symfony
@@ -54,7 +54,7 @@ public function getProxyFactoryCode(Definition $definition, $id, $factoryCode =
         $instantiation = 'return';
 
         if ($definition->isShared()) {
-            $instantiation .= sprintf(' $this->%s[\'%s\'] =', $definition->isPublic() || !method_exists(ContainerBuilder::class, 'addClassResource') ? 'services' : 'privates', $id);
+            $instantiation .= sprintf(' $this->%s[\'%s\'] =', $definition->isPublic() && !$definition->isPrivate() ? 'services' : 'privates', $id);
         }
 
         if (null === $factoryCode) {
 
@@ -80,6 +80,34 @@ public function testGetProxyFactoryCode()
         );
     }
 
+    /**
+     * @dataProvider getPrivatePublicDefinitions
+     */
+    public function testCorrectAssigning(Definition $definition, $access)
+    {
+        $definition->setLazy(true);
+
+        $code = $this->dumper->getProxyFactoryCode($definition, 'foo', '$this->getFoo2Service(false)');
+
+        $this->assertStringMatchesFormat('%A$this->'.$access.'[\'foo\'] = %A', $code);
+    }
+
+    public function getPrivatePublicDefinitions()
+    {
+        return array(
+            array(
+                (new Definition(__CLASS__))
+                    ->setPublic(false),
+                'privates',
+            ),
+            array(
+                (new Definition(__CLASS__))
+                    ->setPublic(true),
+                'services',
+            ),
+        );
+    }
+
     /**
      * @expectedException \InvalidArgumentException
      * @expectedExceptionMessage Missing factory code to construct the service "foo".
 
@@ -0,0 +1,58 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\DependencyInjection\Compiler;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\TestServiceContainerWeakRefPass;
+use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\TestServiceContainerRealRefPass;
+use Symfony\Component\DependencyInjection\Argument\ServiceClosureArgument;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Compiler\PassConfig;
+use Symfony\Component\DependencyInjection\ServiceLocator;
+use Symfony\Component\DependencyInjection\Reference;
+
+class TestServiceContainerRefPassesTest extends TestCase
+{
+    public function testProcess()
+    {
+        $container = new ContainerBuilder();
+        $container->register('test.private_services_locator', ServiceLocator::class)
+            ->setPublic(true)
+            ->addArgument(0, array());
+
+        $container->addCompilerPass(new TestServiceContainerWeakRefPass(), PassConfig::TYPE_BEFORE_REMOVING, -32);
+        $container->addCompilerPass(new TestServiceContainerRealRefPass(), PassConfig::TYPE_AFTER_REMOVING);
+
+        $container->register('Test\public_service')
+            ->setPublic(true)
+            ->addArgument(new Reference('Test\private_used_shared_service'))
+            ->addArgument(new Reference('Test\private_used_non_shared_service'))
+        ;
+
+        $container->register('Test\private_used_shared_service');
+        $container->register('Test\private_unused_shared_service');
+        $container->register('Test\private_used_non_shared_service')->setShared(false);
+        $container->register('Test\private_unused_non_shared_service')->setShared(false);
+
+        $container->compile();
+
+        $expected = array(
+            'Test\private_used_shared_service' => new ServiceClosureArgument(new Reference('Test\private_used_shared_service')),
+            'Test\private_used_non_shared_service' => new ServiceClosureArgument(new Reference('Test\private_used_non_shared_service')),
+            'Psr\Container\ContainerInterface' => new ServiceClosureArgument(new Reference('service_container')),
+            'Symfony\Component\DependencyInjection\ContainerInterface' => new ServiceClosureArgument(new Reference('service_container')),
+        );
+        $this->assertEquals($expected, $container->getDefinition('test.private_services_locator')->getArgument(0));
+        $this->assertSame($container, $container->get('test.private_services_locator')->get('Psr\Container\ContainerInterface'));
+        $this->assertFalse($container->getDefinition('Test\private_used_non_shared_service')->isShared());
+    }
+}
@@ -19,7 +19,7 @@
         "php": "^7.1.3",
         "ext-xml": "*",
         "symfony/cache": "~3.4|~4.0",
-        "symfony/dependency-injection": "^4.1",
+        "symfony/dependency-injection": "^4.1.1",
         "symfony/config": "~3.4|~4.0",
         "symfony/event-dispatcher": "^4.1",
         "symfony/http-foundation": "^4.1",
 
@@ -45,6 +45,7 @@ class SecurityExtension extends Extension
     private $listenerPositions = array('pre_auth', 'form', 'http', 'remember_me');
     private $factories = array();
     private $userProviderFactories = array();
+    private $statelessFirewallKeys = array();
 
     public function __construct()
     {
@@ -104,6 +105,9 @@ public function load(array $configs, ContainerBuilder $container)
         $this->createAuthorization($config, $container);
         $this->createRoleHierarchy($config, $container);
 
