feature #21450 [Security] Lazy load guard authenticators and authentication providers (chalasr)

This PR was squashed before being merged into the 3.3-dev branch (closes #21450).

Discussion
----------

[Security] Lazy load guard authenticators and authentication providers

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

Authentication stops on the first authenticator that fails or succeeds, let's instantiate them only if actually needed.

Commits
-------

cd6422ae73 [SecurityBundle] Lazy load authentication providers
b8a23ded63 [Security][Guard] Lazy load authenticators

Author: fabpot

Core/Authentication/AuthenticationProviderManager.php

@@ -37,23 +37,17 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
     /**
      * Constructor.
      *
-     * @param AuthenticationProviderInterface[] $providers        An array of AuthenticationProviderInterface instances
-     * @param bool                              $eraseCredentials Whether to erase credentials after authentication or not
+     * @param iterable|AuthenticationProviderInterface[] $providers        An iterable with AuthenticationProviderInterface instances as values
+     * @param bool                                       $eraseCredentials Whether to erase credentials after authentication or not
      *
      * @throws \InvalidArgumentException
      */
-    public function __construct(array $providers, $eraseCredentials = true)
+    public function __construct($providers, $eraseCredentials = true)
     {
         if (!$providers) {
             throw new \InvalidArgumentException('You must at least add one authentication provider.');
         }
 
-        foreach ($providers as $provider) {
-            if (!$provider instanceof AuthenticationProviderInterface) {
-                throw new \InvalidArgumentException(sprintf('Provider "%s" must implement the AuthenticationProviderInterface.', get_class($provider)));
-            }
-        }
-
         $this->providers = $providers;
         $this->eraseCredentials = (bool) $eraseCredentials;
     }
@@ -72,6 +66,10 @@ public function authenticate(TokenInterface $token)
         $result = null;
 
         foreach ($this->providers as $provider) {
+            if (!$provider instanceof AuthenticationProviderInterface) {
+                throw new \InvalidArgumentException(sprintf('Provider "%s" must implement the AuthenticationProviderInterface.', get_class($provider)));
+            }
+
             if (!$provider->supports($token)) {
                 continue;
             }

Core/Tests/Authentication/AuthenticationProviderManagerTest.php

@@ -15,6 +15,7 @@
 use Symfony\Component\Security\Core\Exception\ProviderNotFoundException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\AccountStatusException;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 
 class AuthenticationProviderManagerTest extends \PHPUnit_Framework_TestCase
@@ -32,9 +33,9 @@ public function testAuthenticateWithoutProviders()
      */
     public function testAuthenticateWithProvidersWithIncorrectInterface()
     {
-        new AuthenticationProviderManager(array(
+        (new AuthenticationProviderManager(array(
             new \stdClass(),
-        ));
+        )))->authenticate($this->getMockBuilder(TokenInterface::class)->getMock());
     }
 
     public function testAuthenticateWhenNoProviderSupportsToken()

Guard/Firewall/GuardAuthenticationListener.php

@@ -39,13 +39,13 @@ class GuardAuthenticationListener implements ListenerInterface
     private $rememberMeServices;
 
     /**
-     * @param GuardAuthenticatorHandler      $guardHandler          The Guard handler
-     * @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance
-     * @param string                         $providerKey           The provider (i.e. firewall) key
-     * @param GuardAuthenticatorInterface[]  $guardAuthenticators   The authenticators, with keys that match what's passed to GuardAuthenticationProvider
-     * @param LoggerInterface                $logger                A LoggerInterface instance
+     * @param GuardAuthenticatorHandler              $guardHandler          The Guard handler
+     * @param AuthenticationManagerInterface         $authenticationManager An AuthenticationManagerInterface instance
+     * @param string                                 $providerKey           The provider (i.e. firewall) key
+     * @param iterable|GuardAuthenticatorInterface[] $guardAuthenticators   The authenticators, with keys that match what's passed to GuardAuthenticationProvider
+     * @param LoggerInterface                        $logger                A LoggerInterface instance
      */
-    public function __construct(GuardAuthenticatorHandler $guardHandler, AuthenticationManagerInterface $authenticationManager, $providerKey, array $guardAuthenticators, LoggerInterface $logger = null)
+    public function __construct(GuardAuthenticatorHandler $guardHandler, AuthenticationManagerInterface $authenticationManager, $providerKey, $guardAuthenticators, LoggerInterface $logger = null)
     {
         if (empty($providerKey)) {
             throw new \InvalidArgumentException('$providerKey must not be empty.');
@@ -66,7 +66,13 @@ public function __construct(GuardAuthenticatorHandler $guardHandler, Authenticat
     public function handle(GetResponseEvent $event)
     {
         if (null !== $this->logger) {
-            $this->logger->debug('Checking for guard authentication credentials.', array('firewall_key' => $this->providerKey, 'authenticators' => count($this->guardAuthenticators)));
+            $context = array('firewall_key' => $this->providerKey);
+
+            if ($this->guardAuthenticators instanceof \Countable || is_array($this->guardAuthenticators)) {
+                $context['authenticators'] = count($this->guardAuthenticators);
+            }
+
+            $this->logger->debug('Checking for guard authentication credentials.', $context);
         }
 
         foreach ($this->guardAuthenticators as $key => $guardAuthenticator) {

Guard/Provider/GuardAuthenticationProvider.php

@@ -40,12 +40,12 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface
     private $userChecker;
 
     /**
-     * @param GuardAuthenticatorInterface[] $guardAuthenticators The authenticators, with keys that match what's passed to GuardAuthenticationListener
-     * @param UserProviderInterface         $userProvider        The user provider
-     * @param string                        $providerKey         The provider (i.e. firewall) key
-     * @param UserCheckerInterface          $userChecker
+     * @param iterable|GuardAuthenticatorInterface[] $guardAuthenticators The authenticators, with keys that match what's passed to GuardAuthenticationListener
+     * @param UserProviderInterface                  $userProvider        The user provider
+     * @param string                                 $providerKey         The provider (i.e. firewall) key
+     * @param UserCheckerInterface                   $userChecker
      */
-    public function __construct(array $guardAuthenticators, UserProviderInterface $userProvider, $providerKey, UserCheckerInterface $userChecker)
+    public function __construct($guardAuthenticators, UserProviderInterface $userProvider, $providerKey, UserCheckerInterface $userChecker)
     {
         $this->guardAuthenticators = $guardAuthenticators;
         $this->userProvider = $userProvider;