Description
Symfony version(s) affected: 5.1+
Description
With the new authenticator manager enabled, the form_login_ldap authenticator doesn't take care of the login_path option
How to reproduce
- Create new project
- Enable the new authentication system (if not)
- Add the form_login_ldap authenticator:
form_login_ldap: login_path: security_login check_path: security_login service: Symfony\Component\Ldap\Ldap dn_string: 'uid={username},dc=example,dc=com'
- Protect one route for authenticated users only:
access_control: - { path: ^/login$, role: PUBLIC_ACCESS } - { path: ^/protected, role: ROLE_USER }
- Try to access to
/protected - You got an Unauthorized exception instead of being redirected to
/login
If you try to add:
entry_point: form_login_ldapYou'll get a ServiceNotFoundException, which suggest to switch to entry_point: security.authenticator.form_login_ldap.main which leads to a new issue:
Argument 5 passed to Symfony\Component\Security\Http\Firewall\ExceptionListener::__construct() must implement interface Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface or be null, instance of Symfony\Component\Ldap\Security\LdapAuthenticator given
Possible Solution
Make Symfony\Component\Ldap\Security\LdapAuthenticator extends of AbstractLoginFormAuthenticator.
This way we got a getLoginUrl() methods which resolve our main issue.
The problem is that, unlike the Symfony\Component\Security\Http\Authenticator, we don't have the HttpUtils service which prevents us to properly resolve the login_path option
I'm not sure on how to inject properly the service to the authenticator so this is why I'm opening an issue instead of doing a MR