Current issue - Custom Implementation

When at first I wanted to implement a custom authentication process, it was very clear I should use the simple_form, however, in the end I ended up copying a lot of things from the DaoAuthenticationProvider and UserAuthenticationProvider. My reasons were simple; I had to add additional checks, such as

• is this IP blocked?
• Is the captcha entered successfully after 3 failed logins?
• Is this the x-th login and should this IP get a temporary block?
• Is the authentication blocked?
• Is the user deleted?

Solutions?

Originally I had this idea, but I'm not sure this is the way to go. I also have stated that validation could be done event based, but that would be abusing events to throw exceptions. Another Idea I had, was to move part of the validation to a form type and constraints, but that might become even more complex for users to implement, yet you can extend it far better.

In the current state the UserChecker is nearly useless but the idea is good. What I want is 1 authenticator where you can hook into to add validation at specific points (compiler pass like). I'm just not sure what the opinions or ideas of others are but my hands have been itching for over a year now. I would like to make it simpler for developers to say, I want to login like this, fetch my user like this and run it against validations X, Y, at point A and I, J, K at point B.

This would reduce the amount of authenticators drastically and make it easier to re-use validation rules. Your Pre-Authenticator could look nearly identical but with a different way of retrieving the details and returning a different token.