symfony
diff --git a/‎UPGRADE-5.3.md
Lines changed: 11 additions & 0 deletions b/‎UPGRADE-5.3.md
Lines changed: 11 additions & 0 deletions
diff --git a/‎UPGRADE-6.0.md
Lines changed: 9 additions & 0 deletions b/‎UPGRADE-6.0.md
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml
Lines changed: 5 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Security/config.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AnonymousFactory.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
Lines changed: 4 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
Lines changed: 131 additions & 4 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
Lines changed: 131 additions & 4 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php
Lines changed: 1 addition & 0 deletions
@@ -205,6 +205,15 @@ Security
  * Deprecate all classes in the `Core\Encoder\`  sub-namespace, use the `PasswordHasher` component instead
  * Deprecated voters that do not return a valid decision when calling the `vote` method
  * [BC break] Add optional array argument `$badges` to `UserAuthenticatorInterface::authenticateUser()`
+ * Deprecate `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`,
+   `AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`,
+   `PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and
+   `AuthenticationFailureEvent` from security-core. Use the new authenticator system instead
+ * Deprecate `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`,
+   `BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`,
+   `UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
+   from security-http, use the new authenticator system instead
+ * Deprecate the Guard component, use the new authenticator system instead
 
 SecurityBundle
 --------------
@@ -218,6 +227,8 @@ SecurityBundle
  * Deprecate the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
    use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
  * Deprecate the public `security.authorization_checker` and `security.token_storage` services to private
+ * Not setting the `enable_authenticator_manager` option to `true` now throws an exception.
+ * Remove the Guard component integration, use the new authenticator system instead
 
 Serializer
 ----------
 
@@ -293,6 +293,15 @@ Security
    `DefaultAuthenticationSuccessHandler`.
  * Removed the `AbstractRememberMeServices::$providerKey` property in favor of `AbstractRememberMeServices::$firewallName`
  * `AccessDecisionManager` now throw an exception when a voter does not return a valid decision.
+ * Remove `AuthenticationManagerInterface`, `AuthenticationProviderManager`, `AnonymousAuthenticationProvider`,
+   `AuthenticationProviderInterface`, `DaoAuthenticationProvider`, `LdapBindAuthenticationProvider`,
+   `PreAuthenticatedAuthenticationProvider`, `RememberMeAuthenticationProvider`, `UserAuthenticationProvider` and
+   `AuthenticationFailureEvent` from security-core. Use the new authenticator system instead
+ * Remove `AbstractAuthenticationListener`, `AbstractPreAuthenticatedListener`, `AnonymousAuthenticationListener`,
+   `BasicAuthenticationListener`, `RememberMeListener`, `RemoteUserAuthenticationListener`,
+   `UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
+   from security-http, use the new authenticator system instead
+ * Remove the Guard component, use the new authenticator system instead
 
 SecurityBundle
 --------------
 
@@ -8,6 +8,8 @@ services:
             - container.service_subscriber
 
 security:
+    enable_authenticator_manager: true
+
     providers:
         main:
             memory:
@@ -30,3 +32,6 @@ security:
             form_login:
                 check_path: /custom/login/check
             provider: custom
+
+    access_control:
+        - { path: '^/main/user_profile$', roles: IS_AUTHENTICATED_FULLY }
@@ -21,6 +21,8 @@
  * @author Wouter de Jong <wouter@wouterj.nl>
  *
  * @internal
+ *
+ * @deprecated since Symfony 5.3, use the new authenticator system instead
  */
 class AnonymousFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
 {
 
@@ -104,6 +104,10 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
             $loader->load('security_authenticator_remember_me.php');
         }
 
+        if ('auto' === $config['secure']) {
+            $config['secure'] = null;
+        }
+
         // create remember me handler (which manage the remember-me cookies)
         $rememberMeHandlerId = 'security.authenticator.remember_me_handler.'.$firewallName;
         if (isset($config['service']) && isset($config['token_provider'])) {
 
@@ -130,6 +130,8 @@ public function load(array $configs, ContainerBuilder $container)
             $container->getDefinition('security.authorization_checker')->setArgument(4, false);
             $container->getDefinition('security.authorization_checker')->setArgument(5, false);
         } else {
+            trigger_deprecation('symfony/security-bundle', '5.3', 'Not setting the "security.enable_authenticator_manager" config option to true is deprecated.');
+
             $loader->load('security_legacy.php');
         }
 
 
@@ -62,6 +62,8 @@
 
         ->set('security.authentication.manager', NoopAuthenticationManager::class)
         ->alias(AuthenticationManagerInterface::class, 'security.authentication.manager')
+        ->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated.')
+
 
         ->set('security.firewall.authenticator', AuthenticatorManagerListener::class)
             ->abstract()
 
@@ -139,6 +139,7 @@ private function createContainer($sessionStorageOptions)
 
         $config = [
             'security' => [
+                'enable_authenticator_manager' => true,
                 'providers' => ['some_provider' => ['id' => 'foo']],
                 'firewalls' => ['some_firewall' => ['security' => false]],
             ],
 
@@ -127,6 +127,127 @@ public function testFirewalls()
         $configs[0][2] = strtolower($configs[0][2]);
         $configs[2][2] = strtolower($configs[2][2]);
 
