symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 12 additions & 4 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 12 additions & 4 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
Lines changed: 11 additions & 4 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
Lines changed: 11 additions & 4 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Security.php
Lines changed: 40 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/Security.php
Lines changed: 40 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Tests/SecurityTest.php
Lines changed: 63 additions & 3 deletions b/‎src/Symfony/Component/Security/Core/Tests/SecurityTest.php
Lines changed: 63 additions & 3 deletions
@@ -42,6 +42,7 @@
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Encoder\NativePasswordEncoder;
 use Symfony\Component\Security\Core\Encoder\SodiumPasswordEncoder;
+use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\ChainUserProvider;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -293,16 +294,19 @@ private function createFirewalls(array $config, ContainerBuilder $container)
 
         // load firewall map
         $mapDef = $container->getDefinition('security.firewall.map');
-        $map = $authenticationProviders = $contextRefs = [];
+        $map = $authenticationProviders = $contextRefs = $authenticators = [];
         foreach ($firewalls as $name => $firewall) {
             if (isset($firewall['user_checker']) && 'security.user_checker' !== $firewall['user_checker']) {
                 $customUserChecker = true;
             }
 
             $configId = 'security.firewall.map.config.'.$name;
 
-            [$matcher, $listeners, $exceptionListener, $logoutListener] = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);
+            [$matcher, $listeners, $exceptionListener, $logoutListener, $firewallAuthenticators] = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);
 
+            $authenticators[$name] = array_map(function ($serviceId) {
+                return new Reference($serviceId);
+            }, $firewallAuthenticators);
             $contextId = 'security.firewall.map.context.'.$name;
             $isLazy = !$firewall['stateless'] && (!empty($firewall['anonymous']['lazy']) || $firewall['lazy']);
             $context = new ChildDefinition($isLazy ? 'security.firewall.lazy_context' : 'security.firewall.context');
@@ -317,6 +321,10 @@ private function createFirewalls(array $config, ContainerBuilder $container)
             $contextRefs[$contextId] = new Reference($contextId);
             $map[$contextId] = $matcher;
         }
+        $container
+            ->getDefinition('security.helper')
+            ->replaceArgument(0, $authenticators)
+        ;
 
         $container->setAlias('security.firewall.context_locator', (string) ServiceLocatorTagPass::register($container, $contextRefs));
 
@@ -362,7 +370,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
 
         // Security disabled?
         if (false === $firewall['security']) {
-            return [$matcher, [], null, null];
+            return [$matcher, [], null, null, []];
         }
 
         $config->replaceArgument(4, $firewall['stateless']);
@@ -565,7 +573,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
         $config->replaceArgument(10, $listenerKeys);
         $config->replaceArgument(11, $firewall['switch_user'] ?? null);
 
-        return [$matcher, $listeners, $exceptionListener, null !== $logoutListenerId ? new Reference($logoutListenerId) : null];
+        return [$matcher, $listeners, $exceptionListener, null !== $logoutListenerId ? new Reference($logoutListenerId) : null, $firewallAuthenticationProviders];
     }
 
     private function createContextListener(ContainerBuilder $container, string $contextKey, ?string $firewallEventDispatcherId)
 
@@ -87,10 +87,17 @@
         ->set('security.untracked_token_storage', TokenStorage::class)
 
         ->set('security.helper', Security::class)
-            ->args([service_locator([
-                'security.token_storage' => service('security.token_storage'),
-                'security.authorization_checker' => service('security.authorization_checker'),
-            ])])
+            ->args([
+                abstract_arg('authenticators'),
+                service_locator([
+                    'security.token_storage' => service('security.token_storage'),
+                    'security.authorization_checker' => service('security.authorization_checker'),
+                    'security.user_authenticator' => service('security.user_authenticator'),
+                    'request_stack' => service('request_stack'),
+                    'security.firewall.map' => service('security.firewall.map'),
+                    'security.user_checker' => service('security.user_checker'),
+                ]),
+            ])
         ->alias(Security::class, 'security.helper')
 
         ->set('security.user_value_resolver', UserValueResolver::class)
 
@@ -14,7 +14,9 @@
 use Psr\Container\ContainerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\Exception\LogicException;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
 
 /**
  * Helper class for commonly-needed security tasks.
@@ -30,8 +32,14 @@ class Security implements AuthorizationCheckerInterface
 
     private $container;
 
-    public function __construct(ContainerInterface $container)
+    /**
+     * @var array
+     */
+    private $authenticators;
+
+    public function __construct(array $authenticators, ContainerInterface $container)
     {
+        $this->authenticators = $authenticators;
         $this->container = $container;
     }
 
