FOSUserBundle: avoid logging in while confirming registration

1. Override \FOS\UserBundle\Security\LoginManager class with your own. This login manager is used in the AuthenticationListener that's dispatched during the confirmation.

   fos_user.security.login_manager.class: namespace\YourUserBundle\Security\CustomLoginManager

Implementing the loginUser() method (e.g. return null) in your CustomLoginManager can disable auto login. However, do note that this disables auto login for the following events as well:

• FOSUserEvents::REGISTRATION_COMPLETED
• FOSUserEvents::REGISTRATION_CONFIRMED
• FOSUserEvents::RESETTING_RESET_COMPLETED

(check - search - code when and where these are dispatched if this solution really suits your needs.)

2. Override \FOSUserBundle:RegistrationController::confirmAction and DO NOT dispatch the appropriate event. (see documentation on how to override fosuser controllers)

Look for \FOS\UserBundle\FOSUserEvents::REGISTRATION_CONFIRMED) in the base controller's confirm action for reference.

3. add a compiler pass to override/extend/implement your own AuthenticationListener that's being dispatched by the base fos user actions.

This is the most advanced, but leanest solution. See CompilerPassDocs on how to add one to your child bundle (the one extending fosuser). This is an example of the Compiler Pass file I propose:

class OverrideServiceCompilerPass implements CompilerPassInterface
{
     public function process(ContainerBuilder $container)
     {
          $definition = $container->getDefinition('fos_user.listener.authentication');
          $definition->setClass('namespace\MyUserBundle\EventListener\CustomAuthenticationListener');
     }
}

Look at the original \FOS\UserBundle\EventListener\AuthenticationListener file for reference, add the proper events and implement the method(s) accordingly in your custom auth listener. (e.g. return null on authenticate() perhaps.)