+        $container->getDefinition('security.authentication.guard_handler')
+            ->replaceArgument(2, $this->statelessFirewallKeys);
+
         if ($config['encoders']) {
             $this->createEncoders($config['encoders'], $container);
         }
@@ -287,6 +291,7 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
             $listeners[] = new Reference($this->createContextListener($container, $contextKey));
             $sessionStrategyId = 'security.authentication.session_strategy';
         } else {
+            $this->statelessFirewallKeys[] = $id;
             $sessionStrategyId = 'security.authentication.session_strategy_noop';
         }
         $container->setAlias(new Alias('security.authentication.session_strategy.'.$id, false), $sessionStrategyId);
 
@@ -12,6 +12,10 @@
             >
             <argument type="service" id="security.token_storage" />
             <argument type="service" id="event_dispatcher" on-invalid="null" />
+            <argument /> <!-- stateless firewall keys -->
+            <call method="setSessionAuthenticationStrategy">
+                <argument type="service" id="security.authentication.session_strategy" />
+            </call>
         </service>
 
         <service id="Symfony\Component\Security\Guard\GuardAuthenticatorHandler" alias="security.authentication.guard_handler" />
 
@@ -123,6 +123,35 @@ public function testDisableRoleHierarchyVoter()
         $this->assertFalse($container->hasDefinition('security.access.role_hierarchy_voter'));
     }
 
+    public function testGuardHandlerIsPassedStatelessFirewalls()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', array(
+            'providers' => array(
+                'default' => array('id' => 'foo'),
+            ),
+
+            'firewalls' => array(
+                'some_firewall' => array(
+                    'pattern' => '^/admin',
+                    'http_basic' => null,
+                    'logout_on_user_change' => true,
+                ),
+                'stateless_firewall' => array(
+                    'pattern' => '/.*',
+                    'stateless' => true,
+                    'http_basic' => null,
                     'logout_on_user_change' => true,
+                ),
+            ),
+        ));
+
+        $container->compile();
+        $definition = $container->getDefinition('security.authentication.guard_handler');
+        $this->assertSame(array('stateless_firewall'), $definition->getArgument(2));
+    }
+
     public function testSwitchUserNotStatelessOnStatelessFirewall()
     {
         $container = $this->getRawContainer();
 
@@ -419,9 +419,10 @@
                     function(xhr, el) {
 
                         /* Evaluate in global scope scripts embedded inside the toolbar */
-                        eval.call({}, ([].slice.call(el.querySelectorAll('script')).map(function (script) {
-                          return script.firstChild.nodeValue;
-                        }).join(';\n')));
+                        var i, scripts = [].slice.call(el.querySelectorAll('script'));
+                        for (i = 0; i < scripts.length; ++i) {
+                            eval.call({}, scripts[i].firstChild.nodeValue);
+                        }
 
                         el.style.display = -1 !== xhr.responseText.indexOf('sf-toolbarreset') ? 'block' : 'none';
 
@@ -440,7 +441,7 @@
                         }
 
                         /* Handle toolbar-info position */
-                        var i, toolbarBlocks = [].slice.call(el.querySelectorAll('.sf-toolbar-block'));
+                        var toolbarBlocks = [].slice.call(el.querySelectorAll('.sf-toolbar-block'));
                         for (i = 0; i < toolbarBlocks.length; ++i) {
                             toolbarBlocks[i].onmouseover = function () {
                                 var toolbarInfo = this.querySelectorAll('.sf-toolbar-info')[0];
 
@@ -197,7 +197,7 @@ protected function doHave($id)
     protected function doClear($namespace)
     {
         // When using a native Redis cluster, clearing the cache is done by versioning in AbstractTrait::clear().
-        // This means old keys are not really removed until they expire and may need gargage collection.
+        // This means old keys are not really removed until they expire and may need garbage collection.
 
         $cleared = true;
         $hosts = array($this->redis);
 
@@ -162,6 +162,12 @@ private function isInlineableDefinition($id, Definition $definition)
         }
 
         if (!$definition->isShared()) {
+            foreach ($graph->getNode($id)->getInEdges() as $edge) {
+                if ($edge->isWeak()) {
+                    return false;
+                }
+            }
+
             return true;
         }
 
 
@@ -126,7 +126,7 @@ private function executeGuardAuthenticator($uniqueGuardKey, AuthenticatorInterfa
             }
 
             // sets the token on the token storage, etc
-            $this->guardHandler->authenticateWithToken($token, $request);
+            $this->guardHandler->authenticateWithToken($token, $request, $this->providerKey);
         } catch (AuthenticationException $e) {
             // oh no! Authentication failed!
 
