symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPass.php
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterGlobalSecurityEventListenersPass.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/LoginLinkFactory.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/LoginLinkFactory.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
Lines changed: 45 additions & 26 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
Lines changed: 45 additions & 26 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 3 additions & 2 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 3 additions & 2 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/LoginLink/FirewallAwareLoginLinkHandler.php
Lines changed: 7 additions & 25 deletions b/‎src/Symfony/Bundle/SecurityBundle/LoginLink/FirewallAwareLoginLinkHandler.php
Lines changed: 7 additions & 25 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/RememberMe/FirewallAwareRememberMeHandler.php
Lines changed: 56 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/RememberMe/FirewallAwareRememberMeHandler.php
Lines changed: 56 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php
Lines changed: 0 additions & 20 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php
Lines changed: 0 additions & 20 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_login_link.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_login_link.php
Lines changed: 1 addition & 1 deletion
@@ -21,6 +21,7 @@
 use Symfony\Component\Security\Http\Event\LoginFailureEvent;
 use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
 use Symfony\Component\Security\Http\Event\LogoutEvent;
+use Symfony\Component\Security\Http\Event\TokenDeauthenticatedEvent;
 use Symfony\Component\Security\Http\SecurityEvents;
 
 /**
@@ -44,6 +45,7 @@ class RegisterGlobalSecurityEventListenersPass implements CompilerPassInterface
         AuthenticationTokenCreatedEvent::class,
         AuthenticationSuccessEvent::class,
         InteractiveLoginEvent::class,
+        TokenDeauthenticatedEvent::class,
 
         // When events are registered by their name
         AuthenticationEvents::AUTHENTICATION_SUCCESS,
 
@@ -111,7 +111,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
 
         $signatureHasherId = 'security.authenticator.login_link_signature_hasher.'.$firewallName;
         $container
-            ->setDefinition($signatureHasherId, new ChildDefinition('security.authenticator.abstract_signature_hasher'))
+            ->setDefinition($signatureHasherId, new ChildDefinition('security.authenticator.abstract_login_link_signature_hasher'))
             ->replaceArgument(1, $config['signature_properties'])
             ->replaceArgument(3, $expiredStorageId ? new Reference($expiredStorageId) : null)
             ->replaceArgument(4, $config['max_uses'] ?? null)
 
@@ -12,10 +12,12 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
+use Symfony\Component\Config\FileLocator;
 use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
 use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Definition;
+use Symfony\Component\DependencyInjection\Loader\PhpFileLoader;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\Security\Http\EventListener\RememberMeLogoutListener;
@@ -94,31 +96,56 @@ public function create(ContainerBuilder $container, string $id, array $config, ?
 
     public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
     {
-        $templateId = $this->generateRememberMeServicesTemplateId($config, $firewallName);
-        $rememberMeServicesId = $templateId.'.'.$firewallName;
+        if (!$container->hasDefinition('security.authenticator.remember_me')) {
+            $loader = new PhpFileLoader($container, new FileLocator(\dirname(__DIR__).'/../../Resources/config'));
+            $loader->load('security_authenticator_remember_me.php');
+        }
 
