '
+            . 'please use the public method "%s::challengeClient()" instead',
+            __METHOD__,
+            __CLASS__
+        ), E_USER_DEPRECATED);
+
+        return $this->challengeClient();
+    }
+
     /**
      * Challenge Client
      *
@@ -385,7 +402,7 @@ public function authenticate()
      *
      * @return Authentication\Result Always returns a non-identity Auth result
      */
-    protected function _challengeClient()
+    public function challengeClient()
     {
         if ($this->imaProxy) {
             $statusCode = 407;
@@ -474,12 +491,12 @@ protected function _basicAuth($header)
         // implementation does. If invalid credentials are detected,
         // re-challenge the client.
         if (!ctype_print($auth)) {
-            return $this->_challengeClient();
+            return $this->challengeClient();
         }
         // Fix for ZF-1515: Now re-challenges on empty username or password
         $creds = array_filter(explode(':', $auth));
         if (count($creds) != 2) {
-            return $this->_challengeClient();
+            return $this->challengeClient();
         }
 
         $result = $this->basicResolver->resolve($creds[0], $this->realm, $creds[1]);
@@ -498,7 +515,7 @@ protected function _basicAuth($header)
             return new Authentication\Result(Authentication\Result::SUCCESS, $result);
         }
 
-        return $this->_challengeClient();
+        return $this->challengeClient();
     }
 
     /**
@@ -530,17 +547,17 @@ protected function _digestAuth($header)
         // See ZF-1052. This code was a bit too unforgiving of invalid
         // usernames. Now, if the username is bad, we re-challenge the client.
         if ('::invalid::' == $data['username']) {
-            return $this->_challengeClient();
+            return $this->challengeClient();
         }
 
         // Verify that the client sent back the same nonce
         if ($this->_calcNonce() != $data['nonce']) {
-            return $this->_challengeClient();
+            return $this->challengeClient();
         }
         // The opaque value is also required to match, but of course IE doesn't
         // play ball.
         if (!$this->ieNoOpaque && $this->_calcOpaque() != $data['opaque']) {
-            return $this->_challengeClient();
+            return $this->challengeClient();
         }
 
         // Look up the user's password hash. If not found, deny access.
@@ -549,7 +566,7 @@ protected function _digestAuth($header)
         // to be recreatable with the current settings of this object.
         $ha1 = $this->digestResolver->resolve($data['username'], $data['realm']);
         if ($ha1 === false) {
-            return $this->_challengeClient();
+            return $this->challengeClient();
         }
 
         // If MD5-sess is used, a1 value is made of the user's password
@@ -588,7 +605,7 @@ protected function _digestAuth($header)
             return new Authentication\Result(Authentication\Result::SUCCESS, $identity);
         }
 
-        return $this->_challengeClient();
+        return $this->challengeClient();
     }
 
     /**

test/Adapter/HttpTest.php

@@ -0,0 +1,52 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ * @package   Zend_Authentication
+ */
+
+namespace ZendTest\Authentication\Adapter;
+
+use Zend\Authentication\Adapter;
+
+class HttpTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var Wrapper
+     */
+    protected $_wrapper;
+
+    public function setUp()
+    {
+        $config = array(
+            'accept_schemes' => 'basic',
+            'realm'          => 'testing',
+        );
+
+        $this->_wrapper = new Wrapper($config);
+    }
+
+    public function tearDown()
+    {
+        unset($this->_wrapper);
+    }
+
+    /**
+     * @expectedException PHPUnit_Framework_Error_Deprecated
+     */
+    public function testProtectedMethodChallengeClientTriggersErrorDeprecated()
+    {
+        $this->_wrapper->_challengeClient();
+    }
+}
+
+class Wrapper extends Adapter\Http
+{
+    public function __call($method, $args)
+    {
+        return call_user_func_array(array($this, $method), $args);
+    }
+}