[SecurityBundle] fix(security): user login programmatically with dedi…

…cated user checker on a firewall

src/Symfony/Bundle/SecurityBundle/Resources/config/security.php

@@ -88,7 +88,7 @@
                     'security.authenticator.managers_locator' => service('security.authenticator.managers_locator')->ignoreOnInvalid(),
                     'request_stack' => service('request_stack'),
                     'security.firewall.map' => service('security.firewall.map'),
-                    'security.user_checker' => service('security.user_checker'),
+                    'event_dispatcher' => service('event_dispatcher'),
                     'security.firewall.event_dispatcher_locator' => service('security.firewall.event_dispatcher_locator'),
                     'security.csrf.token_manager' => service('security.csrf.token_manager')->ignoreOnInvalid(),
                 ]),

src/Symfony/Bundle/SecurityBundle/Security.php

@@ -18,6 +18,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\Event\ProgrammaticLoginEvent;
 use Symfony\Component\Security\Core\Exception\LogicException;
 use Symfony\Component\Security\Core\Exception\LogoutException;
 use Symfony\Component\Security\Core\Security as LegacySecurity;
@@ -127,7 +128,7 @@ public function login(UserInterface $user, ?string $authenticatorName = null, ?s
 
         $authenticator = $this->getAuthenticator($authenticatorName, $firewallName);
 
-        $this->container->get('security.user_checker')->checkPreAuth($user);
+        $this->container->get('event_dispatcher')->dispatch(new ProgrammaticLoginEvent($user));
 
         return $this->container->get('security.authenticator.managers_locator')->get($firewallName)->authenticateUser($user, $authenticator, $request, $badges);
     }

src/Symfony/Component/Security/Core/Event/ProgrammaticLoginEvent.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Event;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Contracts\EventDispatcher\Event;
+
+/**
+ * This event is dispatch when login programmatically.
+ *
+ * @internal
+ *
+ * @author Antoine Makdessi <[email protected]>
+ */
+class ProgrammaticLoginEvent extends Event
+{
+    private UserInterface $user;
+
+    public function __construct(UserInterface $user)
+    {
+        $this->user = $user;
+    }
+
+    public function getUser(): UserInterface
+    {
+        return $this->user;
+    }
+}

src/Symfony/Component/Security/Http/EventListener/UserCheckerListener.php

@@ -13,6 +13,7 @@
 
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\Security\Core\Event\AuthenticationSuccessEvent;
+use Symfony\Component\Security\Core\Event\ProgrammaticLoginEvent;
 use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PreAuthenticatedUserBadge;
@@ -52,11 +53,17 @@ public function postCheckCredentials(AuthenticationSuccessEvent $event): void
         $this->userChecker->checkPostAuth($user);
     }
 
+    public function onProgrammaticLoginEvent(ProgrammaticLoginEvent $event): void
+    {
+        $this->userChecker->checkPreAuth($event->getUser());
+    }
+
     public static function getSubscribedEvents(): array
     {
         return [
             CheckPassportEvent::class => ['preCheckCredentials', 256],
             AuthenticationSuccessEvent::class => ['postCheckCredentials', 256],
+            ProgrammaticLoginEvent::class => ['onProgrammaticLoginEvent', 256],
         ];
     }
 }