From d63f59036c57014ee91099733e42b8d73c46fc9d Mon Sep 17 00:00:00 2001
From: Wouter de Jong <wouter@wouterj.nl>
Date: Sat, 20 Jun 2020 11:38:46 +0200
Subject: [PATCH] Fix UserCheckerListener registration with custom user
 checkers

---
 .../DependencyInjection/SecurityExtension.php |  6 +++
 .../config/security_authenticator.xml         |  5 +-
 .../SecurityExtensionTest.php                 | 50 +++++++++++++++++--
 3 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
index 35cc7b1b4d912..b1957efe3d207 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -478,6 +478,12 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
                 ->replaceArgument(0, new Reference($managerId))
             ;
 
+            // user checker listener
+            $container
+                ->setDefinition('security.listener.user_checker.'.$id, new ChildDefinition('security.listener.user_checker'))
+                ->replaceArgument(0, new Reference('security.user_checker.'.$id))
+                ->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
+
             $listeners[] = new Reference('security.firewall.authenticator.'.$id);
         }
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml
index 65bc755941691..98936b87ff431 100644
--- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.xml
@@ -54,9 +54,8 @@
             <argument type="service" id="security.encoder_factory" />
         </service>
 
-        <service id="security.listener.user_checker" class="Symfony\Component\Security\Http\EventListener\UserCheckerListener">
-            <tag name="kernel.event_subscriber" />
-            <argument type="service" id="Symfony\Component\Security\Core\User\UserCheckerInterface" />
+        <service id="security.listener.user_checker" class="Symfony\Component\Security\Http\EventListener\UserCheckerListener" abstract="true">
+            <argument type="abstract">user checker</argument>
         </service>
 
         <service id="security.listener.session"
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
index b2595dc4346c1..06460993f85c1 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -27,6 +27,8 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserChecker;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface;
@@ -509,7 +511,7 @@ public function provideEntryPointRequiredData()
         ];
     }
 
-    public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticationManager()
+    public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticatorManager()
     {
         $this->expectException(InvalidConfigurationException::class);
         $this->expectExceptionMessage('The security option "always_authenticate_before_granting" cannot be used when "enable_authenticator_manager" is set to true. If you rely on this behavior, set it to false.');
@@ -559,7 +561,7 @@ public function provideConfigureCustomAuthenticatorData()
         ];
     }
 
-    public function testCompilesWithoutSessionListenerWithStatelessFirewallWithAuthenticationManager()
+    public function testCompilesWithoutSessionListenerWithStatelessFirewallWithAuthenticatorManager()
     {
         $container = $this->getRawContainer();
 
@@ -580,7 +582,7 @@ public function testCompilesWithoutSessionListenerWithStatelessFirewallWithAuthe
         $this->assertFalse($container->has('security.listener.session.'.$firewallId));
     }
 
-    public function testCompilesWithSessionListenerWithStatefulllFirewallWithAuthenticationManager()
+    public function testCompilesWithSessionListenerWithStatefulllFirewallWithAuthenticatorManager()
     {
         $container = $this->getRawContainer();
 
@@ -601,6 +603,37 @@ public function testCompilesWithSessionListenerWithStatefulllFirewallWithAuthent
         $this->assertTrue($container->has('security.listener.session.'.$firewallId));
     }
 
+    /**
+     * @dataProvider provideUserCheckerConfig
+     */
+    public function testUserCheckerWithAuthenticatorManager(array $config, string $expectedUserCheckerClass)
+    {
+        $container = $this->getRawContainer();
+        $container->register(TestUserChecker::class);
+
+        $container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => [
+                'main' => array_merge([
+                    'pattern' => '/.*',
+                    'http_basic' => true,
+                ], $config),
+            ],
+        ]);
+
+        $container->compile();
+
+        $userCheckerId = (string) $container->getDefinition('security.listener.user_checker.main')->getArgument(0);
+        $this->assertTrue($container->has($userCheckerId));
+        $this->assertEquals($expectedUserCheckerClass, $container->findDefinition($userCheckerId)->getClass());
+    }
+
+    public function provideUserCheckerConfig()
+    {
+        yield [[], UserChecker::class];
+        yield [['user_checker' => TestUserChecker::class], TestUserChecker::class];
+    }
+
     protected function getRawContainer()
     {
         $container = new ContainerBuilder();
@@ -689,3 +722,14 @@ public function supportsRememberMe()
     {
     }
 }
+
+class TestUserChecker implements UserCheckerInterface
+{
+    public function checkPreAuth(UserInterface $user)
+    {
+    }
+
+    public function checkPostAuth(UserInterface $user)
+    {
+    }
+}

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/37366.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/37366.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/37366.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/37366.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>