-        // create remember me services (which manage the remember me cookies)
-        $this->createRememberMeServices($container, $firewallName, $templateId, [new Reference($userProviderId)], $config);
+        $options = $config + $this->options;
+
+        // create remember me handler (which manage the remember me cookies)
+        $rememberMeHandlerId = 'security.authenticator.remember_me_handler.'.$firewallName;
+        if (isset($options['service'])) {
+            $container->setDefinition($rememberMeHandlerId, $container->getDefinition($options['service']))
+                ->addTag('security.remember_me_handler', ['firewall' => $firewallName]);
+        } elseif (isset($options['token_provider'])) {
+            $container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.persistent_remember_me_handler'))
+                ->replaceArgument(0, new Reference($options['token_provider']))
+                ->replaceArgument(2, new Reference($userProviderId))
+                ->replaceArgument(4, $options)
+                ->addTag('security.remember_me_handler', ['firewall' => $firewallName]);
+        } else {
+            $signatureHasherId = 'security.authenticator.remember_me_signature_hasher.'.$firewallName;
+            $container->setDefinition($signatureHasherId, new ChildDefinition('security.authenticator.remember_me_signature_hasher'))
+                ->replaceArgument(1, $options['signature_properties'])
+            ;
+
+            $container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.signature_remember_me_handler'))
+                ->replaceArgument(0, new Reference($signatureHasherId))
+                ->replaceArgument(1, new Reference($userProviderId))
+                ->replaceArgument(3, $options)
+                ->addTag('security.remember_me_handler', ['firewall' => $firewallName]);
+        }
 
         // create remember me listener (which executes the remember me services for other authenticators and logout)
-        $this->createRememberMeListener($container, $firewallName, $rememberMeServicesId);
+        $rememberMeListenerId = 'security.listener.remember_me.'.$firewallName;
+        $container->setDefinition($rememberMeListenerId, new ChildDefinition('security.listener.remember_me'))
+            ->replaceArgument(0, new Reference($rememberMeHandlerId))
+            ->replaceArgument(1, array_intersect_key($options, ['always_remember_me' => true, 'remember_me_parameter' => true]))
+            ->addTag('kernel.event_subscriber', ['dispatcher' => 'security.event_dispatcher.'.$firewallName])
+        ;
 
         // create remember me authenticator (which re-authenticates the user based on the remember me cookie)
         $authenticatorId = 'security.authenticator.remember_me.'.$firewallName;
         $container
             ->setDefinition($authenticatorId, new ChildDefinition('security.authenticator.remember_me'))
-            ->replaceArgument(0, new Reference($rememberMeServicesId))
-            ->replaceArgument(3, array_intersect_key($config, $this->options))
+            ->replaceArgument(0, new Reference($rememberMeHandlerId))
+            ->replaceArgument(3, $config['name'] ?? $this->options['name'])
         ;
 
         foreach ($container->findTaggedServiceIds('security.remember_me_aware') as $serviceId => $attributes) {
             // register ContextListener
             if ('security.context_listener' === substr($serviceId, 0, 25)) {
-                $container
-                    ->getDefinition($serviceId)
-                    ->addMethodCall('setRememberMeServices', [new Reference($rememberMeServicesId)])
-                ;
-
                 continue;
             }
 
@@ -156,6 +183,12 @@ public function addConfiguration(NodeDefinition $node)
                 ->prototype('scalar')->end()
             ->end()
             ->booleanNode('catch_exceptions')->defaultTrue()->end()
+            ->arrayNode('signature_properties')
+                ->prototype('scalar')->end()
+                ->requiresAtLeastOneElement()
+                ->info('An array of properties on your User that are used to sign the rememberme cookie. If any of these change, all existing cookies will become invalid.')
+                ->example(['email', 'password'])
+            ->end()
         ;
 
         foreach ($this->options as $name => $value) {
@@ -216,18 +249,4 @@ private function createRememberMeServices(ContainerBuilder $container, string $i
 
         $rememberMeServices->replaceArgument(0, new IteratorArgument(array_unique($userProviders)));
     }
-
-    private function createRememberMeListener(ContainerBuilder $container, string $id, string $rememberMeServicesId): void
-    {
-        $container
-            ->setDefinition('security.listener.remember_me.'.$id, new ChildDefinition('security.listener.remember_me'))
-            ->addTag('kernel.event_subscriber', ['dispatcher' => 'security.event_dispatcher.'.$id])
-            ->replaceArgument(0, new Reference($rememberMeServicesId))
-        ;
-
-        $container
-            ->setDefinition('security.logout.listener.remember_me.'.$id, new Definition(RememberMeLogoutListener::class))
-            ->addTag('kernel.event_subscriber', ['dispatcher' => 'security.event_dispatcher.'.$id])
-            ->addArgument(new Reference($rememberMeServicesId));
-    }
 }
@@ -381,7 +381,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
         // Context serializer listener
         if (false === $firewall['stateless']) {
             $contextKey = $firewall['context'] ?? $id;
-            $listeners[] = new Reference($contextListenerId = $this->createContextListener($container, $contextKey));
+            $listeners[] = new Reference($contextListenerId = $this->createContextListener($container, $contextKey, $firewallEventDispatcherId));
             $sessionStrategyId = 'security.authentication.session_strategy';
 
