Merge branch '5.4' into 6.0

* 5.4:
  [FrameworkBundle][HttpKernel] Add the ability to enable the profiler using a parameter
  [FrameworkBundle] Trigger deprecations on stderr instead of using trigger_deprecation call
  Add PhpStanExtractor
  [Messenger] allow processing messages in batches
  [Console] Fix backslash escaping in bash completion
  Add missing validators translation
  add suggestions for debug:firewall, debug:form, debug:messenger, debug:router
  [SecurityBundle] Deprecate not configuring explicitly a provider for custom_authenticators when there is more than one registered provider
  [Inflector] Fix inflector for "zombies"
  [Config] Add some cache on SelfCheckingResourceChecker
  fix AJAX request unit spacing
  fix ErrorExcception in CacheWarmerAggregate
  Prevent FormLoginAuthenticator from responding to requests that should be handled by JsonLoginAuthenticator
  Fix wait duration for fixed window policy
  Add exact command used to trigger invocation to the completion debug log
  [Translation] correctly handle intl domains with TargetOperation
  Allow using param as connection atribute in `*.event_subscriber` and `*.event_listener` tags

Author: derrabus

CHANGELOG.md

@@ -30,6 +30,7 @@ CHANGELOG
  * Deprecate the `always_authenticate_before_granting` option
  * Display the roles of the logged-in user in the Web Debug Toolbar
  * Add the `security.access_decision_manager.strategy_service` option
+ * Deprecate not configuring explicitly a provider for custom_authenticators when there is more than one registered provider
 
 
 5.3
@@ -52,6 +53,7 @@ CHANGELOG
  * Deprecate the `security.authentication.provider.*` services, use the new authenticator system instead
  * Deprecate the `security.authentication.listener.*` services, use the new authenticator system instead
  * Deprecate the Guard component integration, use the new authenticator system instead
+ * Add `form_login.form_only` option
 
 5.2.0
 -----

Command/DebugFirewallCommand.php

@@ -16,6 +16,8 @@
 use Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext;
 use Symfony\Component\Console\Attribute\AsCommand;
 use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Completion\CompletionInput;
+use Symfony\Component\Console\Completion\CompletionSuggestions;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
@@ -267,4 +269,11 @@ private function getExampleName(): string
 
         return $name;
     }
+
+    public function complete(CompletionInput $input, CompletionSuggestions $suggestions): void
+    {
+        if ($input->mustSuggestArgumentValuesFor('name')) {
+            $suggestions->suggestValues($this->firewallNames);
+        }
+    }
 }

DependencyInjection/Security/Factory/FormLoginFactory.php

@@ -37,6 +37,7 @@ public function __construct()
         $this->addOption('csrf_token_id', 'authenticate');
         $this->addOption('enable_csrf', false);
         $this->addOption('post_only', true);
+        $this->addOption('form_only', false);
     }
 
     public function getPriority(): int

DependencyInjection/SecurityExtension.php

@@ -608,6 +608,10 @@ private function getUserProvider(ContainerBuilder $container, string $id, array
         }
 
         if ('remember_me' === $factoryKey || 'anonymous' === $factoryKey || 'custom_authenticators' === $factoryKey) {
+            if ('custom_authenticators' === $factoryKey) {
+                trigger_deprecation('symfony/security-bundle', '5.4', 'Not configuring explicitly the provider for the "%s" listener on "%s" firewall is deprecated because it\'s ambiguous as there is more than one registered provider.', $factoryKey, $id);
+            }
+
             return 'security.user_providers';
         }
 

Tests/DependencyInjection/SecurityExtensionTest.php

@@ -12,6 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\Tests\DependencyInjection;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FirewallListenerFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
@@ -39,6 +40,8 @@
 
 class SecurityExtensionTest extends TestCase
 {
+    use ExpectDeprecationTrait;
+
     public function testInvalidCheckPath()
     {
         $this->expectException(InvalidConfigurationException::class);
@@ -314,6 +317,33 @@ public function testDoNotRegisterTheUserProviderAliasWithMultipleProviders()
         $this->assertFalse($container->has(UserProviderInterface::class));
     }
 
+    /**
+     * @group legacy
+     */
+    public function testFirewallWithNoUserProviderTriggerDeprecation()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', [
+            'enable_authenticator_manager' => true,
+
+            'providers' => [
+                'first' => ['id' => 'foo'],
+                'second' => ['id' => 'foo'],
+            ],
+
+            'firewalls' => [
+                'some_firewall' => [
+                    'custom_authenticator' => 'my_authenticator',
+                ],
+            ],
+        ]);
+
+        $this->expectDeprecation('Since symfony/security-bundle 5.4: Not configuring explicitly the provider for the "custom_authenticators" listener on "some_firewall" firewall is deprecated because it\'s ambiguous as there is more than one registered provider.');
+
+        $container->compile();
+    }
+
     /**
      * @dataProvider acceptableIpsProvider
      */