Merge branch '5.4' into 6.0

* 5.4:
  [Security][WIP] Add authenticators info to the profiler
  [Translation] Use symfony default locale when pulling translations from providers
  added missing translations for Bosnian (bs)
  Add the missing greek translations for security core and validator component
  [HttpKernel] Fix return types in `EventDataCollector`
  Do not call substr_count() if ip is null to avoid deprecation warning in PHP 8.1
  [Security][Validator] Add missing translations for Slovenian (sl)
  [Messenger] Add worker metadata inside logs
  [Messenger] Log when worker should stop and when `SIGTERM` is received
  cs fix
  [Security][Validator] Add missing translations for Finnish (fi)
  [VarDumper] returns a 500 when dd() is executed
  chore(VarDumper): declare that dd() never returns
  [MonologBridge] Deprecate the Swiftmailer handler
  [Cache] Commit items implicitly only when deferred keys are requested
  [MonologBridge] Deprecates ResetLoggersWorkerSubscriber
  Fix "can not" spelling
  [HttpClient] fix missing kernel.reset tag on TraceableHttpClient services
  [Form] Fix ChoiceType Extension to effectively set and use the translator
  Added new CssColor constraint

Author: chalasr

CHANGELOG.md

@@ -16,6 +16,7 @@ CHANGELOG
 5.4
 ---
 
+ * Deprecate `FirewallConfig::getListeners()`, use `FirewallConfig::getAuthenticators()` instead
  * Deprecate `security.authentication.basic_entry_point` and `security.authentication.retry_entry_point` services, the logic is moved into the
    `HttpBasicAuthenticator` and `ChannelListener` respectively
  * Deprecate `FirewallConfig::allowsAnonymous()` and the `allows_anonymous` from the data collector data, there will be no anonymous concept as of version 6.

DataCollector/SecurityDataCollector.php

@@ -184,7 +184,7 @@ public function collect(Request $request, Response $response, \Throwable $except
                     'access_denied_handler' => $firewallConfig->getAccessDeniedHandler(),
                     'access_denied_url' => $firewallConfig->getAccessDeniedUrl(),
                     'user_checker' => $firewallConfig->getUserChecker(),
-                    'listeners' => $firewallConfig->getListeners(),
+                    'authenticators' => $firewallConfig->getAuthenticators(),
                 ];
 
                 // generate exit impersonation path from current request
@@ -203,6 +203,8 @@ public function collect(Request $request, Response $response, \Throwable $except
         if ($this->firewall) {
             $this->data['listeners'] = $this->firewall->getWrappedListeners();
         }
+
+        $this->data['authenticators'] = $this->firewall ? $this->firewall->getAuthenticatorsInfo() : [];
     }
 
     /**
@@ -345,6 +347,11 @@ public function getListeners(): array|Data
         return $this->data['listeners'];
     }
 
+    public function getAuthenticators(): array|Data
+    {
+        return $this->data['authenticators'];
+    }
+
     /**
      * {@inheritdoc}
      */

Debug/Authenticator/TraceableAuthenticator.php

@@ -0,0 +1,104 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Debug\Authenticator;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
+use Symfony\Component\Security\Http\Authenticator\InteractiveAuthenticatorInterface;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
+use Symfony\Component\Security\Http\EntryPoint\Exception\NotAnEntryPointException;
+use Symfony\Component\VarDumper\Caster\ClassStub;
+
+/**
+ * @author Robin Chalas <robin.chalas@gmail.com>
+ *
+ * @internal
+ */
+final class TraceableAuthenticator implements AuthenticatorInterface, InteractiveAuthenticatorInterface, AuthenticationEntryPointInterface
+{
+    private $authenticator;
+    private $passport;
+    private $duration;
+    private $stub;
+
+    public function __construct(AuthenticatorInterface $authenticator)
+    {
+        $this->authenticator = $authenticator;
+    }
+
+    public function getInfo(): array
+    {
+        return [
+            'supports' => true,
+            'passport' => $this->passport,
+            'duration' => $this->duration,
+            'stub' => $this->stub ?? $this->stub = new ClassStub(\get_class($this->authenticator)),
+        ];
+    }
+
+    public function supports(Request $request): ?bool
+    {
+        return $this->authenticator->supports($request);
+    }
+
+    public function authenticate(Request $request): Passport
+    {
+        $startTime = microtime(true);
+        $this->passport = $this->authenticator->authenticate($request);
+        $this->duration = microtime(true) - $startTime;
+
+        return $this->passport;
+    }
+
+    public function createToken(Passport $passport, string $firewallName): TokenInterface
+    {
+        return method_exists($this->authenticator, 'createToken') ? $this->authenticator->createToken($passport, $firewallName) : $this->authenticator->createAuthenticatedToken($passport, $firewallName);
+    }
+
+    public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
+    {
+        return $this->authenticator->createAuthenticatedToken($passport, $firewallName);
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
+    {
+        return $this->authenticator->onAuthenticationSuccess($request, $token, $firewallName);
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+        return $this->authenticator->onAuthenticationFailure($request, $exception);
+    }
+
+    public function start(Request $request, AuthenticationException $authException = null): Response
+    {
+        if (!$this->authenticator instanceof AuthenticationEntryPointInterface) {
+            throw new NotAnEntryPointException();
+        }
+
+        return $this->authenticator->start($request, $authException);
+    }
+
+    public function isInteractive(): bool
+    {
+        return $this->authenticator instanceof InteractiveAuthenticatorInterface && $this->authenticator->isInteractive();
+    }
+
+    public function __call($method, $args)
+    {
+        return $this->authenticator->{$method}(...$args);
+    }
+}

