contao.security.token_checker cannot be decorated

[fritzmg]

Affected version(s)

4.9+

Description

The class comment of our contao.security.token_checker service says:

/**
 * @internal Do not inherit from this class; decorate the "contao.security.token_checker" service instead
 */

However, decorating that service is not actually possible, as this service does not implement an interface and thus all other services injecting the token checker are requiring a type of

Contao\CoreBundle\Security\Authentication\Token\TokenChecker

and thus if you try to decorate this service you will end up with an error like

TypeError:
Contao\CoreBundle\Framework\ContaoFramework::__construct(): Argument #3 ($tokenChecker) must be of type Contao\CoreBundle\Security\Authentication\Token\TokenChecker, App\Security\TokenChecker given, called in var\cache\dev\ContainerSbgejui\appContao_ManagerBundle_HttpKernel_ContaoKernelDevDebugContainer.php on line 766

  at vendor\contao\core-bundle\src\Framework\ContaoFramework.php:99

[ausi]

Maybe the correct text would be Do not call the constructor from an inherited class; decorate the "contao.security.token_checker" service instead and redirect the public methods to the inner service or something in that direction?

[fritzmg]

But that would not change anything. You simply cannot decorate contao.security.token_checker due to the other dependents.

// Sorry, misunderstood you comment. Yes that would be more accurate then.

[fritzmg]

But the question is - is this what we want? Shouldn't the token checker implement an interface instead and all services requiring that service should inject that interface?

[ausi]

That would be valid for all services, so I’d only do this if decorating this service is common or an explicit extension point for us.

[leofeyer]

As discussed in the Contao call, we want to remove the comment from the @internal annotations at constructor level.