conditionally register user checker FQCN alias

Author: xabbuh

DependencyInjection/SecurityExtension.php

@@ -245,10 +245,16 @@ private function createFirewalls($config, ContainerBuilder $container)
         $arguments[1] = $userProviders;
         $definition->setArguments($arguments);
 
+        $customUserChecker = false;
+
         // load firewall map
         $mapDef = $container->getDefinition('security.firewall.map');
         $map = $authenticationProviders = $contextRefs = array();
         foreach ($firewalls as $name => $firewall) {
+            if (isset($firewall['user_checker']) && 'security.user_checker' !== $firewall['user_checker']) {
+                $customUserChecker = true;
+            }
+
             $configId = 'security.firewall.map.config.'.$name;
 
             list($matcher, $listeners, $exceptionListener) = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);
@@ -275,6 +281,11 @@ private function createFirewalls($config, ContainerBuilder $container)
             ->getDefinition('security.authentication.manager')
             ->replaceArgument(0, new IteratorArgument($authenticationProviders))
         ;
+
+        // register an autowire alias for the UserCheckerInterface if no custom user checker service is configured
+        if (!$customUserChecker) {
+            $container->setAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', new Alias('security.user_checker', false));
+        }
     }
 
     private function createFirewall(ContainerBuilder $container, $id, $firewall, &$authenticationProviders, $providerIds, $configId)

Tests/DependencyInjection/CompleteConfigurationTest.php

@@ -172,6 +172,8 @@ public function testFirewalls()
                 'security.access_listener',
             ),
         ), $listeners);
+
+        $this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered'));
     }
 
     public function testFirewallRequestMatchers()
@@ -200,6 +202,14 @@ public function testFirewallRequestMatchers()
         ), $matchers);
     }
 
+    public function testUserCheckerAliasIsRegistered()
+    {
+        $container = $this->getContainer('no_custom_user_checker');
+
+        $this->assertTrue($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'Alias for user checker is registered when no custom user checker service is registered'));
+        $this->assertFalse($container->getAlias('Symfony\Component\Security\Core\User\UserCheckerInterface')->isPublic());
+    }
+
     public function testAccess()
     {
         $container = $this->getContainer('container1');

Tests/DependencyInjection/Fixtures/php/no_custom_user_checker.php

@@ -0,0 +1,28 @@
+<?php
+
+$container->loadFromExtension('security', array(
+    'providers' => array(
+        'default' => array(
+            'memory' => array(
+                'users' => array(
+                    'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
+                ),
+            ),
+        ),
+    ),
+    'firewalls' => array(
+        'simple' => array('pattern' => '/login', 'security' => false),
+        'secure' => array('stateless' => true,
+            'http_basic' => true,
+            'http_digest' => array('secret' => 'TheSecret'),
+            'form_login' => true,
+            'anonymous' => true,
+            'switch_user' => true,
+            'x509' => true,
+            'remote_user' => true,
+            'logout' => true,
+            'remember_me' => array('secret' => 'TheSecret'),
+            'user_checker' => null,
+        ),
+    ),
+));

Tests/DependencyInjection/Fixtures/xml/no_custom_user_checker.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<srv:container xmlns="http://symfony.com/schema/dic/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:srv="http://symfony.com/schema/dic/services"
+    xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+    <config>
+        <provider name="default">
+            <memory>
+                <user name="foo" password="foo" roles="ROLE_USER" />
+            </memory>
+        </provider>
+
+        <firewall name="simple" pattern="/login" security="false" />
+
+        <firewall name="secure" stateless="true">
+            <http-basic />
+            <http-digest secret="TheSecret" />
+            <form-login />
+            <anonymous />
+            <switch-user />
+            <x509 />
+            <remote-user />
+            <user-checker />
+            <logout />
+            <remember-me secret="TheSecret"/>
+        </firewall>
+    </config>
+</srv:container>

Tests/DependencyInjection/Fixtures/yml/no_custom_user_checker.yml

@@ -0,0 +1,23 @@
+security:
+    providers:
+        default:
+            memory:
+                users:
+                    foo: { password: foo, roles: ROLE_USER }
+
+    firewalls:
+        simple: { pattern: /login, security: false }
+        secure:
+            stateless: true
+            http_basic: true
+            http_digest:
+                secret: TheSecret
+            form_login: true
+            anonymous: true
+            switch_user: true
+            x509: true
+            remote_user: true
+            logout: true
+            remember_me:
+                secret: TheSecret
+            user_checker: ~