Upgrade 1-11.38

vendor/symfony/security-bundle/DependencyInjection/Compiler/AddSecurityVotersPass.php

@@ -11,6 +11,7 @@
 
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler;
 
+use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
 use Symfony\Component\DependencyInjection\Compiler\PriorityTaggedServiceTrait;
@@ -39,7 +40,7 @@ class AddSecurityVotersPass implements CompilerPassInterface
             throw new LogicException('No security voters found. You need to tag at least one with "security.voter"');
         }
 
-        $adm = $container->getDefinition($container->hasDefinition('debug.security.access.decision_manager') ? 'debug.security.access.decision_manager' : 'security.access.decision_manager');
-        $adm->addMethodCall('setVoters', array($voters));
+        $adm = $container->getDefinition('security.access.decision_manager');
+        $adm->replaceArgument(0, new IteratorArgument($voters));
     }
 }

vendor/symfony/security-bundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php

@@ -26,7 +26,7 @@ class AddSessionDomainConstraintPass implements CompilerPassInterface
      */
     public function process(ContainerBuilder $container)
     {
-        if (!$container->hasParameter('session.storage.options') || !$container->has('security.http_utils')) {
+        if (!$container->hasParameter('session.storage.options')) {
             return;
         }
 
@@ -34,6 +34,7 @@ class AddSessionDomainConstraintPass implements CompilerPassInterface
         $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%s' : sprintf('(?:%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
         $domainRegexp = (empty($sessionOptions['cookie_secure']) ? 'https?://' : 'https://').$domainRegexp;
 
+        // if the service doesn't exist, an exception must be thrown - ignoring would put security at risk
         $container->findDefinition('security.http_utils')->addArgument(sprintf('{^%s$}i', $domainRegexp));
     }
 }

vendor/symfony/security-bundle/DependencyInjection/MainConfiguration.php

@@ -36,12 +36,6 @@ class MainConfiguration implements ConfigurationInterface
     private $factories;
     private $userProviderFactories;
 
-    /**
-     * Constructor.
-     *
-     * @param array $factories
-     * @param array $userProviderFactories
-     */
     public function __construct(array $factories, array $userProviderFactories)
     {
         $this->factories = $factories;
@@ -373,7 +367,7 @@ class MainConfiguration implements ConfigurationInterface
                 ->thenInvalid('You cannot set multiple provider types for the same provider')
             ->end()
             ->validate()
-                ->ifTrue(function ($v) { return count($v) === 0; })
+                ->ifTrue(function ($v) { return 0 === count($v); })
                 ->thenInvalid('You must set a provider definition for the provider.')
             ->end()
         ;

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/AbstractFactory.php

@@ -12,9 +12,10 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\HttpFoundation\Session\Storage\Handler\AbstractSessionHandler;
 
 /**
  * AbstractFactory is the base class for all classes inheriting from
@@ -29,7 +30,7 @@ abstract class AbstractFactory implements SecurityFactoryInterface
     protected $options = array(
         'check_path' => '/login_check',
         'use_forward' => false,
-        'require_previous_session' => true,
+        'require_previous_session' => null,
     );
 
     protected $defaultSuccessHandlerOptions = array(
@@ -80,6 +81,10 @@ abstract class AbstractFactory implements SecurityFactoryInterface
             ->scalarNode('failure_handler')->end()
         ;
 
+        if (array_key_exists('require_previous_session', $this->options) && null === $this->options['require_previous_session']) {
+            $this->options['require_previous_session'] = !class_exists(AbstractSessionHandler::class);
+        }
+
         foreach (array_merge($this->options, $this->defaultSuccessHandlerOptions, $this->defaultFailureHandlerOptions) as $name => $default) {
             if (is_bool($default)) {
                 $builder->booleanNode($name)->defaultValue($default);
@@ -144,8 +149,6 @@ abstract class AbstractFactory implements SecurityFactoryInterface
      * Subclasses may disable remember-me features for the listener, by
      * always returning false from this method.
      *
-     * @param array $config
-     *
      * @return bool Whether a possibly configured RememberMeServices should be set for this listener
      */
     protected function isRememberMeAware($config)
@@ -156,7 +159,7 @@ abstract class AbstractFactory implements SecurityFactoryInterface
     protected function createListener($container, $id, $config, $userProvider)
     {
         $listenerId = $this->getListenerId();
-        $listener = new DefinitionDecorator($listenerId);
+        $listener = new ChildDefinition($listenerId);
         $listener->replaceArgument(4, $id);
         $listener->replaceArgument(5, new Reference($this->createAuthenticationSuccessHandler($container, $id, $config)));
         $listener->replaceArgument(6, new Reference($this->createAuthenticationFailureHandler($container, $id, $config)));
@@ -174,12 +177,12 @@ abstract class AbstractFactory implements SecurityFactoryInterface
         $options = array_intersect_key($config, $this->defaultSuccessHandlerOptions);
 
