symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPass.php
Lines changed: 71 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPass.php
Lines changed: 71 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 0 additions & 2 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/EventListener/FirewallEventBubblingListener.php
Lines changed: 0 additions & 50 deletions b/‎src/Symfony/Bundle/SecurityBundle/EventListener/FirewallEventBubblingListener.php
Lines changed: 0 additions & 50 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/SecurityBundle.php
Lines changed: 3 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/SecurityBundle.php
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPassTest.php
Lines changed: 168 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPassTest.php
Lines changed: 168 additions & 0 deletions
@@ -0,0 +1,71 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler;
+
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Exception\LogicException;
+use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\Security\Core\Authorization\Voter\TraceableVoter;
+use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+use Symfony\Component\Security\Http\Event\CheckPassportEvent;
+use Symfony\Component\Security\Http\Event\LoginFailureEvent;
+use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
+use Symfony\Component\Security\Http\Event\LogoutEvent;
+
+/**
+ * Makes sure all event listeners on the global dispatcher are also listening
+ * to events on the firewall-specific dipatchers.
+ *
+ * This compiler pass must be run after RegisterListenersPass of the
+ * EventDispatcher component.
+ *
+ * @author Wouter de Jong <wouter@wouterj.nl>
+ *
+ * @internal
+ */
+class RegisterGlobalSecurityEventListenersPass implements CompilerPassInterface
+{
+    private static $eventBubblingEvents = [CheckPassportEvent::class, LoginFailureEvent::class, LoginSuccessEvent::class, LogoutEvent::class];
+
+    /**
+     * {@inheritdoc}
+     */
+    public function process(ContainerBuilder $container)
+    {
+        if (!$container->has('event_dispatcher') || !$container->has('security.authenticator.managers_locator')) {
+            return;
+        }
+
+        $firewallDispatchers = [];
+        $authenticatorManagerLocator = $container->getDefinition('security.authenticator.managers_locator');
+        foreach ($authenticatorManagerLocator->getArgument(0) as $firewallName => $managerArgument) {
             $firewallDispatchers[] = $container->findDefinition('security.event_dispatcher.'.$firewallName);
+        }
+
+        $globalDispatcher = $container->findDefinition('event_dispatcher');
+        foreach ($globalDispatcher->getMethodCalls() as $methodCall) {
+            if ('addListener' !== $methodCall[0]) {
+                continue;
+            }
+
+            $methodCallArguments = $methodCall[1];
+            if (!\in_array($methodCallArguments[0], self::$eventBubblingEvents, true)) {
+                continue;
+            }
+
+            foreach ($firewallDispatchers as $firewallDispatcher) {
+                $firewallDispatcher->addMethodCall('addListener', $methodCallArguments);
+            }
+        }
+    }
+}
@@ -348,8 +348,6 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
         // Register Firewall-specific event dispatcher
         $firewallEventDispatcherId = 'security.event_dispatcher.'.$id;
         $container->register($firewallEventDispatcherId, EventDispatcher::class);
-        $container->setDefinition($firewallEventDispatcherId.'.event_bubbling_listener', new ChildDefinition('security.event_dispatcher.event_bubbling_listener'))
-            ->addTag('kernel.event_subscriber', ['dispatcher' => $firewallEventDispatcherId]);
 
         // Register listeners
         $listeners = [];
 
@@ -17,6 +17,7 @@
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterCsrfFeaturesPass;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterLdapLocatorPass;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterTokenUsageTrackingPass;
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterGlobalSecurityEventListenersPass;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AnonymousFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\CustomAuthenticatorFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FormLoginFactory;
@@ -75,6 +76,8 @@ public function build(ContainerBuilder $container)
         $container->addCompilerPass(new RegisterCsrfFeaturesPass());
         $container->addCompilerPass(new RegisterTokenUsageTrackingPass(), PassConfig::TYPE_BEFORE_OPTIMIZATION, 200);
         $container->addCompilerPass(new RegisterLdapLocatorPass());
+        // must be registered after RegisterListenersPass (in the FrameworkBundle)
+        $container->addCompilerPass(new RegisterGlobalSecurityEventListenersPass(), PassConfig::TYPE_BEFORE_REMOVING, -200);
 
         $container->addCompilerPass(new AddEventAliasesPass([
             AuthenticationSuccessEvent::class => AuthenticationEvents::AUTHENTICATION_SUCCESS,
 
