symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+17-4Lines changed: 17 additions & 4 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+17-4Lines changed: 17 additions & 4 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
+11-4Lines changed: 11 additions & 4 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
+11-4Lines changed: 11 additions & 4 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Security.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Security.php
+45-1Lines changed: 45 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/Security.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Security.php
+45-1Lines changed: 45 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Tests/SecurityTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/SecurityTest.php
+79-3Lines changed: 79 additions & 3 deletions b/‎src/Symfony/Component/Security/Core/Tests/SecurityTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/SecurityTest.php
+79-3Lines changed: 79 additions & 3 deletions
@@ -293,16 +293,25 @@ private function createFirewalls(array $config, ContainerBuilder $container)
 
         // load firewall map
         $mapDef = $container->getDefinition('security.firewall.map');
-        $map = $authenticationProviders = $contextRefs = [];
+        $map = $authenticationProviders = $contextRefs = $authenticators = [];
         foreach ($firewalls as $name => $firewall) {
             if (isset($firewall['user_checker']) && 'security.user_checker' !== $firewall['user_checker']) {
                 $customUserChecker = true;
             }
 
             $configId = 'security.firewall.map.config.'.$name;
 
-            [$matcher, $listeners, $exceptionListener, $logoutListener] = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);
+            [$matcher, $listeners, $exceptionListener, $logoutListener, $firewallAuthenticators] = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);
 
+            if (!$firewallAuthenticators) {
+                $authenticators[$name] = null;
+            } else {
+                $firewallAuthenticatorRefs = [];
+                foreach ($firewallAuthenticators as $authenticatorId) {
+                    $firewallAuthenticatorRefs[$authenticatorId] = new Reference($authenticatorId);
+                }
+                $authenticators[$name] = ServiceLocatorTagPass::register($container, $firewallAuthenticatorRefs);
+            }
             $contextId = 'security.firewall.map.context.'.$name;
             $isLazy = !$firewall['stateless'] && (!empty($firewall['anonymous']['lazy']) || $firewall['lazy']);
             $context = new ChildDefinition($isLazy ? 'security.firewall.lazy_context' : 'security.firewall.context');
@@ -317,6 +326,10 @@ private function createFirewalls(array $config, ContainerBuilder $container)
             $contextRefs[$contextId] = new Reference($contextId);
             $map[$contextId] = $matcher;
         }
+        $container
+            ->getDefinition('security.helper')
+            ->replaceArgument(1, $authenticators)
+        ;
 
         $container->setAlias('security.firewall.context_locator', (string) ServiceLocatorTagPass::register($container, $contextRefs));
 
@@ -362,7 +375,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
 
         // Security disabled?
         if (false === $firewall['security']) {
-            return [$matcher, [], null, null];
+            return [$matcher, [], null, null, []];
         }
 
         $config->replaceArgument(4, $firewall['stateless']);
@@ -565,7 +578,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
         $config->replaceArgument(10, $listenerKeys);
         $config->replaceArgument(11, $firewall['switch_user'] ?? null);
 
-        return [$matcher, $listeners, $exceptionListener, null !== $logoutListenerId ? new Reference($logoutListenerId) : null];
+        return [$matcher, $listeners, $exceptionListener, null !== $logoutListenerId ? new Reference($logoutListenerId) : null, $firewallAuthenticationProviders];
     }
 
     private function createContextListener(ContainerBuilder $container, string $contextKey, ?string $firewallEventDispatcherId)
 
@@ -87,10 +87,17 @@
         ->set('security.untracked_token_storage', TokenStorage::class)
 
         ->set('security.helper', Security::class)
-            ->args([service_locator([
-                'security.token_storage' => service('security.token_storage'),
-                'security.authorization_checker' => service('security.authorization_checker'),
-            ])])
+            ->args([
+                service_locator([
+                    'security.token_storage' => service('security.token_storage'),
+                    'security.authorization_checker' => service('security.authorization_checker'),
+                    'security.user_authenticator' => service('security.user_authenticator')->ignoreOnInvalid(),
+                    'request_stack' => service('request_stack'),
+                    'security.firewall.map' => service('security.firewall.map'),
+                    'security.user_checker' => service('security.user_checker'),
+                ]),
+                abstract_arg('authenticators'),
+            ])
         ->alias(Security::class, 'security.helper')
 
         ->set('security.user_value_resolver', UserValueResolver::class)
 
@@ -14,7 +14,10 @@
 use Psr\Container\ContainerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\Exception\LogicException;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
+use Symfony\Contracts\Service\ServiceProviderInterface;
 
 /**
  * Helper class for commonly-needed security tasks.
@@ -30,9 +33,15 @@ class Security implements AuthorizationCheckerInterface
 
     private $container;
 