@@ -69,4 +77,35 @@ public function getToken(): ?TokenInterface
     {
         return $this->container->get('security.token_storage')->getToken();
     }
+
+    public function autoLogin(UserInterface $user, AuthenticatorInterface $authenticator = null): void
+    {
+        $request = $this->container->get('request_stack')->getCurrentRequest();
+
+        if (null === $authenticator) {
+            $firewall = $this->container->get('security.firewall.map')->getFirewallConfig($request);
+
+            if (null === $firewall) {
+                throw new LogicException('No firewall found as the current route is not covered by any firewall.');
+            }
+            $firewallName = $firewall->getName();
+
+            if (!\array_key_exists($firewallName, $this->authenticators) || 0 === \count($this->authenticators[$firewallName])) {
+                throw new LogicException(sprintf('No authenticators found for the firewall "%s".', $firewallName));
+            }
+            $firewallAuthenticators = $this->authenticators[$firewallName];
+
+            if (0 === \count($firewallAuthenticators)) {
+                throw new LogicException('No authenticator was found for the firewall "%s".');
+            }
+
+            if (\count($firewallAuthenticators) > 1) {
+                throw new LogicException('Too much authenticators were found for the firewall "%s". You must provide an instance of '.AuthenticatorInterface::class.' to allow an auto login');
+            }
+            $authenticator = array_pop($firewallAuthenticators);
+        }
+        // Throw the exception if any pre-auth check does not pass
+        $this->container->get('security.user_checker')->checkPreAuth($user);
+        $this->container->get('security.user_authenticator')->authenticateUser($user, $authenticator, $request);
+    }
 }
@@ -13,12 +13,20 @@
 
 use PHPUnit\Framework\TestCase;
 use Psr\Container\ContainerInterface;
+use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
+use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
+use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
 
 class SecurityTest extends TestCase
 {
@@ -33,7 +41,7 @@ public function testGetToken()
 
         $container = $this->createContainer('security.token_storage', $tokenStorage);
 
-        $security = new Security($container);
+        $security = new Security([], $container);
         $this->assertSame($token, $security->getToken());
     }
 
@@ -54,7 +62,7 @@ public function testGetUser($userInToken, $expectedUser)
 
         $container = $this->createContainer('security.token_storage', $tokenStorage);
 
-        $security = new Security($container);
+        $security = new Security([], $container);
         $this->assertSame($expectedUser, $security->getUser());
     }
 
@@ -81,10 +89,62 @@ public function testIsGranted()
 
         $container = $this->createContainer('security.authorization_checker', $authorizationChecker);
 
-        $security = new Security($container);
+        $security = new Security([], $container);
         $this->assertTrue($security->isGranted('SOME_ATTRIBUTE', 'SOME_SUBJECT'));
     }
 
+    public function testAutoLogin()
+    {
+        $request = new Request();
+        $authenticator = $this->createMock(AuthenticatorInterface::class);
+        $requestStack = $this->createMock(RequestStack::class);
+        $firewallMap = $this->createMock(FirewallMap::class);
+        $firewall = new FirewallConfig('main', 'main');
+        $userAuthenticator = $this->createMock(UserAuthenticatorInterface::class);
+        $user = $this->createMock(UserInterface::class);
+        $userChecker = $this->createMock(UserCheckerInterface::class);
+
+        $container = $this->createMock(ContainerInterface::class);
+        $container
+            ->expects($this->atLeastOnce())
+            ->method('get')
+            ->willReturnMap([
+                ['request_stack', $requestStack],
+                ['security.firewall.map', $firewallMap],
+                ['security.user_authenticator', $userAuthenticator],
+                ['security.user_checker', $userChecker],
+            ])
+        ;
+
+        $requestStack
+            ->expects($this->once())
+            ->method('getCurrentRequest')
+            ->willReturn($request)
+        ;
+
+        $firewallMap
+            ->expects($this->once())
+            ->method('getFirewallConfig')
+            ->willReturn($firewall)
+        ;
+        $userAuthenticator
+            ->expects($this->once())
+            ->method('authenticateUser')
+            ->with($user, $authenticator, $request)
+        ;
+        $userChecker
+            ->expects($this->once())
+            ->method('checkPreAuth')
+            ->with($user)
+        ;
+
+        $security = new Security([
+            'main' => [$authenticator],
+        ], $container);
+
+        $security->autoLogin($user);
+    }
+
     private function createContainer($serviceId, $serviceObject)
     {
         $container = $this->createMock(ContainerInterface::class);