@@ -0,0 +1,168 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection\Compiler;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\SecurityBundle\SecurityBundle;
+use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
+use Symfony\Component\EventDispatcher\DependencyInjection\RegisterListenersPass;
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\DependencyInjection\Compiler\PassConfig;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Definition;
+use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\Security\Http\Event\CheckPassportEvent;
+use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
+use Symfony\Component\Security\Http\Event\LogoutEvent;
+
+class RegisterGlobalSecurtyEventListenersPassTest extends TestCase
+{
+    private $container;
+
+    protected function setUp(): void
+    {
+        $this->container = new ContainerBuilder();
+        $this->container->setParameter('kernel.debug', false);
+        $this->container->register('request_stack', \stdClass::class);
+        $this->container->register('event_dispatcher', EventDispatcher::class);
+
+        $this->container->registerExtension(new SecurityExtension());
+
+        $this->container->addCompilerPass(new RegisterListenersPass(), PassConfig::TYPE_BEFORE_REMOVING);
+        $this->container->getCompilerPassConfig()->setRemovingPasses([]);
+        $this->container->getCompilerPassConfig()->setAfterRemovingPasses([]);
+
+        $securityBundle = new SecurityBundle();
+        $securityBundle->build($this->container);
+    }
+
+    public function testRegisterCustomListener()
+    {
+        $this->container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true]],
+        ]);
+
+        $this->container->register('app.security_listener', \stdClass::class)
+            ->addTag('kernel.event_listener', ['method' => 'onLogout', 'event' => LogoutEvent::class])
+            ->addTag('kernel.event_listener', ['method' => 'onLoginSuccess', 'event' => LoginSuccessEvent::class, 'priority' => 20]);
+
+        $this->container->compile();
+
+        $this->assertListeners([
+            [LogoutEvent::class, ['app.security_listener', 'onLogout'], 0],
+            [LoginSuccessEvent::class, ['app.security_listener', 'onLoginSuccess'], 20],
+        ]);
+    }
+
+    public function testRegisterCustomSubscriber()
+    {
+        $this->container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true]],
+        ]);
+
+        $this->container->register(TestSubscriber::class)
+            ->addTag('kernel.event_subscriber');
+
+        $this->container->compile();
+
+        $this->assertListeners([
+            [LogoutEvent::class, [TestSubscriber::class, 'onLogout'], -200],
+            [CheckPassportEvent::class, [TestSubscriber::class, 'onCheckPassport'], 120],
+            [LoginSuccessEvent::class, [TestSubscriber::class, 'onLoginSuccess'], 0],
+        ]);
+    }
+
+    public function testMultipleFirewalls()
+    {
+        $this->container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true], 'api' => ['pattern' => '/api', 'http_basic' => true]],
+        ]);
+
+        $this->container->register('security.event_dispatcher.api', EventDispatcher::class)
+            ->addTag('security.event_dispatcher')
+            ->setPublic(true);
+
+        $this->container->register('app.security_listener', \stdClass::class)
+            ->addTag('kernel.event_listener', ['method' => 'onLogout', 'event' => LogoutEvent::class])
+            ->addTag('kernel.event_listener', ['method' => 'onLoginSuccess', 'event' => LoginSuccessEvent::class, 'priority' => 20]);
+
+        $this->container->compile();
+
+        $this->assertListeners([
+            [LogoutEvent::class, ['app.security_listener', 'onLogout'], 0],
+            [LoginSuccessEvent::class, ['app.security_listener', 'onLoginSuccess'], 20],
+        ], 'security.event_dispatcher.main');
+        $this->assertListeners([
+            [LogoutEvent::class, ['app.security_listener', 'onLogout'], 0],
+            [LoginSuccessEvent::class, ['app.security_listener', 'onLoginSuccess'], 20],
+        ], 'security.event_dispatcher.api');
+    }
+
+    public function testListenerAlreadySpecific()
+    {
+        $this->container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+            'firewalls' => ['main' => ['pattern' => '/', 'http_basic' => true]],
+        ]);
+
+        $this->container->register('security.event_dispatcher.api', EventDispatcher::class)
+            ->addTag('security.event_dispatcher')
+            ->setPublic(true);
+
+        $this->container->register('app.security_listener', \stdClass::class)
+            ->addTag('kernel.event_listener', ['method' => 'onLogout', 'event' => LogoutEvent::class, 'dispatcher' => 'security.event_dispatcher.main'])
+            ->addTag('kernel.event_listener', ['method' => 'onLoginSuccess', 'event' => LoginSuccessEvent::class, 'priority' => 20]);
+
+        $this->container->compile();
+
+        $this->assertListeners([
+            [LogoutEvent::class, ['app.security_listener', 'onLogout'], 0],
+            [LoginSuccessEvent::class, ['app.security_listener', 'onLoginSuccess'], 20],
+        ], 'security.event_dispatcher.main');
+    }
+
+    private function assertListeners(array $expectedListeners, string $dispatcherId = 'security.event_dispatcher.main')
+    {
+        $actualListeners = [];
+        foreach ($this->container->findDefinition($dispatcherId)->getMethodCalls() as $methodCall) {
+            [$method, $arguments] = $methodCall;
+            if ('addListener' !== $method) {
+                continue;
+            }
+
+            $arguments[1] = [(string) $arguments[1][0]->getValues()[0], $arguments[1][1]];
+            $actualListeners[] = $arguments;
+        }
+
+        $foundListeners = array_uintersect($expectedListeners, $actualListeners, function (array $a, array $b) {
+            return $a === $b;
+        });
+
+        $this->assertEquals($expectedListeners, $foundListeners);
+    }
+}
+
+class TestSubscriber implements EventSubscriberInterface
+{
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            LogoutEvent::class => ['onLogout', -200],
+            CheckPassportEvent::class => ['onCheckPassport', 120],
+            LoginSuccessEvent::class => 'onLoginSuccess',
+        ];
+    }
+}