+        $this->assertEquals([
+            [
+                'simple',
+                'security.user_checker',
+                '.security.request_matcher.xmi9dcw',
+                false,
+                false,
+                '',
+                '',
+                '',
+                '',
+                '',
+                [],
+                null,
+            ],
+            [
+                'secure',
+                'security.user_checker',
+                null,
+                true,
+                true,
+                'security.user.provider.concrete.default',
+                null,
+                'security.authenticator.form_login.secure',
+                null,
+                null,
+                [
+                    'switch_user',
+                    'x509',
+                    'remote_user',
+                    'form_login',
+                    'http_basic',
+                    'remember_me',
+                ],
+                [
+                    'parameter' => '_switch_user',
+                    'role' => 'ROLE_ALLOWED_TO_SWITCH',
+                ],
+            ],
+            [
+                'host',
+                'security.user_checker',
+                '.security.request_matcher.iw4hyjb',
+                true,
+                false,
+                'security.user.provider.concrete.default',
+                'host',
+                'security.authenticator.http_basic.host',
+                null,
+                null,
+                [
+                    'http_basic',
+                ],
+                null,
+            ],
+            [
+                'with_user_checker',
+                'app.user_checker',
+                null,
+                true,
+                false,
+                'security.user.provider.concrete.default',
+                'with_user_checker',
+                'security.authenticator.http_basic.with_user_checker',
+                null,
+                null,
+                [
+                    'http_basic',
+                ],
+                null,
+            ],
+        ], $configs);
+
+        $this->assertEquals([
+            [],
+            [
+                'security.channel_listener',
+                'security.firewall.authenticator.secure',
+                'security.authentication.switchuser_listener.secure',
+                'security.access_listener',
+            ],
+            [
+                'security.channel_listener',
+                'security.context_listener.0',
+                'security.firewall.authenticator.host',
+                'security.access_listener',
+            ],
+            [
+                'security.channel_listener',
+                'security.context_listener.1',
+                'security.firewall.authenticator.with_user_checker',
+                'security.access_listener',
+            ],
+        ], $listeners);
+
+        $this->assertFalse($container->hasAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', 'No user checker alias is registered when custom user checker services are registered'));
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testLegacyFirewalls()
+    {
+        $container = $this->getContainer('legacy_container1');
+        $arguments = $container->getDefinition('security.firewall.map')->getArguments();
+        $listeners = [];
+        $configs = [];
+        foreach (array_keys($arguments[1]->getValues()) as $contextId) {
+            $contextDef = $container->getDefinition($contextId);
+            $arguments = $contextDef->getArguments();
+            $listeners[] = array_map('strval', $arguments[0]->getValues());
+
+            $configDef = $container->getDefinition((string) $arguments[3]);
+            $configs[] = array_values($configDef->getArguments());
+        }
+
+        // the IDs of the services are case sensitive or insensitive depending on
+        // the Symfony version. Transform them to lowercase to simplify tests.
+        $configs[0][2] = strtolower($configs[0][2]);
+        $configs[2][2] = strtolower($configs[2][2]);
+
         $this->assertEquals([
             [
                 'simple',
@@ -881,15 +1002,21 @@ public function testHashersWithBCrypt()
         ]], $container->getDefinition('security.password_hasher_factory')->getArguments());
     }
 
-    public function testRememberMeThrowExceptionsDefault()
+    /**
+     * @group legacy
+     */
+    public function testLegacyRememberMeThrowExceptionsDefault()
     {
-        $container = $this->getContainer('container1');
+        $container = $this->getContainer('legacy_container1');
         $this->assertTrue($container->getDefinition('security.authentication.listener.rememberme.secure')->getArgument(5));
     }
 
-    public function testRememberMeThrowExceptions()
+    /**
+     * @group legacy
+     */
+    public function testLegacyRememberMeThrowExceptions()
     {
-        $container = $this->getContainer('remember_me_options');
+        $container = $this->getContainer('legacy_remember_me_options');
         $service = $container->getDefinition('security.authentication.listener.rememberme.main');
         $this->assertEquals('security.authentication.rememberme.services.persistent.main', $service->getArgument(1));
         $this->assertFalse($service->getArgument(5));
 
@@ -1,6 +1,7 @@
 <?php
 
 $container->loadFromExtension('security', [
+    'enable_authenticator_manager' => true,
     'access_decision_manager' => [
         'allow_if_all_abstain' => true,
         'allow_if_equal_granted_denied' => false,
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,8 @@`
`21`	`21`	`* @author Wouter de Jong <wouter@wouterj.nl>`
`22`	`22`	`*`
`23`	`23`	`* @internal`
	`24`	`+ *`
	`25`	`+ * @deprecated since Symfony 5.3, use the new authenticator system instead`
`24`	`26`	`*/`
`25`	`27`	`class AnonymousFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface`
`26`	`28`	`{`
Original file line number	Diff line number	Diff line change
`@@ -130,6 +130,8 @@ public function load(array $configs, ContainerBuilder $container)`
`130`	`130`	`$container->getDefinition('security.authorization_checker')->setArgument(4, false);`
`131`	`131`	`$container->getDefinition('security.authorization_checker')->setArgument(5, false);`
`132`	`132`	`} else {`
	`133`	`+ trigger_deprecation('symfony/security-bundle', '5.3', 'Not setting the "security.enable_authenticator_manager" config option to true is deprecated.');`
	`134`	`+`
`133`	`135`	`$loader->load('security_legacy.php');`
`134`	`136`	`}`
`135`	`137`