symfony
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
+7-3Lines changed: 7 additions & 3 deletions b/‎src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
+7-3Lines changed: 7 additions & 3 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
+11-2Lines changed: 11 additions & 2 deletions b/‎src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
+11-2Lines changed: 11 additions & 2 deletions
@@ -96,9 +96,13 @@ protected function attemptAuthentication(Request $request)
             }
         }
 
-        $requestBag = $this->options['post_only'] ? $request->request : $request;
-        $username = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['username_parameter']);
-        $password = ParameterBagUtils::getParameterBagValue($requestBag, $this->options['password_parameter']);
+        if ($this->options['post_only']) {
+            $username = ParameterBagUtils::getParameterBagValue($request->request, $this->options['username_parameter']);
+            $password = ParameterBagUtils::getParameterBagValue($request->request, $this->options['password_parameter']);
+        } else {
+            $username = ParameterBagUtils::getRequestParameterValue($request, $this->options['username_parameter']);
+            $password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
+        }
 
         if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
             throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));
 
@@ -77,10 +77,11 @@ public function testHandleWhenUsernameLength($username, $ok)
     }
 
     /**
+     * @dataProvider postOnlyDataProvider
      * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
      * @expectedExceptionMessage The key "_username" must be a string, "array" given.
      */
-    public function testHandleNonStringUsername()
+    public function testHandleNonStringUsername($postOnly)
     {
         $request = Request::create('/login_check', 'POST', array('_username' => array()));
         $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
@@ -93,14 +94,22 @@ public function testHandleNonStringUsername()
             'foo',
             new DefaultAuthenticationSuccessHandler($httpUtils),
             new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
-            array('require_previous_session' => false)
+            array('require_previous_session' => false, 'post_only' => $postOnly)
         );
 
         $event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
 
         $listener->handle($event);
     }
 
+    public function postOnlyDataProvider()
+    {
+        return array(
+            array(true),
+            array(false),
+        );
+    }
+
     public function getUsernameForLength()
     {
         return array(