 
@@ -37,19 +37,28 @@ class GuardAuthenticatorHandler
     private $tokenStorage;
     private $dispatcher;
     private $sessionStrategy;
+    private $statelessProviderKeys;
 
-    public function __construct(TokenStorageInterface $tokenStorage, EventDispatcherInterface $eventDispatcher = null)
+    /**
+     * @param array $statelessProviderKeys An array of provider/firewall keys that are "stateless" and so do not need the session migrated on success
+     */
+    public function __construct(TokenStorageInterface $tokenStorage, EventDispatcherInterface $eventDispatcher = null, array $statelessProviderKeys = array())
     {
         $this->tokenStorage = $tokenStorage;
         $this->dispatcher = $eventDispatcher;
+        $this->statelessProviderKeys = $statelessProviderKeys;
     }
 
     /**
      * Authenticates the given token in the system.
+     *
+     * @param string $providerKey The name of the provider/firewall being used for authentication
      */
-    public function authenticateWithToken(TokenInterface $token, Request $request)
+    public function authenticateWithToken(TokenInterface $token, Request $request/*, string $providerKey */)
     {
-        $this->migrateSession($request, $token);
+        $providerKey = \func_num_args() > 2 ? func_get_arg(2) : null;
+
+        $this->migrateSession($request, $token, $providerKey);
         $this->tokenStorage->setToken($token);
 
         if (null !== $this->dispatcher) {
@@ -86,7 +95,7 @@ public function authenticateUserAndHandleSuccess(UserInterface $user, Request $r
         // create an authenticated token for the User
         $token = $authenticator->createAuthenticatedToken($user, $providerKey);
         // authenticate this in the system
-        $this->authenticateWithToken($token, $request);
+        $this->authenticateWithToken($token, $request, $providerKey);
 
         // return the success metric
         return $this->handleAuthenticationSuccess($token, $request, $authenticator, $providerKey);
@@ -121,9 +130,9 @@ public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyIn
         $this->sessionStrategy = $sessionStrategy;
     }
 
-    private function migrateSession(Request $request, TokenInterface $token)
+    private function migrateSession(Request $request, TokenInterface $token, $providerKey)
     {
-        if (!$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession()) {
+        if (!$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession() || \in_array($providerKey, $this->statelessProviderKeys, true)) {
             return;
         }
 
 
@@ -144,6 +144,18 @@ public function testSessionStrategyIsCalled()
         $handler->authenticateWithToken($this->token, $this->request);
     }
 
+    public function testSessionStrategyIsNotCalledWhenStateless()
+    {
+        $this->configurePreviousSession();
+
+        $this->sessionStrategy->expects($this->never())
+            ->method('onAuthentication');
+
+        $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher, array('some_provider_key'));
+        $handler->setSessionAuthenticationStrategy($this->sessionStrategy);
+        $handler->authenticateWithToken($this->token, $this->request, 'some_provider_key');
+    }
+
     protected function setUp()
     {
         $this->tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
 
@@ -29,30 +29,12 @@ class SplCaster
 
     public static function castArrayObject(\ArrayObject $c, array $a, Stub $stub, $isNested)
     {
-        $prefix = Caster::PREFIX_VIRTUAL;
-        $class = $stub->class;
-        $flags = $c->getFlags();
-
-        $b = array(
-            $prefix.'flag::STD_PROP_LIST' => (bool) ($flags & \ArrayObject::STD_PROP_LIST),
-            $prefix.'flag::ARRAY_AS_PROPS' => (bool) ($flags & \ArrayObject::ARRAY_AS_PROPS),
-            $prefix.'iteratorClass' => new ClassStub($c->getIteratorClass()),
-            $prefix.'storage' => $c->getArrayCopy(),
-        );
-
-        if ('ArrayObject' === $class) {
-            $a = $b;
-        } else {
-            if (!($flags & \ArrayObject::STD_PROP_LIST)) {
-                $c->setFlags(\ArrayObject::STD_PROP_LIST);
-                $a = Caster::castObject($c, $class);
-                $c->setFlags($flags);
-            }
-
-            $a += $b;
-        }
+        return self::castSplArray($c, $a, $stub, $isNested);
+    }
 
-        return $a;
+    public static function castArrayIterator(\ArrayIterator $c, array $a, Stub $stub, $isNested)
+    {
+        return self::castSplArray($c, $a, $stub, $isNested);
     }
 
     public static function castHeap(\Iterator $c, array $a, Stub $stub, $isNested)
@@ -186,7 +168,7 @@ public static function castObjectStorage(\SplObjectStorage $c, array $a, Stub $s
 