Debug/Authenticator/TraceableAuthenticatorManagerListener.php

@@ -0,0 +1,81 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Debug\Authenticator;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\Security\Http\Firewall\AbstractListener;
+use Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener;
+use Symfony\Component\VarDumper\Caster\ClassStub;
+
+/**
+ * Decorates the AuthenticatorManagerListener to collect information about security authenticators.
+ *
+ * @author Robin Chalas <robin.chalas@gmail.com>
+ *
+ * @internal
+ */
+class TraceableAuthenticatorManagerListener extends AbstractListener
+{
+    private $authenticationManagerListener;
+    private $authenticatorsInfo = [];
+
+    public function __construct(AuthenticatorManagerListener $authenticationManagerListener)
+    {
+        $this->authenticationManagerListener = $authenticationManagerListener;
+    }
+
+    public function supports(Request $request): ?bool
+    {
+        return $this->authenticationManagerListener->supports($request);
+    }
+
+    public function authenticate(RequestEvent $event): void
+    {
+        $request = $event->getRequest();
+
+        if (!$authenticators = $request->attributes->get('_security_authenticators')) {
+            return;
+        }
+
+        foreach ($request->attributes->get('_security_skipped_authenticators') as $skippedAuthenticator) {
+            $this->authenticatorsInfo[] = [
+                'supports' => false,
+                'stub' => new ClassStub(\get_class($skippedAuthenticator)),
+                'passport' => null,
+                'duration' => 0,
+            ];
+        }
+
+        foreach ($authenticators as $key => $authenticator) {
+            $authenticators[$key] = new TraceableAuthenticator($authenticator);
+        }
+
+        $request->attributes->set('_security_authenticators', $authenticators);
+
+        $this->authenticationManagerListener->authenticate($event);
+
+        foreach ($authenticators as $authenticator) {
+            $this->authenticatorsInfo[] = $authenticator->getInfo();
+        }
+    }
+
+    public function getAuthenticatorManagerListener(): AuthenticatorManagerListener
+    {
+        return $this->authenticationManagerListener;
+    }
+
+    public function getAuthenticatorsInfo(): array
+    {
+        return $this->authenticatorsInfo;
+    }
+}

Debug/TraceableFirewallListener.php

@@ -11,36 +11,47 @@
 
 namespace Symfony\Bundle\SecurityBundle\Debug;
 
+use Symfony\Bundle\SecurityBundle\Debug\Authenticator\TraceableAuthenticatorManagerListener;
 use Symfony\Bundle\SecurityBundle\EventListener\FirewallListener;
 use Symfony\Bundle\SecurityBundle\Security\FirewallContext;
 use Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext;
 use Symfony\Component\HttpKernel\Event\RequestEvent;
 use Symfony\Component\Security\Http\Firewall\FirewallListenerInterface;
 
 /**
- * Firewall collecting called listeners.
+ * Firewall collecting called security listeners and authenticators.
  *
  * @author Robin Chalas <robin.chalas@gmail.com>
  */
 final class TraceableFirewallListener extends FirewallListener
 {
     private $wrappedListeners = [];
+    private $authenticatorsInfo = [];
 
     public function getWrappedListeners()
     {
         return $this->wrappedListeners;
     }
 
