Merge branch '2.8' into 3.4

* 2.8:
  [travis][appveyor] use symfony/flex to accelerate builds
  [Security] Call AccessListener after LogoutListener

Author: nicolas-grekas

.travis.yml

@@ -59,7 +59,7 @@ before_install:
 
       if [[ $TRAVIS_PHP_VERSION = 5.* || $TRAVIS_PHP_VERSION = hhvm* ]]; then
           composer () {
-              $HOME/.phpenv/versions/7.1/bin/composer config platform.php $(echo ' <?php echo preg_replace("/-.*/", "", PHP_VERSION);' | php /dev/stdin)
+              $HOME/.phpenv/versions/7.1/bin/php $HOME/.phpenv/versions/7.1/bin/composer config platform.php $(echo ' <?php echo preg_replace("/-.*/", "", PHP_VERSION);' | php /dev/stdin)
               $HOME/.phpenv/versions/7.1/bin/php $HOME/.phpenv/versions/7.1/bin/composer $*
           }
           export -f composer
@@ -209,6 +209,15 @@ install:
           SYMFONY_VERSION=$(cat composer.json | grep '^ *"dev-master". *"[1-9]' | grep -o '[0-9.]*')
       fi
 
+    - |
+      # Install symfony/flex
+      if [[ $deps = low ]]; then
+          export SYMFONY_REQUIRE='>=2.3'
+      else
+          export SYMFONY_REQUIRE=">=$SYMFONY_VERSION"
+      fi
+      composer global require symfony/flex dev-master
+
     - |
       # Legacy tests are skipped when deps=high and when the current branch version has not the same major version number than the next one
       [[ $deps = high && ${SYMFONY_VERSION%.*} != $(git show $(git ls-remote --heads | grep -FA1 /$SYMFONY_VERSION | tail -n 1):composer.json | grep '^ *"dev-master". *"[1-9]' | grep -o '[0-9]*' | head -n 1) ]] && LEGACY=,legacy

appveyor.yml

@@ -10,6 +10,7 @@ init:
     - SET PATH=c:\php;%PATH%
     - SET COMPOSER_NO_INTERACTION=1
     - SET SYMFONY_DEPRECATIONS_HELPER=strict
+    - SET "SYMFONY_REQUIRE=>=3.4"
     - SET ANSICON=121x90 (121x90)
     - SET SYMFONY_PHPUNIT_VERSION=4.8
     - REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Command Processor" /v DelayedExpansion /t REG_DWORD /d 1 /f
@@ -48,9 +49,10 @@ install:
     - copy /Y php.ini-min php.ini
     - echo extension=php_openssl.dll >> php.ini
     - cd c:\projects\symfony
-    - IF NOT EXIST composer.phar (appveyor DownloadFile https://getcomposer.org/download/1.3.0/composer.phar)
+    - IF NOT EXIST composer.phar (appveyor DownloadFile https://github.com/composer/composer/releases/download/1.7.1/composer.phar)
     - php composer.phar self-update
     - copy /Y .composer\* %APPDATA%\Composer\
+    - php composer.phar global require --no-progress symfony/flex dev-master
     - php .github/build-packages.php "HEAD^" src\Symfony\Bridge\PhpUnit
     - IF %APPVEYOR_REPO_BRANCH%==master (SET COMPOSER_ROOT_VERSION=dev-master) ELSE (SET COMPOSER_ROOT_VERSION=%APPVEYOR_REPO_BRANCH%.x-dev)
     - php composer.phar config platform.php 5.5.9

src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php

@@ -49,4 +49,14 @@ public function testCsrfTokensAreClearedOnLogout()
 
         $this->assertFalse(static::$kernel->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo'));
     }
+
+    public function testAccessControlDoesNotApplyOnLogout()
+    {
+        $client = $this->createClient(array('test_case' => 'LogoutAccess', 'root_config' => 'config.yml'));
+
+        $client->request('POST', '/login', array('_username' => 'johannes', '_password' => 'test'));
+        $client->request('GET', '/logout');
+
+        $this->assertRedirect($client->getResponse(), '/');
+    }
 }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/bundles.php