-    public function __construct(ContainerInterface $container)
+    /**
+     * @param array<string, ServiceProviderInterface> $authenticators An array of authenticator service locator indexed by firewall name
+     */
+    private $authenticators;
+
+    public function __construct(ContainerInterface $container, array $authenticators = [])
     {
         $this->container = $container;
+        $this->authenticators = $authenticators;
     }
 
     public function getUser(): ?UserInterface
@@ -69,4 +78,39 @@ public function getToken(): ?TokenInterface
     {
         return $this->container->get('security.token_storage')->getToken();
     }
+
+    public function autoLogin(UserInterface $user, AuthenticatorInterface $authenticator = null, string $firewallName = null): void
+    {
+        $request = $this->container->get('request_stack')->getCurrentRequest();
+
+        if (null === $authenticator) {
+            if (null === $firewallName) {
+                $firewall = $this->container->get('security.firewall.map')->getFirewallConfig($request);
+
+                if (null === $firewall) {
+                    throw new LogicException('No firewall found as the current route is not covered by any firewall.');
+                }
+                $firewallName = $firewall->getName();
+            }
+
+            if (!isset($firewallName, $this->authenticators)) {
+                throw new LogicException(sprintf('No authenticators found for firewall "%s".', $firewallName));
+            }
+
+            /** @var ServiceProviderInterface $firewallAuthenticatorLocator */
+            $firewallAuthenticatorLocator = $this->authenticators[$firewallName];
+            $authenticatorIds = array_keys($firewallAuthenticatorLocator->getProvidedServices());
+
+            if (!$authenticatorIds) {
+                throw new LogicException('No authenticator was found for the firewall "%s".');
+            }
+
+            if (1 < \count($authenticatorIds)) {
+                throw new LogicException(sprintf('Too much authenticators were found for the current firewall "%s". You must provide an instance of "%s" to allow an auto login. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $authenticatorIds)));
+            }
+            $authenticator = $firewallAuthenticatorLocator->get($authenticatorIds[0]);
+        }
+        $this->container->get('security.user_checker')->checkPreAuth($user);
+        $this->container->get('security.user_authenticator')->authenticateUser($user, $authenticator, $request);
+    }
 }
@@ -13,12 +13,21 @@
 
 use PHPUnit\Framework\TestCase;
 use Psr\Container\ContainerInterface;
+use Symfony\Bundle\SecurityBundle\Security\FirewallConfig;
+use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
+use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
+use Symfony\Contracts\Service\ServiceProviderInterface;
 
 class SecurityTest extends TestCase
 {
@@ -33,7 +42,7 @@ public function testGetToken()
 
         $container = $this->createContainer('security.token_storage', $tokenStorage);
 
-        $security = new Security($container);
+        $security = new Security($container, []);
         $this->assertSame($token, $security->getToken());
     }
 
@@ -54,7 +63,7 @@ public function testGetUser($userInToken, $expectedUser)
 
         $container = $this->createContainer('security.token_storage', $tokenStorage);
 
-        $security = new Security($container);
+        $security = new Security($container, []);
         $this->assertSame($expectedUser, $security->getUser());
     }
 
@@ -81,10 +90,77 @@ public function testIsGranted()
 
         $container = $this->createContainer('security.authorization_checker', $authorizationChecker);
 
-        $security = new Security($container);
+        $security = new Security($container, []);
         $this->assertTrue($security->isGranted('SOME_ATTRIBUTE', 'SOME_SUBJECT'));
     }
 
+    public function testAutoLogin()
+    {
+        $request = new Request();
+        $authenticator = $this->createMock(AuthenticatorInterface::class);
+        $requestStack = $this->createMock(RequestStack::class);
+        $firewallMap = $this->createMock(FirewallMap::class);
+        $firewall = new FirewallConfig('main', 'main');
+        $userAuthenticator = $this->createMock(UserAuthenticatorInterface::class);
+        $user = $this->createMock(UserInterface::class);
+        $userChecker = $this->createMock(UserCheckerInterface::class);
+
+        $container = $this->createMock(ContainerInterface::class);
+        $container
+            ->expects($this->atLeastOnce())
+            ->method('get')
+            ->willReturnMap([
+                ['request_stack', $requestStack],
+                ['security.firewall.map', $firewallMap],
+                ['security.user_authenticator', $userAuthenticator],
+                ['security.user_checker', $userChecker],
+            ])
+        ;
+
+        $requestStack
+            ->expects($this->once())
+            ->method('getCurrentRequest')
+            ->willReturn($request)
+        ;
+
+        $firewallMap
+            ->expects($this->once())
+            ->method('getFirewallConfig')
+            ->willReturn($firewall)
+        ;
+        $userAuthenticator
+            ->expects($this->once())
+            ->method('authenticateUser')
+            ->with($user, $authenticator, $request)
+        ;
+        $userChecker
+            ->expects($this->once())
+            ->method('checkPreAuth')
+            ->with($user)
+        ;
+
+        $firewallAuthenticatorLocator = $this->createMock(ServiceProviderInterface::class);
+        $firewallAuthenticatorLocator
+            ->expects($this->once())
+            ->method('getProvidedServices')
+            ->willReturn([
+                'security.authenticator.custom.dev' => $authenticator,
+            ])
+        ;
+        $firewallAuthenticatorLocator
+            ->expects($this->once())
+            ->method('get')
+            ->with('security.authenticator.custom.dev')
+            ->willReturn($authenticator)
+        ;
+
+        $security = new Security($container, [
+            'main' => $firewallAuthenticatorLocator,
+        ]);
+
+        $security->autoLogin($user);
+    }
+
     private function createContainer($serviceId, $serviceObject)
     {
         $container = $this->createMock(ContainerInterface::class);