security-bundle 5.1.1 does not work with "enable_authenticator_manager: true" #37254
Description
Symfony version(s) affected: 5.1.1
Description
Just update one of my Symfony 5.1.0 website to 5.1.1 and get the following exception.
Any of the followings will make the exception disappear:
- Downgrade
security-bundleto 5.1.0 - Disable
enable_authenticator_manager - Disable
csrf_protection
TypeError:
Argument 1 passed to Symfony\Component\Security\Http\EventListener\CsrfProtectionListener::__construct() must implement interface Symfony\Component\Security\Csrf\CsrfTokenManagerInterface, instance of Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage given, called in C:\Users\Username\Desktop\my_project\var\cache\dev\Container6bbLKMb\getSecurity_Listener_CsrfProtectionService.php on line 22
at C:\Users\Username\Desktop\my_project\vendor\symfony\security-http\EventListener\CsrfProtectionListener.php:31
at Symfony\Component\Security\Http\EventListener\CsrfProtectionListener->__construct(object(SessionTokenStorage))
(C:\Users\Username\Desktop\my_project\var\cache\dev\Container6bbLKMb\getSecurity_Listener_CsrfProtectionService.php:22)
at Container6bbLKMb\getSecurity_Listener_CsrfProtectionService::do(object(App_KernelDevDebugContainer), true)
(C:\Users\Username\Desktop\my_project\var\cache\dev\Container6bbLKMb\App_KernelDevDebugContainer.php:438)
at Container6bbLKMb\App_KernelDevDebugContainer->load('getSecurity_Listener_CsrfProtectionService.php')
(C:\Users\Username\Desktop\my_project\var\cache\dev\Container6bbLKMb\App_KernelDevDebugContainer.php:735)
at Container6bbLKMb\App_KernelDevDebugContainer->Container6bbLKMb\{closure}()
(C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\EventDispatcher.php:245)
at Symfony\Component\EventDispatcher\EventDispatcher->sortListeners('Symfony\\Component\\Security\\Http\\Event\\CheckPassportEvent')
(C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\EventDispatcher.php:84)
at Symfony\Component\EventDispatcher\EventDispatcher->getListeners('Symfony\\Component\\Security\\Http\\Event\\CheckPassportEvent')
(C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\Debug\TraceableEventDispatcher.php:99)
at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->getListeners()
(C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\Debug\TraceableEventDispatcher.php:195)
at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->getNotCalledListeners(null)
(C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\DataCollector\EventDataCollector.php:66)
at Symfony\Component\HttpKernel\DataCollector\EventDataCollector->lateCollect()
(C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\Profiler\Profiler.php:97)
at Symfony\Component\HttpKernel\Profiler\Profiler->saveProfile(object(Profile))
(C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\EventListener\ProfilerListener.php:112)
at Symfony\Component\HttpKernel\EventListener\ProfilerListener->onKernelTerminate(object(TerminateEvent), 'kernel.terminate', object(TraceableEventDispatcher))
(C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\Debug\WrappedListener.php:117)
at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object(TerminateEvent), 'kernel.terminate', object(TraceableEventDispatcher))
(C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\EventDispatcher.php:230)
at Symfony\Component\EventDispatcher\EventDispatcher->callListeners(array(object(WrappedListener)), 'kernel.terminate', object(TerminateEvent))
(C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\EventDispatcher.php:59)
at Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object(TerminateEvent), 'kernel.terminate')
(C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\Debug\TraceableEventDispatcher.php:151)
at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object(TerminateEvent), 'kernel.terminate')
(C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\HttpKernel.php:99)
at Symfony\Component\HttpKernel\HttpKernel->terminate(object(Request), object(Response))
(C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\Kernel.php:161)
at Symfony\Component\HttpKernel\Kernel->terminate(object(Request), object(Response))
(C:\Users\Username\Desktop\my_project\public\index.php:30)
How to reproduce
If a repo is preferred, https://git.io/JfHB6 but it's easy to reproduce it from a fresh state.
- Create new project:
symfony new my_project --full - Add a default controller. Create
src/Controller/DefaultController.php
<?php
declare(strict_types=1);
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
final class DefaultController extends AbstractController
{
/**
* @Route("/", name="index", methods="GET")
*/
public function indexAction(Request $request): Response
{
return $this->render('base.html.twig');
}
}- Enable
enable_authenticator_managerinconfig/packages/security.yaml
@@ -1,4 +1,6 @@
security:
+ enable_authenticator_manager: true
+
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
users_in_memory: { memory: null }
@@ -7,9 +9,10 @@ security:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
- anonymous: true
lazy: true
provider: users_in_memory
+ http_basic:
+ realm: Secured Area
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication- Visit the index page.