Merge branch '5.4' into 6.0

* 5.4:
  [FrameworkBundle][HttpKernel] Add the ability to enable the profiler using a parameter
  [FrameworkBundle] Trigger deprecations on stderr instead of using trigger_deprecation call
  Add PhpStanExtractor
  [Messenger] allow processing messages in batches
  [Console] Fix backslash escaping in bash completion
  Add missing validators translation
  add suggestions for debug:firewall, debug:form, debug:messenger, debug:router
  [SecurityBundle] Deprecate not configuring explicitly a provider for custom_authenticators when there is more than one registered provider
  [Inflector] Fix inflector for "zombies"
  [Config] Add some cache on SelfCheckingResourceChecker
  fix AJAX request unit spacing
  fix ErrorExcception in CacheWarmerAggregate
  Prevent FormLoginAuthenticator from responding to requests that should be handled by JsonLoginAuthenticator
  Fix wait duration for fixed window policy
  Add exact command used to trigger invocation to the completion debug log
  [Translation] correctly handle intl domains with TargetOperation
  Allow using param as connection atribute in `*.event_subscriber` and `*.event_listener` tags

Author: derrabus

Authenticator/FormLoginAuthenticator.php

@@ -59,6 +59,7 @@ public function __construct(HttpUtils $httpUtils, UserProviderInterface $userPro
             'password_parameter' => '_password',
             'check_path' => '/login_check',
             'post_only' => true,
+            'form_only' => false,
             'enable_csrf' => false,
             'csrf_parameter' => '_csrf_token',
             'csrf_token_id' => 'authenticate',
@@ -73,7 +74,8 @@ protected function getLoginUrl(Request $request): string
     public function supports(Request $request): bool
     {
         return ($this->options['post_only'] ? $request->isMethod('POST') : true)
-            && $this->httpUtils->checkRequestPath($request, $this->options['check_path']);
+            && $this->httpUtils->checkRequestPath($request, $this->options['check_path'])
+            && ($this->options['form_only'] ? 'form' === $request->getContentType() : true);
     }
 
     public function authenticate(Request $request): Passport

Tests/Authenticator/FormLoginAuthenticatorTest.php

@@ -156,6 +156,27 @@ public function testUpgradePassword()
         $this->assertEquals('s$cr$t', $badge->getAndErasePlaintextPassword());
     }
 
+    /**
+     * @dataProvider provideContentTypes()
+     */
+    public function testSupportsFormOnly(string $contentType, bool $shouldSupport)
+    {
+        $request = new Request();
+        $request->headers->set('CONTENT_TYPE', $contentType);
+        $request->server->set('REQUEST_URI', '/login_check');
+        $request->setMethod('POST');
+
+        $this->setUpAuthenticator(['form_only' => true]);
+
+        $this->assertSame($shouldSupport, $this->authenticator->supports($request));
+    }
+
+    public function provideContentTypes()
+    {
+        yield ['application/json', false];
+        yield ['application/x-www-form-urlencoded', true];
+    }
+
     private function setUpAuthenticator(array $options = [])
     {
         $this->authenticator = new FormLoginAuthenticator(new HttpUtils(), $this->userProvider, $this->successHandler, $this->failureHandler, $options);