[Security] Improve DX when invalid custom authenticators

Author: alamirault

Authentication/AuthenticatorManager.php

@@ -104,6 +104,10 @@ public function supports(Request $request): ?bool
         foreach ($this->authenticators as $authenticator) {
             $this->logger?->debug('Checking support on authenticator.', ['firewall_name' => $this->firewallName, 'authenticator' => $authenticator::class]);
 
+            if (!$authenticator instanceof AuthenticatorInterface) {
+                throw new \InvalidArgumentException(sprintf('Authenticator "%s" must implement "%s".', get_debug_type($authenticator), AuthenticatorInterface::class));
+            }
+
             if (false !== $supports = $authenticator->supports($request)) {
                 $authenticators[] = $authenticator;
                 $lazy = $lazy && null === $supports;

Tests/Authentication/AuthenticatorManagerTest.php

@@ -77,6 +77,17 @@ public static function provideSupportsData()
         yield [[], false];
     }
 
+    public function testSupportsInvalidAuthenticator()
+    {
+        $manager = $this->createManager([new \stdClass()]);
+
+        $this->expectExceptionObject(
+            new \InvalidArgumentException('Authenticator "stdClass" must implement "Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface".')
+        );
+
+        $manager->supports($this->request);
+    }
+
     public function testSupportCheckedUponRequestAuthentication()
     {
         // the attribute stores the supported authenticators, returning false now