         if (isset($config['success_handler'])) {
-            $successHandler = $container->setDefinition($successHandlerId, new DefinitionDecorator('security.authentication.custom_success_handler'));
+            $successHandler = $container->setDefinition($successHandlerId, new ChildDefinition('security.authentication.custom_success_handler'));
             $successHandler->replaceArgument(0, new Reference($config['success_handler']));
             $successHandler->replaceArgument(1, $options);
             $successHandler->replaceArgument(2, $id);
         } else {
-            $successHandler = $container->setDefinition($successHandlerId, new DefinitionDecorator('security.authentication.success_handler'));
+            $successHandler = $container->setDefinition($successHandlerId, new ChildDefinition('security.authentication.success_handler'));
             $successHandler->addMethodCall('setOptions', array($options));
             $successHandler->addMethodCall('setProviderKey', array($id));
         }
@@ -193,11 +196,11 @@ abstract class AbstractFactory implements SecurityFactoryInterface
         $options = array_intersect_key($config, $this->defaultFailureHandlerOptions);
 
         if (isset($config['failure_handler'])) {
-            $failureHandler = $container->setDefinition($id, new DefinitionDecorator('security.authentication.custom_failure_handler'));
+            $failureHandler = $container->setDefinition($id, new ChildDefinition('security.authentication.custom_failure_handler'));
             $failureHandler->replaceArgument(0, new Reference($config['failure_handler']));
             $failureHandler->replaceArgument(1, $options);
         } else {
-            $failureHandler = $container->setDefinition($id, new DefinitionDecorator('security.authentication.failure_handler'));
+            $failureHandler = $container->setDefinition($id, new ChildDefinition('security.authentication.failure_handler'));
             $failureHandler->addMethodCall('setOptions', array($options));
         }
 

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/FormLoginFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -63,7 +63,7 @@ class FormLoginFactory extends AbstractFactory
     {
         $provider = 'security.authentication.provider.dao.'.$id;
         $container
-            ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao'))
+            ->setDefinition($provider, new ChildDefinition('security.authentication.provider.dao'))
             ->replaceArgument(0, new Reference($userProviderId))
             ->replaceArgument(1, new Reference('security.user_checker.'.$id))
             ->replaceArgument(2, $id)
@@ -88,7 +88,7 @@ class FormLoginFactory extends AbstractFactory
     {
         $entryPointId = 'security.authentication.form_entry_point.'.$id;
         $container
-            ->setDefinition($entryPointId, new DefinitionDecorator('security.authentication.form_entry_point'))
+            ->setDefinition($entryPointId, new ChildDefinition('security.authentication.form_entry_point'))
             ->addArgument(new Reference('security.http_utils'))
             ->addArgument($config['login_path'])
             ->addArgument($config['use_forward'])

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -27,8 +27,8 @@ class FormLoginLdapFactory extends FormLoginFactory
     protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId)
     {
         $provider = 'security.authentication.provider.ldap_bind.'.$id;
-        $container
-            ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind'))
+        $definition = $container
+            ->setDefinition($provider, new ChildDefinition('security.authentication.provider.ldap_bind'))
             ->replaceArgument(0, new Reference($userProviderId))
             ->replaceArgument(1, new Reference('security.user_checker.'.$id))
             ->replaceArgument(2, $id)
@@ -36,6 +36,10 @@ class FormLoginLdapFactory extends FormLoginFactory
             ->replaceArgument(4, $config['dn_string'])
         ;
 
+        if (!empty($config['query_string'])) {
+            $definition->addMethodCall('setQueryString', array($config['query_string']));
+        }
+
         return $provider;
     }
 