             if ($this->authenticatorManagerEnabled) {
@@ -541,7 +541,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
         return [$matcher, $listeners, $exceptionListener, null !== $logoutListenerId ? new Reference($logoutListenerId) : null];
     }
 
-    private function createContextListener(ContainerBuilder $container, string $contextKey)
+    private function createContextListener(ContainerBuilder $container, string $contextKey, string $firewallEventDispatcherId)
     {
         if (isset($this->contextListeners[$contextKey])) {
             return $this->contextListeners[$contextKey];
@@ -550,6 +550,7 @@ private function createContextListener(ContainerBuilder $container, string $cont
         $listenerId = 'security.context_listener.'.\count($this->contextListeners);
         $listener = $container->setDefinition($listenerId, new ChildDefinition('security.context_listener'));
         $listener->replaceArgument(2, $contextKey);
+        $listener->addArgument(new Reference($firewallEventDispatcherId));
 
         return $this->contextListeners[$contextKey] = $listenerId;
     }
 
@@ -12,6 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\LoginLink;
 
 use Psr\Container\ContainerInterface;
+use Symfony\Bundle\SecurityBundle\Security\FirewallAwareTrait;
 use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
@@ -26,43 +27,24 @@
  */
 class FirewallAwareLoginLinkHandler implements LoginLinkHandlerInterface
 {
-    private $firewallMap;
-    private $loginLinkHandlerLocator;
-    private $requestStack;
+    private const FIREWALL_OPTION = 'login_link';
+
+    use FirewallAwareTrait;
 
     public function __construct(FirewallMap $firewallMap, ContainerInterface $loginLinkHandlerLocator, RequestStack $requestStack)
     {
         $this->firewallMap = $firewallMap;
-        $this->loginLinkHandlerLocator = $loginLinkHandlerLocator;
+        $this->locator = $loginLinkHandlerLocator;
         $this->requestStack = $requestStack;
     }
 
     public function createLoginLink(UserInterface $user): LoginLinkDetails
     {
-        return $this->getLoginLinkHandler()->createLoginLink($user);
+        return $this->getForFirewall()->createLoginLink($user);
     }
 
