From 12224cd5341cdd70783a2e2c0c0f9059e54cd304 Mon Sep 17 00:00:00 2001
From: Robin Chalas <robin.chalas@gmail.com>
Date: Wed, 13 May 2020 13:44:27 +0200
Subject: [PATCH] [Security\Core] Fix NoopAuthenticationManager::authenticate()
 return value

---
 DependencyInjection/SecurityExtension.php         |  4 ++++
 .../DependencyInjection/SecurityExtensionTest.php | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php
index 55916c05..afa04d7c 100644
--- a/DependencyInjection/SecurityExtension.php
+++ b/DependencyInjection/SecurityExtension.php
@@ -111,6 +111,10 @@ public function load(array $configs, ContainerBuilder $container)
         $loader->load('security_rememberme.xml');
 
         if ($this->authenticatorManagerEnabled = $config['enable_authenticator_manager']) {
+            if ($config['always_authenticate_before_granting']) {
+                throw new InvalidConfigurationException('The security option "always_authenticate_before_granting" cannot be used when "enable_authenticator_manager" is set to true. If you rely on this behavior, set it to false.');
+            }
+
             $loader->load('security_authenticator.xml');
 
             // The authenticator system no longer has anonymous tokens. This makes sure AccessListener
diff --git a/Tests/DependencyInjection/SecurityExtensionTest.php b/Tests/DependencyInjection/SecurityExtensionTest.php
index da09e432..c9328c84 100644
--- a/Tests/DependencyInjection/SecurityExtensionTest.php
+++ b/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -505,6 +505,21 @@ public function provideEntryPointRequiredData()
         ];
     }
 
+    public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticationManager()
+    {
+        $this->expectException(InvalidConfigurationException::class);
+        $this->expectExceptionMessage('The security option "always_authenticate_before_granting" cannot be used when "enable_authenticator_manager" is set to true. If you rely on this behavior, set it to false.');
+
+        $container = $this->getRawContainer();
+        $container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'always_authenticate_before_granting' => true,
+            'firewalls' => ['main' => []],
+        ]);
+
+        $container->compile();
+    }
+
     protected function getRawContainer()
     {
         $container = new ContainerBuilder();