@@ -47,6 +51,7 @@ class FormLoginLdapFactory extends FormLoginFactory
             ->children()
                 ->scalarNode('service')->defaultValue('ldap')->end()
                 ->scalarNode('dn_string')->defaultValue('{username}')->end()
+                ->scalarNode('query_string')->end()
             ->end()
         ;
     }

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php

@@ -12,8 +12,9 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
+use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
 use Symfony\Component\DependencyInjection\Reference;
 
 /**
@@ -62,11 +63,13 @@ class GuardAuthenticationFactory implements SecurityFactoryInterface
             $authenticatorReferences[] = new Reference($authenticatorId);
         }
 
+        $authenticators = new IteratorArgument($authenticatorReferences);
+
         // configure the GuardAuthenticationFactory to have the dynamic constructor arguments
         $providerId = 'security.authentication.provider.guard.'.$id;
         $container
-            ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.guard'))
-            ->replaceArgument(0, $authenticatorReferences)
+            ->setDefinition($providerId, new ChildDefinition('security.authentication.provider.guard'))
+            ->replaceArgument(0, $authenticators)
             ->replaceArgument(1, new Reference($userProvider))
             ->replaceArgument(2, $id)
             ->replaceArgument(3, new Reference('security.user_checker.'.$id))
@@ -74,9 +77,9 @@ class GuardAuthenticationFactory implements SecurityFactoryInterface
 
         // listener
         $listenerId = 'security.authentication.listener.guard.'.$id;
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.guard'));
+        $listener = $container->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.guard'));
         $listener->replaceArgument(2, $id);
-        $listener->replaceArgument(3, $authenticatorReferences);
+        $listener->replaceArgument(3, $authenticators);
 
         // determine the entryPointId to use
         $entryPointId = $this->determineEntryPoint($defaultEntryPoint, $config);
@@ -109,7 +112,7 @@ class GuardAuthenticationFactory implements SecurityFactoryInterface
         }
 
         $authenticatorIds = $config['authenticators'];
-        if (count($authenticatorIds) == 1) {
+        if (1 == count($authenticatorIds)) {
             // if there is only one authenticator, use that as the entry point
             return array_shift($authenticatorIds);
         }

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/HttpBasicFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -27,7 +27,7 @@ class HttpBasicFactory implements SecurityFactoryInterface
     {
         $provider = 'security.authentication.provider.dao.'.$id;
         $container
-            ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao'))
+            ->setDefinition($provider, new ChildDefinition('security.authentication.provider.dao'))
             ->replaceArgument(0, new Reference($userProvider))
             ->replaceArgument(1, new Reference('security.user_checker.'.$id))
             ->replaceArgument(2, $id)
@@ -38,7 +38,7 @@ class HttpBasicFactory implements SecurityFactoryInterface
 
         // listener
         $listenerId = 'security.authentication.listener.basic.'.$id;
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.basic'));
+        $listener = $container->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.basic'));
         $listener->replaceArgument(2, $id);
         $listener->replaceArgument(3, new Reference($entryPointId));
 
@@ -73,7 +73,7 @@ class HttpBasicFactory implements SecurityFactoryInterface
 
         $entryPointId = 'security.authentication.basic_entry_point.'.$id;
         $container
-            ->setDefinition($entryPointId, new DefinitionDecorator('security.authentication.basic_entry_point'))
+            ->setDefinition($entryPointId, new ChildDefinition('security.authentication.basic_entry_point'))
             ->addArgument($config['realm'])
         ;
 

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -28,8 +28,8 @@ class HttpBasicLdapFactory extends HttpBasicFactory
     public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
     {
         $provider = 'security.authentication.provider.ldap_bind.'.$id;
-        $container
-            ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind'))
+        $definition = $container
+            ->setDefinition($provider, new ChildDefinition('security.authentication.provider.ldap_bind'))
             ->replaceArgument(0, new Reference($userProvider))
             ->replaceArgument(1, new Reference('security.user_checker.'.$id))
             ->replaceArgument(2, $id)
@@ -40,9 +40,13 @@ class HttpBasicLdapFactory extends HttpBasicFactory
         // entry point
         $entryPointId = $this->createEntryPoint($container, $id, $config, $defaultEntryPoint);
 