+    public function getAuthenticatorsInfo(): array
+    {
+        return $this->authenticatorsInfo;
+    }
+
     protected function callListeners(RequestEvent $event, iterable $listeners)
     {
         $wrappedListeners = [];
         $wrappedLazyListeners = [];
+        $authenticatorManagerListener = null;
 
         foreach ($listeners as $listener) {
             if ($listener instanceof LazyFirewallContext) {
-                \Closure::bind(function () use (&$wrappedLazyListeners, &$wrappedListeners) {
+                \Closure::bind(function () use (&$wrappedLazyListeners, &$wrappedListeners, &$authenticatorManagerListener) {
                     $listeners = [];
                     foreach ($this->listeners as $listener) {
+                        if (!$authenticatorManagerListener && $listener instanceof TraceableAuthenticatorManagerListener) {
+                            $authenticatorManagerListener = $listener;
+                        }
                         if ($listener instanceof FirewallListenerInterface) {
                             $listener = new WrappedLazyListener($listener);
                             $listeners[] = $listener;
@@ -61,6 +72,9 @@ protected function callListeners(RequestEvent $event, iterable $listeners)
                 $wrappedListener = $listener instanceof FirewallListenerInterface ? new WrappedLazyListener($listener) : new WrappedListener($listener);
                 $wrappedListener($event);
                 $wrappedListeners[] = $wrappedListener->getInfo();
+                if (!$authenticatorManagerListener && $listener instanceof TraceableAuthenticatorManagerListener) {
+                    $authenticatorManagerListener = $listener;
+                }
             }
 
             if ($event->hasResponse()) {
@@ -75,5 +89,9 @@ protected function callListeners(RequestEvent $event, iterable $listeners)
         }
 
         $this->wrappedListeners = array_merge($this->wrappedListeners, $wrappedListeners);
+
+        if ($authenticatorManagerListener) {
+            $this->authenticatorsInfo = $authenticatorManagerListener->getAuthenticatorsInfo();
+        }
     }
 }

Debug/TraceableListenerTrait.php

@@ -11,6 +11,7 @@
 
 namespace Symfony\Bundle\SecurityBundle\Debug;
 
+use Symfony\Bundle\SecurityBundle\Debug\Authenticator\TraceableAuthenticatorManagerListener;
 use Symfony\Component\VarDumper\Caster\ClassStub;
 
 /**
@@ -43,7 +44,7 @@ public function getInfo(): array
         return [
             'response' => $this->response,
             'time' => $this->time,
-            'stub' => $this->stub ?? $this->stub = ClassStub::wrapCallable($this->listener),
+            'stub' => $this->stub ?? $this->stub = ClassStub::wrapCallable($this->listener instanceof TraceableAuthenticatorManagerListener ? $this->listener->getAuthenticatorManagerListener() : $this->listener),
         ];
     }
 }

DependencyInjection/SecurityExtension.php

@@ -12,6 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
 
 use Symfony\Bridge\Twig\Extension\LogoutUrlExtension;
+use Symfony\Bundle\SecurityBundle\Debug\Authenticator\TraceableAuthenticatorManagerListener;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FirewallListenerFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface;
@@ -429,6 +430,14 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
             ->replaceArgument(0, new Reference($managerId))
         ;
 
+        if ($container->hasDefinition('debug.security.firewall')) {
+            $container
+                ->register('debug.security.firewall.authenticator.'.$id, TraceableAuthenticatorManagerListener::class)
+                ->setDecoratedService('security.firewall.authenticator.'.$id)
+                ->setArguments([new Reference('debug.security.firewall.authenticator.'.$id.'.inner')])
+            ;
+        }
+
         // user checker listener
         $container
             ->setDefinition('security.listener.user_checker.'.$id, new ChildDefinition('security.listener.user_checker'))
@@ -466,11 +475,17 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
 
         foreach ($this->getSortedFactories() as $factory) {
             $key = str_replace('-', '_', $factory->getKey());
-            if (\array_key_exists($key, $firewall)) {
+            if ('custom_authenticators' !== $key && \array_key_exists($key, $firewall)) {
                 $listenerKeys[] = $key;
             }
         }
 
+        if ($firewall['custom_authenticators'] ?? false) {
+            foreach ($firewall['custom_authenticators'] as $customAuthenticatorId) {
+                $listenerKeys[] = $customAuthenticatorId;
+            }
+        }
+
         $config->replaceArgument(10, $listenerKeys);
         $config->replaceArgument(11, $firewall['switch_user'] ?? null);