symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 23 additions & 14 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 23 additions & 14 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/GuardAuthenticationManager.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Core/Authentication/GuardAuthenticationManager.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticatorListenerTrait.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticatorListenerTrait.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProviderTrait.php
Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProviderTrait.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php
Lines changed: 11 additions & 3 deletions b/‎src/Symfony/Component/Security/Guard/Token/PreAuthenticationGuardToken.php
Lines changed: 11 additions & 3 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/GuardManagerListener.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Http/Firewall/GuardManagerListener.php
Lines changed: 1 addition & 1 deletion
@@ -269,19 +269,6 @@ private function createFirewalls(array $config, ContainerBuilder $container)
         if ($this->guardAuthenticationManagerEnabled) {
             $authenticationManagerId = 'security.authentication.manager.guard';
             $container->setAlias('security.authentication.manager', new Alias($authenticationManagerId));
-
-            // guard authentication manager listener
-            $container
-                ->setDefinition('security.firewall.guard.'.$name.'locator', new ChildDefinition('security.firewall.guard.locator'))
-                ->setArguments([$authenticationProviders])
-                ->addTag('container.service_locator')
-            ;
-            $container
-                ->setDefinition('security.firewall.guard.'.$name, new ChildDefinition('security.firewall.guard'))
-                ->replaceArgument(2, new Reference('security.firewall.guard.'.$name.'locator'))
-                ->replaceArgument(3, $name)
-                ->addTag('kernel.event_listener', ['event' => KernelEvents::REQUEST])
-            ;
         }
         $container
             ->getDefinition($authenticationManagerId)
@@ -431,7 +418,29 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
         $configuredEntryPoint = isset($firewall['entry_point']) ? $firewall['entry_point'] : null;
 
         // Authentication listeners
-        list($authListeners, $defaultEntryPoint) = $this->createAuthenticationListeners($container, $id, $firewall, $authenticationProviders, $defaultProvider, $providerIds, $configuredEntryPoint, $contextListenerId);
+        $firewallAuthenticationProviders = [];
+        list($authListeners, $defaultEntryPoint) = $this->createAuthenticationListeners($container, $id, $firewall, $firewallAuthenticationProviders, $defaultProvider, $providerIds, $configuredEntryPoint, $contextListenerId);
+
+        $authenticationProviders = array_merge($authenticationProviders, $firewallAuthenticationProviders);
+
+        if ($this->guardAuthenticationManagerEnabled) {
+            // guard authentication manager listener
+            $container
+                ->setDefinition('security.firewall.guard.'.$id.'.locator', new ChildDefinition('security.firewall.guard.locator'))
+                ->setArguments([array_map(function ($id) {
+                    return new Reference($id);
+                }, $firewallAuthenticationProviders)])
+                ->addTag('container.service_locator')
+            ;
+            $container
+                ->setDefinition('security.firewall.guard.'.$id, new ChildDefinition('security.firewall.guard'))
+                ->replaceArgument(2, new Reference('security.firewall.guard.'.$id.'.locator'))
+                ->replaceArgument(3, $id)
+                ->addTag('kernel.event_listener', ['event' => KernelEvents::REQUEST])
+            ;
+
+            $listeners[] = new Reference('security.firewall.guard.'.$id);
+        }
 
         $config->replaceArgument(7, $configuredEntryPoint ?: $defaultEntryPoint);
 
 
@@ -81,7 +81,7 @@ public function authenticate(TokenInterface $token)
         }
 
         try {
-            $result = $this->authenticateViaGuard($guard, $token);
+            $result = $this->authenticateViaGuard($guard, $token, $token->getProviderKey());
         } catch (AuthenticationException $exception) {
             $this->handleFailure($exception, $token);
         }
 
@@ -72,7 +72,7 @@ private function executeGuardAuthenticator(string $uniqueGuardKey, Authenticator
             }
 
             // create a token with the unique key, so that the provider knows which authenticator to use
-            $token = new PreAuthenticationGuardToken($credentials, $uniqueGuardKey);
+            $token = new PreAuthenticationGuardToken($credentials, $uniqueGuardKey, $this->providerKey);
 
             if (null !== $this->logger) {
                 $this->logger->debug('Passing guard token information to the GuardAuthenticationProvider', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]);
 
@@ -93,7 +93,7 @@ public function authenticate(TokenInterface $token)
             throw new AuthenticationException(sprintf('Token with provider key "%s" did not originate from any of the guard authenticators of provider "%s".', $token->getGuardProviderKey(), $this->providerKey));
         }
 
-        return $this->authenticateViaGuard($guardAuthenticator, $token);
+        return $this->authenticateViaGuard($guardAuthenticator, $token, $this->providerKey);
     }
 
     public function supports(TokenInterface $token)
 
@@ -28,7 +28,7 @@
  */
 trait GuardAuthenticationProviderTrait
 {
-    private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token): GuardTokenInterface
+    private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token, string $providerKey): TokenInterface
     {
         // get the user from the GuardAuthenticator
         $user = $guardAuthenticator->getUser($token->getCredentials(), $this->userProvider);
@@ -55,7 +55,7 @@ private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator
         $this->userChecker->checkPostAuth($user);
 
