symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Security/Security.php
Lines changed: 23 additions & 18 deletions b/‎src/Symfony/Bundle/SecurityBundle/Security/Security.php
Lines changed: 23 additions & 18 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
Lines changed: 35 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
Lines changed: 35 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml
Lines changed: 14 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/config.yml
Lines changed: 14 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/routing.yml
Lines changed: 3 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/SecurityHelper/routing.yml
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Security/SecurityTest.php
Lines changed: 52 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Security/SecurityTest.php
Lines changed: 52 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/CHANGELOG.md
Lines changed: 0 additions & 6 deletions b/‎src/Symfony/Component/Security/Core/CHANGELOG.md
Lines changed: 0 additions & 6 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Tests/SecurityTest.php
Lines changed: 3 additions & 79 deletions b/‎src/Symfony/Component/Security/Core/Tests/SecurityTest.php
Lines changed: 3 additions & 79 deletions
@@ -22,11 +22,15 @@
 /**
  * Helper class for commonly-needed security tasks.
  *
+ * @author Ryan Weaver <ryan@symfonycasts.com>
+ * @author Robin Chalas <robin.chalas@gmail.com>
+ * @author Arnaud Frézet <arnaud@larriereguichet.fr>
+ *
  * @final
  */
 class Security extends LegacySecurity
 {
-    public function __construct(private ContainerInterface $container, private array $authenticators = [])
+    public function __construct(private readonly ContainerInterface $container, private readonly array $authenticators = [])
     {
         parent::__construct($container, false);
     }
@@ -36,14 +40,21 @@ public function getFirewallConfig(Request $request): ?FirewallConfig
         return $this->container->get('security.firewall.map')->getFirewallConfig($request);
     }
 
+    /**
+     * @param UserInterface $user              The user to authenticate
+     * @param string|null   $authenticatorName The authenticator name (e.g. "form_login") or service id (e.g. SomeApiKeyAuthenticator::class) - required only if multiple authenticators are configured
+     * @param string|null   $firewallName      The firewall name - required only if multiple firewalls are configured
+     */
     public function login(UserInterface $user, string $authenticatorName = null, string $firewallName = null): void
     {
         $request = $this->container->get('request_stack')->getCurrentRequest();
+        $firewallName ??= $this->getFirewallConfig($request)?->getName();
 
-        if (!class_exists(AuthenticatorInterface::class)) {
-            throw new \LogicException('Security HTTP is missing. Try running "composer require symfony/security-http".');
+        if (!$firewallName) {
+            throw new LogicException('Unable to login as the current route is not covered by any firewall.');
         }
-        $authenticator = $this->getAuthenticator($authenticatorName, $firewallName ?? $this->getFirewallName($request));
+
+        $authenticator = $this->getAuthenticator($authenticatorName, $firewallName);
 
         $this->container->get('security.user_checker')->checkPreAuth($user);
         $this->container->get('security.user_authenticator')->authenticateUser($user, $authenticator, $request);
@@ -54,39 +65,33 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa
         if (!\array_key_exists($firewallName, $this->authenticators)) {
             throw new LogicException(sprintf('No authenticators found for firewall "%s".', $firewallName));
         }
+
         /** @var ServiceProviderInterface $firewallAuthenticatorLocator */
         $firewallAuthenticatorLocator = $this->authenticators[$firewallName];
 
         if (!$authenticatorName) {
             $authenticatorIds = array_keys($firewallAuthenticatorLocator->getProvidedServices());
 
             if (!$authenticatorIds) {
-                throw new LogicException('No authenticator was found for the firewall "%s".');
+                throw new LogicException(sprintf('No authenticator was found for the firewall "%s".', $firewallName));
             }
-
             if (1 < \count($authenticatorIds)) {
                 throw new LogicException(sprintf('Too much authenticators were found for the current firewall "%s". You must provide an instance of "%s" to login programmatically. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $authenticatorIds)));
             }
 
             return $firewallAuthenticatorLocator->get($authenticatorIds[0]);
         }
-        $authenticatorId = 'security.authenticator.'.$authenticatorName.'.'.$firewallName;
 