+        if (!empty($config['query_string'])) {
+            $definition->addMethodCall('setQueryString', array($config['query_string']));
+        }
+
         // listener
         $listenerId = 'security.authentication.listener.basic.'.$id;
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.basic'));
+        $listener = $container->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.basic'));
         $listener->replaceArgument(2, $id);
         $listener->replaceArgument(3, new Reference($entryPointId));
 
@@ -57,6 +61,7 @@ class HttpBasicLdapFactory extends HttpBasicFactory
             ->children()
                 ->scalarNode('service')->defaultValue('ldap')->end()
                 ->scalarNode('dn_string')->defaultValue('{username}')->end()
+                ->scalarNode('query_string')->end()
             ->end()
         ;
     }

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/HttpDigestFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -27,7 +27,7 @@ class HttpDigestFactory implements SecurityFactoryInterface
     {
         $provider = 'security.authentication.provider.dao.'.$id;
         $container
-            ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao'))
+            ->setDefinition($provider, new ChildDefinition('security.authentication.provider.dao'))
             ->replaceArgument(0, new Reference($userProvider))
             ->replaceArgument(1, new Reference('security.user_checker.'.$id))
             ->replaceArgument(2, $id)
@@ -38,7 +38,7 @@ class HttpDigestFactory implements SecurityFactoryInterface
 
         // listener
         $listenerId = 'security.authentication.listener.digest.'.$id;
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.digest'));
+        $listener = $container->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.digest'));
         $listener->replaceArgument(1, new Reference($userProvider));
         $listener->replaceArgument(2, $id);
         $listener->replaceArgument(3, new Reference($entryPointId));
@@ -75,7 +75,7 @@ class HttpDigestFactory implements SecurityFactoryInterface
 
         $entryPointId = 'security.authentication.digest_entry_point.'.$id;
         $container
-            ->setDefinition($entryPointId, new DefinitionDecorator('security.authentication.digest_entry_point'))
+            ->setDefinition($entryPointId, new ChildDefinition('security.authentication.digest_entry_point'))
             ->addArgument($config['realm'])
             ->addArgument($config['secret'])
         ;

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/RememberMeFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 
@@ -34,7 +34,7 @@ class RememberMeFactory implements SecurityFactoryInterface
         // authentication provider
         $authProviderId = 'security.authentication.provider.rememberme.'.$id;
         $container
-            ->setDefinition($authProviderId, new DefinitionDecorator('security.authentication.provider.rememberme'))
+            ->setDefinition($authProviderId, new ChildDefinition('security.authentication.provider.rememberme'))
             ->replaceArgument(0, new Reference('security.user_checker.'.$id))
             ->addArgument($config['secret'])
             ->addArgument($id)
@@ -56,7 +56,7 @@ class RememberMeFactory implements SecurityFactoryInterface
             ;
         }
 
-        $rememberMeServices = $container->setDefinition($rememberMeServicesId, new DefinitionDecorator($templateId));
+        $rememberMeServices = $container->setDefinition($rememberMeServicesId, new ChildDefinition($templateId));
         $rememberMeServices->replaceArgument(1, $config['secret']);
         $rememberMeServices->replaceArgument(2, $id);
 
@@ -94,7 +94,7 @@ class RememberMeFactory implements SecurityFactoryInterface
                 $userProviders[] = new Reference('security.user.provider.concrete.'.$providerName);
             }
         }
-        if (count($userProviders) === 0) {
+        if (0 === count($userProviders)) {
             throw new \RuntimeException('You must configure at least one remember-me aware listener (such as form-login) for each firewall that has remember-me enabled.');
         }
 
@@ -102,7 +102,7 @@ class RememberMeFactory implements SecurityFactoryInterface
 
         // remember-me listener
         $listenerId = 'security.authentication.listener.rememberme.'.$id;
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.rememberme'));
+        $listener = $container->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.rememberme'));
         $listener->replaceArgument(1, new Reference($rememberMeServicesId));
         $listener->replaceArgument(5, $config['catch_exceptions']);
 

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/RemoteUserFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -28,14 +28,14 @@ class RemoteUserFactory implements SecurityFactoryInterface
     {
         $providerId = 'security.authentication.provider.pre_authenticated.'.$id;
         $container
-            ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated'))
+            ->setDefinition($providerId, new ChildDefinition('security.authentication.provider.pre_authenticated'))
             ->replaceArgument(0, new Reference($userProvider))
             ->replaceArgument(1, new Reference('security.user_checker.'.$id))
             ->addArgument($id)
         ;
 
