symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Security.php
Lines changed: 20 additions & 6 deletions b/‎src/Symfony/Bundle/SecurityBundle/Security.php
Lines changed: 20 additions & 6 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/SecurityTest.php
Lines changed: 34 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/SecurityTest.php
Lines changed: 34 additions & 1 deletion
@@ -70,6 +70,9 @@ class Security extends InternalSecurity implements AuthorizationCheckerInterface
      */
     public const LAST_USERNAME = SecurityRequestAttributes::LAST_USERNAME;
 
+    /** @var string[] */
+    private const SECURITY_LOGIN_EXCLUSIONS = ['remember_me'];
+
     public function __construct(
         private readonly ContainerInterface $container,
         private readonly array $authenticators = [],
@@ -125,6 +128,10 @@ public function login(UserInterface $user, ?string $authenticatorName = null, ?s
             throw new LogicException('Unable to login as the current route is not covered by any firewall.');
         }
 
+        if (in_array($authenticatorName, self::SECURITY_LOGIN_EXCLUSIONS)) {
+            throw new LogicException(sprintf('The "%s" authenticator is not allowed to be used with the "%s" method. Use a different authenticator.', $authenticatorName, __METHOD__));
+        }
+
         $authenticator = $this->getAuthenticator($authenticatorName, $firewallName);
 
         $userCheckerLocator = $this->container->get('security.user_checker_locator');
@@ -188,16 +195,15 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa
         $firewallAuthenticatorLocator = $this->authenticators[$firewallName];
 
         if (!$authenticatorName) {
-            $authenticatorIds = array_keys($firewallAuthenticatorLocator->getProvidedServices());
-
-            if (!$authenticatorIds) {
+            $availableAuthenticators = $this->getAvailableAuthenticatorsForLogin($firewallAuthenticatorLocator, $firewallName);
+            if (!$availableAuthenticators) {
                 throw new LogicException(sprintf('No authenticator was found for the firewall "%s".', $firewallName));
             }
-            if (1 < \count($authenticatorIds)) {
-                throw new LogicException(sprintf('Too many authenticators were found for the current firewall "%s". You must provide an instance of "%s" to login programmatically. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $authenticatorIds)));
+            if (1 < \count($availableAuthenticators)) {
+                throw new LogicException(sprintf('Too many authenticators were found for the current firewall "%s". You must provide an instance of "%s" to login programmatically. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $availableAuthenticators)));
             }
 
-            return $firewallAuthenticatorLocator->get($authenticatorIds[0]);
+            return $firewallAuthenticatorLocator->get($availableAuthenticators[0]);
         }
 
         if ($firewallAuthenticatorLocator->has($authenticatorName)) {
@@ -212,4 +218,12 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa
 
         return $firewallAuthenticatorLocator->get($authenticatorId);
     }
+
+    private function getAvailableAuthenticatorsForLogin(ServiceProviderInterface $firewallAuthenticatorLocator, string $firewallName): array
+    {
+        $authenticatorIds = array_keys($firewallAuthenticatorLocator->getProvidedServices());
+        $excludedAuthenticatorIds = array_map(fn(string $exclusion) => 'security.authenticator.' . $exclusion . '.' . $firewallName, self::SECURITY_LOGIN_EXCLUSIONS);
+    
+        return array_values(array_diff($authenticatorIds, $excludedAuthenticatorIds));
+    }
 }
@@ -155,7 +155,10 @@ public function testLogin()
         $firewallAuthenticatorLocator
             ->expects($this->once())
             ->method('getProvidedServices')
-            ->willReturn(['security.authenticator.custom.dev' => $authenticator])
+            ->willReturn([
+                'security.authenticator.custom.dev' => $authenticator,
+                'security.authenticator.remember_me.main' => $authenticator
+            ])
         ;
         $firewallAuthenticatorLocator
             ->expects($this->once())
@@ -274,6 +277,36 @@ public function testLoginWithoutRequestContext()
         $security->login($user);
     }
 
+    public function testLoginWithExcludeAuthenticator()
+    {
+        $request = new Request();
+        $requestStack = $this->createMock(RequestStack::class);
+        $firewallMap = $this->createMock(FirewallMap::class);
+        $firewall = new FirewallConfig('main', 'main');
+        $user = $this->createMock(UserInterface::class);
+        $userChecker = $this->createMock(UserCheckerInterface::class);
+
+        $container = $this->createMock(ContainerInterface::class);
+        $container
+            ->expects($this->atLeastOnce())
+            ->method('get')
+            ->willReturnMap([
+                ['request_stack', $requestStack],
+                ['security.firewall.map', $firewallMap],
+                ['security.user_checker', $userChecker],
+            ])
+        ;
+
+        $requestStack->expects($this->once())->method('getCurrentRequest')->willReturn($request);
+        $firewallMap->expects($this->once())->method('getFirewallConfig')->willReturn($firewall);
+
+        $security = new Security($container, ['main' => null]);
+
+        $this->expectException(\LogicException::class);
+        $this->expectExceptionMessage('The "remember_me" authenticator is not allowed to be used with the "Symfony\Bundle\SecurityBundle\Security::login" method. Use a different authenticator.');
+        $security->login($user, 'remember_me');
+    }
+
     public function testLogout()
     {
         $request = new Request();