security-bundle 5.1.1 does not work with "enable_authenticator_manager: true"

[jfcherng]

Symfony version(s) affected: 5.1.1

Description

Just update one of my Symfony 5.1.0 website to 5.1.1 and get the following exception.

Any of the followings will make the exception disappear:

• Downgrade security-bundle to 5.1.0
• Disable enable_authenticator_manager
• Disable csrf_protection

TypeError:
Argument 1 passed to Symfony\Component\Security\Http\EventListener\CsrfProtectionListener::__construct() must implement interface Symfony\Component\Security\Csrf\CsrfTokenManagerInterface, instance of Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage given, called in C:\Users\Username\Desktop\my_project\var\cache\dev\Container6bbLKMb\getSecurity_Listener_CsrfProtectionService.php on line 22

  at C:\Users\Username\Desktop\my_project\vendor\symfony\security-http\EventListener\CsrfProtectionListener.php:31
  at Symfony\Component\Security\Http\EventListener\CsrfProtectionListener->__construct(object(SessionTokenStorage))
     (C:\Users\Username\Desktop\my_project\var\cache\dev\Container6bbLKMb\getSecurity_Listener_CsrfProtectionService.php:22)
  at Container6bbLKMb\getSecurity_Listener_CsrfProtectionService::do(object(App_KernelDevDebugContainer), true)
     (C:\Users\Username\Desktop\my_project\var\cache\dev\Container6bbLKMb\App_KernelDevDebugContainer.php:438)
  at Container6bbLKMb\App_KernelDevDebugContainer->load('getSecurity_Listener_CsrfProtectionService.php')
     (C:\Users\Username\Desktop\my_project\var\cache\dev\Container6bbLKMb\App_KernelDevDebugContainer.php:735)
  at Container6bbLKMb\App_KernelDevDebugContainer->Container6bbLKMb\{closure}()
     (C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\EventDispatcher.php:245)
  at Symfony\Component\EventDispatcher\EventDispatcher->sortListeners('Symfony\\Component\\Security\\Http\\Event\\CheckPassportEvent')
     (C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\EventDispatcher.php:84)
  at Symfony\Component\EventDispatcher\EventDispatcher->getListeners('Symfony\\Component\\Security\\Http\\Event\\CheckPassportEvent')
     (C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\Debug\TraceableEventDispatcher.php:99)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->getListeners()
     (C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\Debug\TraceableEventDispatcher.php:195)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->getNotCalledListeners(null)
     (C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\DataCollector\EventDataCollector.php:66)
  at Symfony\Component\HttpKernel\DataCollector\EventDataCollector->lateCollect()
     (C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\Profiler\Profiler.php:97)
  at Symfony\Component\HttpKernel\Profiler\Profiler->saveProfile(object(Profile))
     (C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\EventListener\ProfilerListener.php:112)
  at Symfony\Component\HttpKernel\EventListener\ProfilerListener->onKernelTerminate(object(TerminateEvent), 'kernel.terminate', object(TraceableEventDispatcher))
     (C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\Debug\WrappedListener.php:117)
  at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object(TerminateEvent), 'kernel.terminate', object(TraceableEventDispatcher))
     (C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\EventDispatcher.php:230)
  at Symfony\Component\EventDispatcher\EventDispatcher->callListeners(array(object(WrappedListener)), 'kernel.terminate', object(TerminateEvent))
     (C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\EventDispatcher.php:59)
  at Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object(TerminateEvent), 'kernel.terminate')
     (C:\Users\Username\Desktop\my_project\vendor\symfony\event-dispatcher\Debug\TraceableEventDispatcher.php:151)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object(TerminateEvent), 'kernel.terminate')
     (C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\HttpKernel.php:99)
  at Symfony\Component\HttpKernel\HttpKernel->terminate(object(Request), object(Response))
     (C:\Users\Username\Desktop\my_project\vendor\symfony\http-kernel\Kernel.php:161)
  at Symfony\Component\HttpKernel\Kernel->terminate(object(Request), object(Response))
     (C:\Users\Username\Desktop\my_project\public\index.php:30)    

How to reproduce

If a repo is preferred, https://git.io/JfHB6 but it's easy to reproduce it from a fresh state.

1. Create new project: symfony new my_project --full
2. Add a default controller. Create src/Controller/DefaultController.php

<?php

declare(strict_types=1);

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;

final class DefaultController extends AbstractController
{
    /**
     * @Route("/", name="index", methods="GET")
     */
    public function indexAction(Request $request): Response
    {
        return $this->render('base.html.twig');
    }
}

3. Enable enable_authenticator_manager in config/packages/security.yaml

@@ -1,4 +1,6 @@
 security:
+    enable_authenticator_manager: true
+
     # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
     providers:
         users_in_memory: { memory: null }
@@ -7,9 +9,10 @@ security:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         main:
-            anonymous: true
             lazy: true
             provider: users_in_memory
+            http_basic:
+                realm: Secured Area
 
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#firewalls-authentication

4. Visit the index page.

[fabpot]

/cc @wouterj

[xabbuh]

Related to #37047?