-        if (!$firewallAuthenticatorLocator->has($authenticatorId)) {
-            throw new LogicException(sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Try to pass a firewall name in the Security::login() method.', $authenticatorName, $firewallName));
+        if ($firewallAuthenticatorLocator->has($authenticatorName)) {
+            return $firewallAuthenticatorLocator->get($authenticatorName);
         }
 
-        return $firewallAuthenticatorLocator->get($authenticatorId);
-    }
-
-    private function getFirewallName(Request $request): string
-    {
-        $firewall = $this->container->get('security.firewall.map')->getFirewallConfig($request);
+        $authenticatorId = 'security.authenticator.'.$authenticatorName.'.'.$firewallName;
 
-        if (null === $firewall) {
-            throw new LogicException('No firewall found as the current route is not covered by any firewall.');
+        if (!$firewallAuthenticatorLocator->has($authenticatorId)) {
+            throw new LogicException(sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Available authenticators: "%s".', $authenticatorName, implode('", "', $firewallAuthenticatorLocator->getProvidedServices())));
         }
 
-        return $firewall->getName();
+        return $firewallAuthenticatorLocator->get($authenticatorId);
     }
 }
@@ -12,7 +12,9 @@
 namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
 
 use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
+use Symfony\Bundle\SecurityBundle\Security\Security;
 use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Security\Core\User\Arra
10000
yUserProvider;
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\User\InMemoryUser;
@@ -81,6 +83,22 @@ public function userWillBeMarkedAsChangedIfRolesHasChangedProvider()
             ],
         ];
     }
+
+    /**
+     * @testWith    ["json_login"]
+     *              ["Symfony\\Bundle\\SecurityBundle\\Tests\\Functional\\Bundle\\AuthenticatorBundle\\ApiAuthenticator"]
+     */
+    public function testLoginWithBuiltInAuthenticator(string $authenticator)
+    {
+        $client = $this->createClient(['test_case' => 'SecurityHelper', 'root_config' => 'config.yml', 'debug' => true]);
+        static::getContainer()->get(WelcomeController::class)->authenticator = $authenticator;
+        $client->request('GET', '/welcome');
+        $response = $client->getResponse();
+
+        $this->assertInstanceOf(JsonResponse::class, $response);
+        $this->assertSame(200, $response->getStatusCode());
+        $this->assertSame(['message' => 'Welcome @chalasr!'], json_decode($response->getContent(), true));
+    }
 }
 
 final class UserWithoutEquatable implements UserInterface, PasswordAuthenticatedUserInterface
@@ -189,3 +207,20 @@ public function eraseCredentials(): void
     {
     }
 }
+
+class WelcomeController
+{
+    public $authenticator = 'json_login';
+
+    public function __construct(private Security $security)
+    {
+    }
+
+    public function welcome()
+    {
+        $user = new InMemoryUser('chalasr', '', ['ROLE_USER']);
+        $this->security->login($user, $this->authenticator);
+
+        return new JsonResponse(['message' => sprintf('Welcome @%s!', $this->security->getUser()->getUserIdentifier())]);
+    }
+}
@@ -11,6 +11,12 @@ services:
         alias: security.token_storage
         public: true
 
+    Symfony\Bundle\SecurityBundle\Tests\Functional\WelcomeController:
+        arguments: ['@security.helper']
+        public: true
+
+    Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator: ~
+
 security:
     enable_authenticator_manager: true
     providers:
@@ -20,3 +26,11 @@ security:
 
     firewalls:
         default:
+            json_login:
+                username_path: user.login
+                password_path: user.password
+            custom_authenticators:
+                - 'Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AuthenticatorBundle\ApiAuthenticator'
+
+    access_control:
+        - { path: ^/foo, roles: PUBLIC_ACCESS }
@@ -0,0 +1,3 @@
+welcome:
+    path: /welcome
+    defaults: { _controller: Symfony\Bundle\SecurityBundle\Tests\Functional\WelcomeController::welcome }
@@ -18,11 +18,17 @@
 use Symfony\Bundle\SecurityBundle\Security\Security;
 use Symfony\Component\DependencyInjection\ServiceLocator;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
+use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
+use Symfony\Contracts\Service\ServiceProviderInterface;
 
 class SecurityTest extends TestCase
 {
@@ -111,6 +117,52 @@ public function getFirewallConfigTests()
         yield [$request, new FirewallConfig('main', 'acme_user_checker')];
     }
 
