LaminasAuthenticationFactory does not detect empty redirect URL as missing

[InvisibleSmiley]

Bug Report

Q	A
Version(s)	1.3.0

Summary

The LaminasAuthenticationFactory only throws an exception if the "redirect" config key is missing, but the ConfigProvider initialized it with an empty string.

Current behavior

No exception if the "redirect" key is not associated with an actual URL (or at least a non-empty string).
Hence, a redirect loop happens in case LaminasAuthentication::unauthorizedResponse is triggered.

How to reproduce

1. Add this lib to a Mezzio project without setting/overriding the "redirect" config key.
2. Somehow trigger LaminasAuthentication::unauthorizedResponse

Expected behavior

If a Mezzio project does not set/override the "redirect" config key, I expect an exception instead of a redirect loop as a result of missing/incomplete config.

Technically, either the ConfigProvider should not specify the key, or the LaminasAuthenticationFactory should check that the config value is non-empty.

[froschdesign]

@InvisibleSmiley
Good catch! 👍

…the LaminasAuthenticationFactory should check that the config value is non-empty.

Can you create a pull request to fix the problem? (Use the branch of the current stable release: 1.3.x)

Webmozart Assert is often used for check like this. Compare with other components like mezzio-authentication.