bug symfony#53172 [SecurityBundle] Prevent to login/logout without a request context (symfonyaml)

This PR was squashed before being merged into the 6.3 branch.

Discussion
----------

[SecurityBundle] Prevent to login/logout without a request context

| Q             | A
| ------------- | ---
| Branch?       | 6.3
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Issues        | Fix symfony#53170
| License       | MIT

Using `Security::login()` in a context without request throws a type error
See all details in the issue symfony#53170

In this PR, we prevent to use `Security::login()` and `Security::logout()` without a request context, to avoid a fatal error.

Commits
-------

aaa9392 [SecurityBundle] Prevent to login/logout without a request context

Author: Nyholm

src/Symfony/Bundle/SecurityBundle/Security.php

@@ -62,6 +62,10 @@ public function getFirewallConfig(Request $request): ?FirewallConfig
     public function login(UserInterface $user, string $authenticatorName = null, string $firewallName = null): ?Response
     {
         $request = $this->container->get('request_stack')->getCurrentRequest();
+        if (null === $request) {
+            throw new LogicException('Unable to login without a request context.');
+        }
+
         $firewallName ??= $this->getFirewallConfig($request)?->getName();
 
         if (!$firewallName) {
@@ -86,15 +90,18 @@ public function login(UserInterface $user, string $authenticatorName = null, str
      */
     public function logout(bool $validateCsrfToken = true): ?Response
     {
+        $request = $this->container->get('request_stack')->getMainRequest();
+        if (null === $request) {
+            throw new LogicException('Unable to logout without a request context.');
+        }
+
         /** @var TokenStorageInterface $tokenStorage */
         $tokenStorage = $this->container->get('security.token_storage');
 
         if (!($token = $tokenStorage->getToken()) || !$token->getUser()) {
             throw new LogicException('Unable to logout as there is no logged-in user.');
         }
 
-        $request = $this->container->get('request_stack')->getMainRequest();
-
         if (!$firewallConfig = $this->container->get('security.firewall.map')->getFirewallConfig($request)) {
             throw new LogicException('Unable to logout as the request is not behind a firewall.');
         }

src/Symfony/Bundle/SecurityBundle/Tests/SecurityTest.php

@@ -252,6 +252,28 @@ public function testLoginWithoutAuthenticatorThrows()
         $security->login($user);
     }
 
+    public function testLoginWithoutRequestContext()
+    {
+        $requestStack = new RequestStack();
+        $user = $this->createMock(UserInterface::class);
+
+        $container = $this->createMock(ContainerInterface::class);
+        $container
+            ->expects($this->atLeastOnce())
+            ->method('get')
+            ->willReturnMap([
+                ['request_stack', $requestStack],
+            ])
+        ;
+
+        $security = new Security($container, ['main' => null]);
+
+        $this->expectException(\LogicException::class);
+        $this->expectExceptionMessage('Unable to login without a request context.');
+
+        $security->login($user);
+    }
+
     public function testLogout()
     {
         $request = new Request();
@@ -458,6 +480,27 @@ public function testLogoutWithValidCsrf()
         $this->assertEquals('a custom response', $response->getContent());
     }
 
+    public function testLogoutWithoutRequestContext()
+    {
+        $requestStack = new RequestStack();
+
+        $container = $this->createMock(ContainerInterface::class);
+        $container
+            ->expects($this->atLeastOnce())
+            ->method('get')
+            ->willReturnMap([
+                ['request_stack', $requestStack],
+            ])
+        ;
+
+        $security = new Security($container, ['main' => null]);
+
+        $this->expectException(\LogicException::class);
+        $this->expectExceptionMessage('Unable to logout without a request context.');
+
+        $security->logout();
+    }
+
     private function createContainer(string $serviceId, object $serviceObject): ContainerInterface
     {
         return new ServiceLocator([$serviceId => fn () => $serviceObject]);