         $clone = clone $c;
         foreach ($clone as $obj) {
-            $storage[spl_object_hash($obj)] = array(
+            $storage[] = array(
                 'object' => $obj,
                 'info' => $clone->getInfo(),
              );
@@ -205,4 +187,27 @@ public static function castOuterIterator(\OuterIterator $c, array $a, Stub $stub
 
         return $a;
     }
+
+    private static function castSplArray($c, array $a, Stub $stub, $isNested)
+    {
+        $prefix = Caster::PREFIX_VIRTUAL;
+        $class = $stub->class;
+        $flags = $c->getFlags();
+
+        if (!($flags & \ArrayObject::STD_PROP_LIST)) {
+            $c->setFlags(\ArrayObject::STD_PROP_LIST);
+            $a = Caster::castObject($c, $class);
+            $c->setFlags($flags);
+        }
+        $a += array(
+            $prefix.'flag::STD_PROP_LIST' => (bool) ($flags & \ArrayObject::STD_PROP_LIST),
+            $prefix.'flag::ARRAY_AS_PROPS' => (bool) ($flags & \ArrayObject::ARRAY_AS_PROPS),
+        );
+        if ($c instanceof \ArrayObject) {
+            $a[$prefix.'iteratorClass'] = new ClassStub($c->getIteratorClass());
+        }
+        $a[$prefix.'storage'] = $c->getArrayCopy();
+
+        return $a;
+    }
 }
@@ -95,6 +95,7 @@ abstract class AbstractCloner implements ClonerInterface
         'AMQPEnvelope' => array('Symfony\Component\VarDumper\Caster\AmqpCaster', 'castEnvelope'),
 
         'ArrayObject' => array('Symfony\Component\VarDumper\Caster\SplCaster', 'castArrayObject'),
+        'ArrayIterator' => array('Symfony\Component\VarDumper\Caster\SplCaster', 'castArrayIterator'),
         'SplDoublyLinkedList' => array('Symfony\Component\VarDumper\Caster\SplCaster', 'castDoublyLinkedList'),
         'SplFileInfo' => array('Symfony\Component\VarDumper\Caster\SplCaster', 'castFileInfo'),
         'SplFileObject' => array('Symfony\Component\VarDumper\Caster\SplCaster', 'castFileObject'),
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public function getProxyFactoryCode(Definition $definition, $id, $factoryCode =`
`54`	`54`	`$instantiation = 'return';`
`55`	`55`
`56`	`56`	`if ($definition->isShared()) {`
`57`		`- $instantiation .= sprintf(' $this->%s[\'%s\'] =', $definition->isPublic() \|\| !method_exists(ContainerBuilder::class, 'addClassResource') ? 'services' : 'privates', $id);`
	`57`	`+ $instantiation .= sprintf(' $this->%s[\'%s\'] =', $definition->isPublic() && !$definition->isPrivate() ? 'services' : 'privates', $id);`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`if (null === $factoryCode) {`
Original file line number	Diff line number	Diff line change
`@@ -197,7 +197,7 @@ protected function doHave($id)`
`197`	`197`	`protected function doClear($namespace)`
`198`	`198`	`{`
`199`	`199`	`// When using a native Redis cluster, clearing the cache is done by versioning in AbstractTrait::clear().`
`200`		`- // This means old keys are not really removed until they expire and may need gargage collection.`
	`200`	`+ // This means old keys are not really removed until they expire and may need garbage collection.`
`201`	`201`
`202`	`202`	`$cleared = true;`
`203`	`203`	`$hosts = array($this->redis);`
Original file line number	Diff line number	Diff line change
`@@ -162,6 +162,12 @@ private function isInlineableDefinition($id, Definition $definition)`
`162`	`162`	`}`
`163`	`163`
`164`	`164`	`if (!$definition->isShared()) {`
	`165`	`+ foreach ($graph->getNode($id)->getInEdges() as $edge) {`
	`166`	`+ if ($edge->isWeak()) {`
	`167`	`+ return false;`
	`168`	`+ }`
	`169`	`+ }`
	`170`	`+`
`165`	`171`	`return true;`
`166`	`172`	`}`
`167`	`173`
Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,7 @@ private function executeGuardAuthenticator($uniqueGuardKey, AuthenticatorInterfa`
`126`	`126`	`}`
`127`	`127`
`128`	`128`	`// sets the token on the token storage, etc`
`129`		`- $this->guardHandler->authenticateWithToken($token, $request);`
	`129`	`+ $this->guardHandler->authenticateWithToken($token, $request, $this->providerKey);`
`130`	`130`	`} catch (AuthenticationException $e) {`
`131`	`131`	`// oh no! Authentication failed!`
`132`	`132`