+    public function testAutoLogin()
+    {
+        $request = new Request();
+        $authenticator = $this->createMock(AuthenticatorInterface::class);
+        $requestStack = $this->createMock(RequestStack::class);
+        $firewallMap = $this->createMock(FirewallMap::class);
+        $firewall = new FirewallConfig('main', 'main');
+        $userAuthenticator = $this->createMock(UserAuthenticatorInterface::class);
+        $user = $this->createMock(UserInterface::class);
+        $userChecker = $this->createMock(UserCheckerInterface::class);
+
+        $container = $this->createMock(ContainerInterface::class);
+        $container
+            ->expects($this->atLeastOnce())
+            ->method('get')
+            ->willReturnMap([
+                ['request_stack', $requestStack],
+                ['security.firewall.map', $firewallMap],
+                ['security.user_authenticator', $userAuthenticator],
+                ['security.user_checker', $userChecker],
+            ])
+        ;
+
+        $requestStack->expects($this->once())->method('getCurrentRequest')->willReturn($request);
+        $firewallMap->expects($this->once())->method('getFirewallConfig')->willReturn($firewall);
+        $userAuthenticator->expects($this->once())->method('authenticateUser')->with($user, $authenticator, $request);
+        $userChecker->expects($this->once())->method('checkPreAuth')->with($user);
+
+        $firewallAuthenticatorLocator = $this->createMock(ServiceProviderInterface::class);
+        $firewallAuthenticatorLocator
+            ->expects($this->once())
+            ->method('getProvidedServices')
+            ->willReturn(['security.authenticator.custom.dev' => $authenticator])
+        ;
+        $firewallAuthenticatorLocator
+            ->expects($this->once())
+            ->method('get')
+            ->with('security.authenticator.custom.dev')
+            ->willReturn($authenticator)
+        ;
+
+        $security = new Security($container, ['main' => $firewallAuthenticatorLocator]);
+
+        $security->login($user);
+    }
+
     private function createContainer(string $serviceId, object $serviceObject): ContainerInterface
     {
         return new ServiceLocator([$serviceId => fn () => $serviceObject]);
 
@@ -6,12 +6,6 @@ CHANGELOG
 
 * Deprecate the `Security` class, use `Symfony\Bundle\SecurityBundle\Security\Security` instead
 
-6.1
----
-
-* Add `Security::login()` to login programmatically
-
-
 6.0
 ---
 
 
@@ -13,21 +13,12 @@
 
 use PHPUnit\Framework\TestCase;
 use Psr\Container\ContainerInterface;
-use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
-use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\InMemoryUser;
-use Symfony\Component\Security\Core\User\UserCheckerInterface;
-use Symfony\Component\Security\Core\User\UserInterface;
-use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
-use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
-use Symfony\Contracts\Service\ServiceProviderInterface;
 
 /**
  * @group legacy
@@ -45,7 +36,7 @@ public function testGetToken()
 
         $container = $this->createContainer('security.token_storage', $tokenStorage);
 
-        $security = new Security($container, []);
+        $security = new Security($container);
         $this->assertSame($token, $security->getToken());
     }
 
@@ -66,7 +57,7 @@ public function testGetUser($userInToken, $expectedUser)
 
         $container = $this->createContainer('security.token_storage', $tokenStorage);
 
-        $security = new Security($container, []);
+        $security = new Security($container);
         $this->assertSame($expectedUser, $security->getUser());
     }
 
@@ -89,77 +80,10 @@ public function testIsGranted()
 
         $container = $this->createContainer('security.authorization_checker', $authorizationChecker);
 
-        $security = new Security($container, []);
+        $security = new Security($container);
         $this->assertTrue($security->isGranted('SOME_ATTRIBUTE', 'SOME_SUBJECT'));
     }
 