     public function consumeLoginLink(Request $request): UserInterface
     {
-        return $this->getLoginLinkHandler()->consumeLoginLink($request);
-    }
-
-    private function getLoginLinkHandler(): LoginLinkHandlerInterface
-    {
-        if (null === $request = $this->requestStack->getCurrentRequest()) {
-            throw new \LogicException('Cannot determine the correct LoginLinkHandler to use: there is no active Request and so, the firewall cannot be determined. Try using the specific login link handler service.');
-        }
-
-        $firewall = $this->firewallMap->getFirewallConfig($request);
-        if (!$firewall) {
-            throw new \LogicException('No login link handler found as the current route is not covered by a firewall.');
-        }
-
-        $firewallName = $firewall->getName();
-        if (!$this->loginLinkHandlerLocator->has($firewallName)) {
-            throw new \LogicException(sprintf('No login link handler found. Did you add a login_link key under your "%s" firewall?', $firewallName));
-        }
-
-        return $this->loginLinkHandlerLocator->get($firewallName);
+        return $this->getForFirewall()->consumeLoginLink($request);
     }
 }
@@ -0,0 +1,56 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Po
341A
tencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\RememberMe;
+
+use Psr\Container\ContainerInterface;
+use Symfony\Bundle\SecurityBundle\Security\FirewallAwareTrait;
+use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\RememberMe\RememberMeDetails;
+use Symfony\Component\Security\Http\RememberMe\RememberMeHandlerInterface;
+
+/**
+ * Decorates {@see RememberMeHandlerInterface} for the current firewall.
+ *
+ * @author Wouter de Jong <wouter@wouterj.nl>
+ *
+ * @experimental in 5.3
+ */
+final class FirewallAwareRememberMeHandler implements RememberMeHandlerInterface
+{
+    private const FIREWALL_OPTION = 'remember_me';
+
+    use FirewallAwareTrait;
+
+    public function __construct(FirewallMap $firewallMap, ContainerInterface $rememberMeHandlerLocator, RequestStack $requestStack)
+    {
+        $this->firewallMap = $firewallMap;
+        $this->locator = $rememberMeHandlerLocator;
+        $this->requestStack = $requestStack;
+    }
+
+    public function createRememberMeCookie(UserInterface $user): void
+    {
+        $this->getForFirewall()->createRememberMeCookie($user);
+    }
+
+    public function consumeRememberMeCookie(RememberMeDetails $rememberMeDetails): UserInterface
+    {
+        return $this->getForFirewall()->consumeRememberMeCookie($rememberMeDetails);
+    }
+
+    public function clearRememberMeCookie(): void
+    {
+        $this->getForFirewall()->clearRememberMeCookie();
+    }
+}
@@ -20,14 +20,12 @@
 use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\JsonLoginAuthenticator;
-use Symfony\Component\Security\Http\Authenticator\RememberMeAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\RemoteUserAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\X509Authenticator;
 use Symfony\Component\Security\Http\Event\CheckPassportEvent;
 use Symfony\Component\Security\Http\EventListener\CheckCredentialsListener;
 use Symfony\Component\Security\Http\EventListener\LoginThrottlingListener;
 use Symfony\Component\Security\Http\EventListener\PasswordMigratingListener;
-use Symfony\Component\Security\Http\EventListener\RememberMeListener;
 use Symfony\Component\Security\Http\EventListener\SessionStrategyListener;
 use Symfony\Component\Security\Http\EventListener\UserCheckerListener;
 use Symfony\Component\Security\Http\EventListener\UserProviderListener;
@@ -106,14 +104,6 @@
                 service('security.authentication.session_strategy'),
             ])
 
-        ->set('security.listener.remember_me', RememberMeListener::class)
-            ->abstract()
-            ->args([
-                abstract_arg('remember me services'),
-                service('logger')->nullOnInvalid(),
-            ])
-            ->tag('monolog.logger', ['channel' => 'security'])
-
         ->set('security.listener.login_throttling', LoginThrottlingListener::class)
             ->abstract()
             ->args([
@@ -153,16 +143,6 @@
             ])
             ->call('setTranslator', [service('translator')->ignoreOnInvalid()])
 
-        ->set('security.authenticator.remember_me', RememberMeAuthenticator::class)
-            ->abstract()
-            ->args([
-                abstract_arg('remember me services'),
-                param('kernel.secret'),
-                service('security.token_storage'),
-                abstract_arg('options'),
-                service('security.authentication.session_strategy'),
-            ])
-
         ->set('security.authenticator.x509', X509Authenticator::class)
             ->abstract()
             ->args([
 
@@ -39,7 +39,7 @@
                 abstract_arg('options'),
             ])
 
-        ->set('security.authenticator.abstract_signature_hasher', SignatureHasher::class)
+        ->set('security.authenticator.abstract_login_link_signature_hasher', SignatureHasher::class)
             ->args([
                 service('property_accessor'),
                 abstract_arg('signature properties'),