         $listenerId = 'security.authentication.listener.remote_user.'.$id;
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.remote_user'));
+        $listener = $container->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.remote_user'));
         $listener->replaceArgument(2, $id);
         $listener->replaceArgument(3, $config['user']);
 

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/SimpleFormFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -51,7 +51,7 @@ class SimpleFormFactory extends FormLoginFactory
     {
         $provider = 'security.authentication.provider.simple_form.'.$id;
         $container
-            ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.simple'))
+            ->setDefinition($provider, new ChildDefinition('security.authentication.provider.simple'))
             ->replaceArgument(0, new Reference($config['authenticator']))
             ->replaceArgument(1, new Reference($userProviderId))
             ->replaceArgument(2, $id)
@@ -65,7 +65,7 @@ class SimpleFormFactory extends FormLoginFactory
         $listenerId = parent::createListener($container, $id, $config, $userProvider);
 
         $simpleAuthHandlerId = 'security.authentication.simple_success_failure_handler.'.$id;
-        $simpleAuthHandler = $container->setDefinition($simpleAuthHandlerId, new DefinitionDecorator('security.authentication.simple_success_failure_handler'));
+        $simpleAuthHandler = $container->setDefinition($simpleAuthHandlerId, new ChildDefinition('security.authentication.simple_success_failure_handler'));
         $simpleAuthHandler->replaceArgument(0, new Reference($config['authenticator']));
         $simpleAuthHandler->replaceArgument(1, new Reference($this->getSuccessHandlerId($id)));
         $simpleAuthHandler->replaceArgument(2, new Reference($this->getFailureHandlerId($id)));

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/SimplePreAuthenticationFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -45,7 +45,7 @@ class SimplePreAuthenticationFactory implements SecurityFactoryInterface
     {
         $provider = 'security.authentication.provider.simple_preauth.'.$id;
         $container
-            ->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.simple'))
+            ->setDefinition($provider, new ChildDefinition('security.authentication.provider.simple'))
             ->replaceArgument(0, new Reference($config['authenticator']))
             ->replaceArgument(1, new Reference($userProvider))
             ->replaceArgument(2, $id)
@@ -53,7 +53,7 @@ class SimplePreAuthenticationFactory implements SecurityFactoryInterface
 
         // listener
         $listenerId = 'security.authentication.listener.simple_preauth.'.$id;
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.simple_preauth'));
+        $listener = $container->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.simple_preauth'));
         $listener->replaceArgument(2, $id);
         $listener->replaceArgument(3, new Reference($config['authenticator']));
 

vendor/symfony/security-bundle/DependencyInjection/Security/Factory/X509Factory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -27,7 +27,7 @@ class X509Factory implements SecurityFactoryInterface
     {
         $providerId = 'security.authentication.provider.pre_authenticated.'.$id;
         $container
-            ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated'))
+            ->setDefinition($providerId, new ChildDefinition('security.authentication.provider.pre_authenticated'))
             ->replaceArgument(0, new Reference($userProvider))
             ->replaceArgument(1, new Reference('security.user_checker.'.$id))
             ->addArgument($id)
@@ -35,7 +35,7 @@ class X509Factory implements SecurityFactoryInterface
 
         // listener
         $listenerId = 'security.authentication.listener.x509.'.$id;
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.x509'));
+        $listener = $container->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.x509'));
         $listener->replaceArgument(2, $id);
         $listener->replaceArgument(3, $config['user']);
         $listener->replaceArgument(4, $config['credentials']);

vendor/symfony/security-bundle/DependencyInjection/Security/UserProvider/InMemoryFactory.php

@@ -12,9 +12,8 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
-use Symfony\Component\DependencyInjection\Reference;
 