-    public function testAutoLogin()
-    {
-        $request = new Request();
-        $authenticator = $this->createMock(AuthenticatorInterface::class);
-        $requestStack = $this->createMock(RequestStack::class);
-        $firewallMap = $this->createMock(FirewallMap::class);
-        $firewall = new FirewallConfig('main', 'main');
-        $userAuthenticator = $this->createMock(UserAuthenticatorInterface::class);
-        $user = $this->createMock(UserInterface::class);
-        $userChecker = $this->createMock(UserCheckerInterface::class);
-
-        $container = $this->createMock(ContainerInterface::class);
-        $container
-            ->expects($this->atLeastOnce())
-            ->method('get')
-            ->willReturnMap([
-                ['request_stack', $requestStack],
-                ['security.firewall.map', $firewallMap],
-                ['security.user_authenticator', $userAuthenticator],
-                ['security.user_checker', $userChecker],
-            ])
-        ;
-
-        $requestStack
-            ->expects($this->once())
-            ->method('getCurrentRequest')
-            ->willReturn($request)
-        ;
-
-        $firewallMap
-            ->expects($this->once())
-            ->method('getFirewallConfig')
-            ->willReturn($firewall)
-        ;
-        $userAuthenticator
-            ->expects($this->once())
-            ->method('authenticateUser')
-            ->with($user, $authenticator, $request)
-        ;
-        $userChecker
-            ->expects($this->once())
-            ->method('checkPreAuth')
-            ->with($user)
-        ;
-
-        $firewallAuthenticatorLocator = $this->createMock(ServiceProviderInterface::class);
-        $firewallAuthenticatorLocator
-            ->expects($this->once())
-            ->method('getProvidedServices')
-            ->willReturn([
-                'security.authenticator.custom.dev' => $authenticator,
-            ])
-        ;
-        $firewallAuthenticatorLocator
-            ->expects($this->once())
-            ->method('get')
-            ->with('security.authenticator.custom.dev')
-            ->willReturn($authenticator)
-        ;
-
-        $security = new Security($container, [
-            'main' => $firewallAuthenticatorLocator,
-        ]);
-
-        $security->login($user);
-    }
-
     private function createContainer($serviceId, $serviceObject)
     {
         $container = $this->createMock(ContainerInterface::class);
Original file line number	Diff line number	Diff line change
`@@ -22,11 +22,15 @@`
`22`	`22`	`/**`
`23`	`23`	`* Helper class for commonly-needed security tasks.`
`24`	`24`	`*`
	`25`	`+ * @author Ryan Weaver <ryan@symfonycasts.com>`
	`26`	`+ * @author Robin Chalas <robin.chalas@gmail.com>`
	`27`	`+ * @author Arnaud Frézet <arnaud@larriereguichet.fr>`
	`28`	`+ *`
`25`	`29`	`* @final`
`26`	`30`	`*/`
`27`	`31`	`class Security extends LegacySecurity`
`28`	`32`	`{`
`29`		`- public function __construct(private ContainerInterface $container, private array $authenticators = [])`
	`33`	`+ public function __construct(private readonly ContainerInterface $container, private readonly array $authenticators = [])`
`30`	`34`	`{`
`31`	`35`	`parent::__construct($container, false);`
`32`	`36`	`}`
`@@ -36,14 +40,21 @@ public function getFirewallConfig(Request $request): ?FirewallConfig`
`36`	`40`	`return $this->container->get('security.firewall.map')->getFirewallConfig($request);`
`37`	`41`	`}`
`38`	`42`
	`43`	`+ /**`
	`44`	`+ * @param UserInterface $user The user to authenticate`
	`45`	`+ * @param string\|null $authenticatorName The authenticator name (e.g. "form_login") or service id (e.g. SomeApiKeyAuthenticator::class) - required only if multiple authenticators are configured`
	`46`	`+ * @param string\|null $firewallName The firewall name - required only if multiple firewalls are configured`
	`47`	`+ */`
`39`	`48`	`public function login(UserInterface $user, string $authenticatorName = null, string $firewallName = null): void`