         // turn the UserInterface into a TokenInterface
-        $authenticatedToken = $guardAuthenticator->createAuthenticatedToken($user, $this->providerKey);
+        $authenticatedToken = $guardAuthenticator->createAuthenticatedToken($user, $providerKey);
         if (!$authenticatedToken instanceof TokenInterface) {
             throw new \UnexpectedValueException(sprintf('The "%s::createAuthenticatedToken()" method must return a TokenInterface. You returned "%s".', get_debug_type($guardAuthenticator), get_debug_type($authenticatedToken)));
         }
 
@@ -26,22 +26,30 @@ class PreAuthenticationGuardToken extends AbstractToken implements GuardTokenInt
 {
     private $credentials;
     private $guardProviderKey;
+    private $providerKey;
 
     /**
-     * @param mixed  $credentials
-     * @param string $guardProviderKey Unique key that bind this token to a specific AuthenticatorInterface
+     * @param mixed       $credentials
+     * @param string      $guardProviderKey Unique key that bind this token to a specific AuthenticatorInterface
+     * @param string|null $providerKey      The general provider key (when using with HTTP, this is the firewall name)
      */
-    public function __construct($credentials, string $guardProviderKey)
+    public function __construct($credentials, string $guardProviderKey, ?string $providerKey = null)
     {
         $this->credentials = $credentials;
         $this->guardProviderKey = $guardProviderKey;
+        $this->providerKey = $providerKey;
 
         parent::__construct([]);
 
         // never authenticated
         parent::setAuthenticated(false);
     }
 
+    public function getProviderKey(): ?string
+    {
+        return $this->providerKey;
+    }
+
     public function getGuardProviderKey()
     {
         return $this->guardProviderKey;
 
@@ -57,7 +57,7 @@ public function __invoke(RequestEvent $requestEvent)
 
     protected function getGuardKey(string $key): string
     {
-        // Guard authenticators in the GuardAuthenticationManager are already indexed
+        // Guard authenticators in the GuardManagerListener are already indexed
         // by an unique key
         return $key;
     }
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ public function authenticate(TokenInterface $token)`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`try {`
`84`		`- $result = $this->authenticateViaGuard($guard, $token);`
	`84`	`+ $result = $this->authenticateViaGuard($guard, $token, $token->getProviderKey());`
`85`	`85`	`} catch (AuthenticationException $exception) {`
`86`	`86`	`$this->handleFailure($exception, $token);`
`87`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ private function executeGuardAuthenticator(string $uniqueGuardKey, Authenticator`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`// create a token with the unique key, so that the provider knows which authenticator to use`
`75`		`- $token = new PreAuthenticationGuardToken($credentials, $uniqueGuardKey);`
	`75`	`+ $token = new PreAuthenticationGuardToken($credentials, $uniqueGuardKey, $this->providerKey);`
`76`	`76`
`77`	`77`	`if (null !== $this->logger) {`
`78`	`78`	`$this->logger->debug('Passing guard token information to the GuardAuthenticationProvider', ['firewall_key' => $this->providerKey, 'authenticator' => \get_class($guardAuthenticator)]);`
Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ public function authenticate(TokenInterface $token)`
`93`	`93`	`throw new AuthenticationException(sprintf('Token with provider key "%s" did not originate from any of the guard authenticators of provider "%s".', $token->getGuardProviderKey(), $this->providerKey));`
`94`	`94`	`}`
`95`	`95`
`96`		`- return $this->authenticateViaGuard($guardAuthenticator, $token);`
	`96`	`+ return $this->authenticateViaGuard($guardAuthenticator, $token, $this->providerKey);`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`public function supports(TokenInterface $token)`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@`
`28`	`28`	`*/`
`29`	`29`	`trait GuardAuthenticationProviderTrait`
`30`	`30`	`{`
`31`		`- private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token): GuardTokenInterface`
	`31`	`+ private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator, PreAuthenticationGuardToken $token, string $providerKey): TokenInterface`
`32`	`32`	`{`
`33`	`33`	`// get the user from the GuardAuthenticator`
`34`	`34`	`$user = $guardAuthenticator->getUser($token->getCredentials(), $this->userProvider);`
`@@ -55,7 +55,7 @@ private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator`
`55`	`55`	`$this->userChecker->checkPostAuth($user);`
`56`	`56`
`57`	`57`	`// turn the UserInterface into a TokenInterface`
`58`		`- $authenticatedToken = $guardAuthenticator->createAuthenticatedToken($user, $this->providerKey);`
	`58`	`+ $authenticatedToken = $guardAuthenticator->createAuthenticatedToken($user, $providerKey);`
`59`	`59`	`if (!$authenticatedToken instanceof TokenInterface) {`
`60`	`60`	`throw new \UnexpectedValueException(sprintf('The "%s::createAuthenticatedToken()" method must return a TokenInterface. You returned "%s".', get_debug_type($guardAuthenticator), get_debug_type($authenticatedToken)));`
`61`	`61`	`}`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ public function __invoke(RequestEvent $requestEvent)`
`57`	`57`
`58`	`58`	`protected function getGuardKey(string $key): string`
`59`	`59`	`{`
`60`		`- // Guard authenticators in the GuardAuthenticationManager are already indexed`
	`60`	`+ // Guard authenticators in the GuardManagerListener are already indexed`
`61`	`61`	`// by an unique key`
`62`	`62`	`return $key;`
`63`	`63`	`}`