 /**
  * InMemoryFactory creates services for the memory provider.
@@ -26,18 +25,14 @@ class InMemoryFactory implements UserProviderFactoryInterface
 {
     public function create(ContainerBuilder $container, $id, $config)
     {
-        $definition = $container->setDefinition($id, new DefinitionDecorator('security.user.provider.in_memory'));
+        $definition = $container->setDefinition($id, new ChildDefinition('security.user.provider.in_memory'));
+        $users = array();
 
         foreach ($config['users'] as $username => $user) {
-            $userId = $id.'_'.$username;
-
-            $container
-                ->setDefinition($userId, new DefinitionDecorator('security.user.provider.in_memory.user'))
-                ->setArguments(array($username, (string) $user['password'], $user['roles']))
-            ;
-
-            $definition->addMethodCall('createUser', array(new Reference($userId)));
+            $users[$username] = array('password' => (string) $user['password'], 'roles' => $user['roles']);
         }
+
+        $definition->addArgument($users);
     }
 
     public function getKey()
@@ -52,6 +47,7 @@ class InMemoryFactory implements UserProviderFactoryInterface
             ->children()
                 ->arrayNode('users')
                     ->useAttributeAsKey('name')
+                    ->normalizeKeys(false)
                     ->prototype('array')
                         ->children()
                             ->scalarNode('password')->defaultValue(uniqid('', true))->end()

vendor/symfony/security-bundle/DependencyInjection/Security/UserProvider/LdapFactory.php

@@ -12,7 +12,7 @@
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider;
 
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 
@@ -27,7 +27,7 @@ class LdapFactory implements UserProviderFactoryInterface
     public function create(ContainerBuilder $container, $id, $config)
     {
         $container
-            ->setDefinition($id, new DefinitionDecorator('security.user.provider.ldap'))
+            ->setDefinition($id, new ChildDefinition('security.user.provider.ldap'))
             ->replaceArgument(0, new Reference($config['service']))
             ->replaceArgument(1, $config['base_dn'])
             ->replaceArgument(2, $config['search_dn'])

vendor/symfony/security-bundle/DependencyInjection/SecurityExtension.php

@@ -14,14 +14,18 @@ namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface;
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
-use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\Console\Application;
 use Symfony\Component\DependencyInjection\Alias;
+use Symfony\Component\DependencyInjection\Argument\IteratorArgument;
+use Symfony\Component\DependencyInjection\ChildDefinition;
+use Symfony\Component\DependencyInjection\Compiler\ServiceLocatorTagPass;
 use Symfony\Component\HttpKernel\DependencyInjection\Extension;
 use Symfony\Component\DependencyInjection\Loader\XmlFileLoader;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\Config\FileLocator;
 use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
+use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 
 /**
  * SecurityExtension.
@@ -96,25 +100,34 @@ class SecurityExtension extends Extension
             $this->createEncoders($config['encoders'], $container);
         }
 
+        if (class_exists(Application::class)) {
+            $loader->load('console.xml');
+            $container->getDefinition('security.console.user_password_encoder_command')->replaceArgument(1, array_keys($config['encoders']));
+        }
+
         // load ACL
         if (isset($config['acl'])) {
             $this->aclLoad($config['acl'], $container);
         }
 
-        // add some required classes for compilation
-        $this->addClassesToCompile(array(
-            'Symfony\Component\Security\Http\Firewall',
-            'Symfony\Component\Security\Core\User\UserProviderInterface',
-            'Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager',
-            'Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage',
-            'Symfony\Component\Security\Core\Authorization\AccessDecisionManager',
-            'Symfony\Component\Security\Core\Authorization\AuthorizationChecker',
-            'Symfony\Component\Security\Core\Authorization\Voter\VoterInterface',
-            'Symfony\Bundle\SecurityBundle\Security\FirewallConfig',
-            'Symfony\Bundle\SecurityBundle\Security\FirewallMap',
-            'Symfony\Bundle\SecurityBundle\Security\FirewallContext',
-            'Symfony\Component\HttpFoundation\RequestMatcher',
-        ));
+        $container->registerForAutoconfiguration(VoterInterface::class)
+            ->addTag('security.voter');
+
+        if (\PHP_VERSION_ID < 70000) {
+            // add some required classes for compilation
+            $this->addClassesToCompile(array(
+                'Symfony\Component\Security\Http\Firewall',
+                'Symfony\Component\Security\Core\User\UserProviderInterface',
+                'Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager',
+                'Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage',
+                'Symfony\Component\Security\Core\Authorization\AccessDecisionManager',
+                'Symfony\Component\Security\Core\Authorization\AuthorizationChecker',
+                'Symfony\Component\Security\Core\Authorization\Voter\VoterInterface',
+                'Symfony\Bundle\SecurityBundle\Security\FirewallConfig',
+                'Symfony\Bundle\SecurityBundle\Security\FirewallContext',
+                'Symfony\Component\HttpFoundation\RequestMatcher',
+            ));
+        }
     }
 
     private function aclLoad($config, ContainerBuilder $container)
@@ -167,13 +180,7 @@ class SecurityExtension extends Extension
         $container->setParameter('security.acl.dbal.sid_table_name', $config['tables']['security_identity']);
     }
 