`40`	`49`	`{`
`41`	`50`	`$request = $this->container->get('request_stack')->getCurrentRequest();`
	`51`	`+ $firewallName ??= $this->getFirewallConfig($request)?->getName();`
`42`	`52`
`43`		`- if (!class_exists(AuthenticatorInterface::class)) {`
`44`		`- throw new \LogicException('Security HTTP is missing. Try running "composer require symfony/security-http".');`
	`53`	`+ if (!$firewallName) {`
	`54`	`+ throw new LogicException('Unable to login as the current route is not covered by any firewall.');`
`45`	`55`	`}`
`46`		`- $authenticator = $this->getAuthenticator($authenticatorName, $firewallName ?? $this->getFirewallName($request));`
	`56`	`+`
	`57`	`+ $authenticator = $this->getAuthenticator($authenticatorName, $firewallName);`
`47`	`58`
`48`	`59`	`$this->container->get('security.user_checker')->checkPreAuth($user);`
`49`	`60`	`$this->container->get('security.user_authenticator')->authenticateUser($user, $authenticator, $request);`
`@@ -54,39 +65,33 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa`
`54`	`65`	`if (!\array_key_exists($firewallName, $this->authenticators)) {`
`55`	`66`	`throw new LogicException(sprintf('No authenticators found for firewall "%s".', $firewallName));`
`56`	`67`	`}`
	`68`	`+`
`57`	`69`	`/** @var ServiceProviderInterface $firewallAuthenticatorLocator */`
`58`	`70`	`$firewallAuthenticatorLocator = $this->authenticators[$firewallName];`
`59`	`71`
`60`	`72`	`if (!$authenticatorName) {`
`61`	`73`	`$authenticatorIds = array_keys($firewallAuthenticatorLocator->getProvidedServices());`
`62`	`74`
`63`	`75`	`if (!$authenticatorIds) {`
`64`		`- throw new LogicException('No authenticator was found for the firewall "%s".');`
	`76`	`+ throw new LogicException(sprintf('No authenticator was found for the firewall "%s".', $firewallName));`
`65`	`77`	`}`
`66`		`-`
`67`	`78`	`if (1 < \count($authenticatorIds)) {`
`68`	`79`	`throw new LogicException(sprintf('Too much authenticators were found for the current firewall "%s". You must provide an instance of "%s" to login programmatically. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $authenticatorIds)));`
`69`	`80`	`}`
`70`	`81`
`71`	`82`	`return $firewallAuthenticatorLocator->get($authenticatorIds[0]);`
`72`	`83`	`}`
`73`		`- $authenticatorId = 'security.authenticator.'.$authenticatorName.'.'.$firewallName;`
`74`	`84`
`75`		`- if (!$firewallAuthenticatorLocator->has($authenticatorId)) {`
`76`		`- throw new LogicException(sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Try to pass a firewall name in the Security::login() method.', $authenticatorName, $firewallName));`
	`85`	`+ if ($firewallAuthenticatorLocator->has($authenticatorName)) {`
	`86`	`+ return $firewallAuthenticatorLocator->get($authenticatorName);`
`77`	`87`	`}`
`78`	`88`
`79`		`- return $firewallAuthenticatorLocator->get($authenticatorId);`
`80`		`- }`
`81`		`-`
`82`		`- private function getFirewallName(Request $request): string`
`83`		`- {`
`84`		`- $firewall = $this->container->get('security.firewall.map')->getFirewallConfig($request);`
	`89`	`+ $authenticatorId = 'security.authenticator.'.$authenticatorName.'.'.$firewallName;`
`85`	`90`
`86`		`- if (null === $firewall) {`
`87`		`- throw new LogicException('No firewall found as the current route is not covered by any firewall.');`
	`91`	`+ if (!$firewallAuthenticatorLocator->has($authenticatorId)) {`
	`92`	`+ throw new LogicException(sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Available authenticators: "%s".', $authenticatorName, implode('", "', $firewallAuthenticatorLocator->getProvidedServices())));`
`88`	`93`	`}`
`89`	`94`
`90`		`- return $firewall->getName();`
	`95`	`+ return $firewallAuthenticatorLocator->get($authenticatorId);`
`91`	`96`	`}`
`92`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+welcome:`
	`2`	`+ path: /welcome`
	`3`	`+ defaults: { _controller: Symfony\Bundle\SecurityBundle\Tests\Functional\WelcomeController::welcome }`