@@ -0,0 +1,18 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Symfony\Bundle\FrameworkBundle\FrameworkBundle;
+use Symfony\Bundle\SecurityBundle\SecurityBundle;
+
+return array(
+    new FrameworkBundle(),
+    new SecurityBundle(),
+);

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/config.yml

@@ -0,0 +1,26 @@
+imports:
+- { resource: ./../config/framework.yml }
+
+security:
+    encoders:
+        Symfony\Component\Security\Core\User\User: plaintext
+
+    providers:
+        in_memory:
+            memory:
+                users:
+                    johannes: { password: test, roles: [ROLE_USER] }
+
+    firewalls:
+        default:
+            form_login:
+                check_path: login
+                remember_me: true
+                require_previous_session: false
+            logout: ~
+            anonymous: ~
+            stateless: true
+
+    access_control:
+        - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: .*, roles: IS_AUTHENTICATED_FULLY }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutAccess/routing.yml

@@ -0,0 +1,5 @@
+login:
+    path: /login
+
+logout:
+    path: /logout

src/Symfony/Bundle/SecurityBundle/composer.json

@@ -18,7 +18,7 @@
     "require": {
         "php": "^5.5.9|>=7.0.8",
         "ext-xml": "*",
-        "symfony/security": "~3.4.12|~4.0.12|^4.1.1",
+        "symfony/security": "~3.4.15|~4.0.15|^4.1.4",
         "symfony/dependency-injection": "^3.4.3|^4.0.3",
         "symfony/http-kernel": "~3.4|~4.0",
         "symfony/polyfill-php70": "~1.0"

src/Symfony/Component/Security/Http/Firewall.php

@@ -16,6 +16,7 @@
 use Symfony\Component\HttpKernel\Event\FinishRequestEvent;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpKernel\KernelEvents;
+use Symfony\Component\Security\Http\Firewall\AccessListener;
 
 /**
  * Firewall uses a FirewallMap to register security listeners for the given
@@ -49,20 +50,31 @@ public function onKernelRequest(GetResponseEvent $event)
         // register listeners for this firewall
         $listeners = $this->map->getListeners($event->getRequest());
 
-        $authenticationListeners = $listeners[0];
-        $exceptionListener = $listeners[1];
-        $logoutListener = isset($listeners[2]) ? $listeners[2] : null;
+        $accessListener = null;
+        $authenticationListeners = array();
 
-        if (null !== $exceptionListener) {
+        foreach ($listeners[0] as $listener) {
+            if ($listener instanceof AccessListener) {
+                $accessListener = $listener;
+            } else {
+                $authenticationListeners[] = $listener;
+            }
+        }
+
+        if (null !== $exceptionListener = $listeners[1]) {
             $this->exceptionListeners[$event->getRequest()] = $exceptionListener;
             $exceptionListener->register($this->dispatcher);
         }
 
-        $this->handleRequest($event, $authenticationListeners);
+        if (null !== $logoutListener = isset($listeners[2]) ? $listeners[2] : null) {
+            $authenticationListeners[] = $logoutListener;
+        }
 
-        if (null !== $logoutListener) {
-            $logoutListener->handle($event);
+        if (null !== $accessListener) {
+            $authenticationListeners[] = $accessListener;
         }
+
+        $this->handleRequest($event, $authenticationListeners);
     }
 
     public function onKernelFinishRequest(FinishRequestEvent $event)

src/Symfony/Component/Security/Http/Tests/FirewallTest.php

@@ -79,7 +79,7 @@ public function testOnKernelRequestStopsWhenThereIsAResponse()
             ->getMock()
         ;
         $event
-            ->expects($this->once())
+            ->expects($this->at(0))
             ->method('hasResponse')
             ->will($this->returnValue(true))
         ;