-    /**
-     * Loads the web configuration.
-     *
-     * @param array            $config    An array of configuration settings
-     * @param ContainerBuilder $container A ContainerBuilder instance
-     */
-    private function createRoleHierarchy($config, ContainerBuilder $container)
+    private function createRoleHierarchy(array $config, ContainerBuilder $container)
     {
         if (!isset($config['role_hierarchy']) || 0 === count($config['role_hierarchy'])) {
             $container->removeDefinition('security.access.role_hierarchy_voter');
@@ -191,9 +198,11 @@ class SecurityExtension extends Extension
             return;
         }
 
-        $this->addClassesToCompile(array(
-            'Symfony\\Component\\Security\\Http\\AccessMap',
-        ));
+        if (\PHP_VERSION_ID < 70000) {
+            $this->addClassesToCompile(array(
+                'Symfony\\Component\\Security\\Http\\AccessMap',
+            ));
+        }
 
         foreach ($config['access_control'] as $access) {
             $matcher = $this->createRequestMatcher(
@@ -233,25 +242,33 @@ class SecurityExtension extends Extension
         $arguments[1] = $userProviders;
         $definition->setArguments($arguments);
 
+        $customUserChecker = false;
+
         // load firewall map
         $mapDef = $container->getDefinition('security.firewall.map');
-        $map = $authenticationProviders = array();
+        $map = $authenticationProviders = $contextRefs = array();
         foreach ($firewalls as $name => $firewall) {
+            if (isset($firewall['user_checker']) && 'security.user_checker' !== $firewall['user_checker']) {
+                $customUserChecker = true;
+            }
+
             $configId = 'security.firewall.map.config.'.$name;
 
             list($matcher, $listeners, $exceptionListener) = $this->createFirewall($container, $name, $firewall, $authenticationProviders, $providerIds, $configId);
 
             $contextId = 'security.firewall.map.context.'.$name;
-            $context = $container->setDefinition($contextId, new DefinitionDecorator('security.firewall.context'));
+            $context = $container->setDefinition($contextId, new ChildDefinition('security.firewall.context'));
             $context
                 ->replaceArgument(0, $listeners)
                 ->replaceArgument(1, $exceptionListener)
                 ->replaceArgument(2, new Reference($configId))
             ;
 
+            $contextRefs[$contextId] = new Reference($contextId);
             $map[$contextId] = $matcher;
         }
-        $mapDef->replaceArgument(1, $map);
+        $mapDef->replaceArgument(0, ServiceLocatorTagPass::register($container, $contextRefs));
+        $mapDef->replaceArgument(1, new IteratorArgument($map));
 
         // add authentication providers to authentication manager
         $authenticationProviders = array_map(function ($id) {
@@ -259,13 +276,18 @@ class SecurityExtension extends Extension
         }, array_values(array_unique($authenticationProviders)));
         $container
             ->getDefinition('security.authentication.manager')
-            ->replaceArgument(0, $authenticationProviders)
+            ->replaceArgument(0, new IteratorArgument($authenticationProviders))
         ;
+
+        // register an autowire alias for the UserCheckerInterface if no custom user checker service is configured
+        if (!$customUserChecker) {
+            $container->setAlias('Symfony\Component\Security\Core\User\UserCheckerInterface', new Alias('security.user_checker', false));
+        }
     }
 
     private function createFirewall(ContainerBuilder $container, $id, $firewall, &$authenticationProviders, $providerIds, $configId)
     {
-        $config = $container->setDefinition($configId, new DefinitionDecorator('security.firewall.config'));
+        $config = $container->setDefinition($configId, new ChildDefinition('security.firewall.config'));
         $config->replaceArgument(0, $id);
         $config->replaceArgument(1, $firewall['user_checker']);
 
