[Security] Error with lock_factory in login_throttling

[BaptisteContreras]

Symfony version(s) affected

'>= 6.2'

Description

I just upgraded my project from 5.4 to 6.3 and this error popped up :

Rate limiter "_login_local_main" requires the Lock component to be configured.

After some tests, I found out that this line (in my security.yaml) is the cause :

lock_factory: lock.default.factory

When I looked in

Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\LoginThrottlingFactory

from the Security Bundle, I noticed that this if is the problem :

### LoginThrottlingFactory line 101
if (!$container->hasDefinition('lock.factory.abstract')) {
     throw new LogicException(sprintf('Rate limiter "%s" requires the Lock component to be configured.', $name));
}

If I dump $container->getDefinitions() before this if I don't see any lock in the definitions array, which seems to be the issue here.

This check was added in this PR : #45569

I don't see the usefulness of this check here.
The 'lock.factory.abstract' is created in the Framework Bundle and the Security Bundle can't see it at this stage.

From my understanding we can either discard this change and let an error pop later saying that this service does not exist
or move this check in a CompilerPass. (I personally would go for the first solution)

How to reproduce

Using PHP 8.2.7

symfony new --webapp demo

composer require symfony/rate-limiter

composer require symfony/lock

### src/Controller/DemoController.php
<?php

namespace App\Controller;

use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;

class DemoController
{
    #[Route('/demo')]
    public function index(): Response
    {
        return new Response();
    }
}

### security.yaml
security:
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
    providers:
        users_in_memory: { memory: null }
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            lazy: true
            provider: users_in_memory
            login_throttling:
                max_attempts: 5
                interval: '15 minutes'
                lock_factory: lock.default.factory

    access_control:
        - { path: ^/demo, roles: ROLE_ADMIN }

### lock.yaml
framework:
    lock: '%env(LOCK_DSN)%'

Possible Solution

No response

Additional Context

No response

[xabbuh]

PR welcome I guess :)

[BaptisteContreras]

Great ! I'll do that :)