@@ -323,7 +345,7 @@ class SecurityExtension extends Extension
         if (isset($firewall['logout'])) {
             $listenerKeys[] = 'logout';
             $listenerId = 'security.logout_listener.'.$id;
-            $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.logout_listener'));
+            $listener = $container->setDefinition($listenerId, new ChildDefinition('security.logout_listener'));
             $listener->replaceArgument(3, array(
                 'csrf_parameter' => $firewall['logout']['csrf_parameter'],
                 'csrf_token_id' => $firewall['logout']['csrf_token_id'],
@@ -336,7 +358,7 @@ class SecurityExtension extends Extension
                 $logoutSuccessHandlerId = $firewall['logout']['success_handler'];
             } else {
                 $logoutSuccessHandlerId = 'security.logout.success_handler.'.$id;
-                $logoutSuccessHandler = $container->setDefinition($logoutSuccessHandlerId, new DefinitionDecorator('security.logout.success_handler'));
+                $logoutSuccessHandler = $container->setDefinition($logoutSuccessHandlerId, new ChildDefinition('security.logout.success_handler'));
                 $logoutSuccessHandler->replaceArgument(1, $firewall['logout']['target']);
             }
             $listener->replaceArgument(2, new Reference($logoutSuccessHandlerId));
@@ -354,7 +376,7 @@ class SecurityExtension extends Extension
             // add cookie logout handler
             if (count($firewall['logout']['delete_cookies']) > 0) {
                 $cookieHandlerId = 'security.logout.handler.cookie_clearing.'.$id;
-                $cookieHandler = $container->setDefinition($cookieHandlerId, new DefinitionDecorator('security.logout.handler.cookie_clearing'));
+                $cookieHandler = $container->setDefinition($cookieHandlerId, new ChildDefinition('security.logout.handler.cookie_clearing'));
                 $cookieHandler->addArgument($firewall['logout']['delete_cookies']);
 
                 $listener->addMethodCall('addHandler', array(new Reference($cookieHandlerId)));
@@ -374,6 +396,7 @@ class SecurityExtension extends Extension
                     $firewall['logout']['csrf_token_id'],
                     $firewall['logout']['csrf_parameter'],
                     isset($firewall['logout']['csrf_token_generator']) ? new Reference($firewall['logout']['csrf_token_generator']) : null,
+                    false === $firewall['stateless'] && isset($firewall['context']) ? $firewall['context'] : null,
                 ))
             ;
         }
@@ -430,7 +453,7 @@ class SecurityExtension extends Extension
         }
 
         $listenerId = 'security.context_listener.'.count($this->contextListeners);
-        $listener = $container->setDefinition($listenerId, new DefinitionDecorator('security.context_listener'));
+        $listener = $container->setDefinition($listenerId, new ChildDefinition('security.context_listener'));
         $listener->replaceArgument(2, $contextKey);
 
         return $this->contextListeners[$contextKey] = $listenerId;
@@ -461,7 +484,7 @@ class SecurityExtension extends Extension
         if (isset($firewall['anonymous'])) {
             $listenerId = 'security.authentication.listener.anonymous.'.$id;
             $container
-                ->setDefinition($listenerId, new DefinitionDecorator('security.authentication.listener.anonymous'))
+                ->setDefinition($listenerId, new ChildDefinition('security.authentication.listener.anonymous'))
                 ->replaceArgument(1, $firewall['anonymous']['secret'])
             ;
 
@@ -469,7 +492,7 @@ class SecurityExtension extends Extension
 
             $providerId = 'security.authentication.provider.anonymous.'.$id;
             $container
-                ->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.anonymous'))
+                ->setDefinition($providerId, new ChildDefinition('security.authentication.provider.anonymous'))
                 ->replaceArgument(0, $firewall['anonymous']['secret'])
             ;
 
@@ -582,7 +605,7 @@ class SecurityExtension extends Extension
             }
 
             $container
-                ->setDefinition($name, new DefinitionDecorator('security.user.provider.chain'))
+                ->setDefinition($name, new ChildDefinition('security.user.provider.chain'))
                 ->addArgument($providers);
 
             return $name;
@@ -599,7 +622,7 @@ class SecurityExtension extends Extension
     private function createExceptionListener($container, $config, $id, $defaultEntryPoint, $stateless)
     {
         $exceptionListenerId = 'security.exception_listener.'.$id;
-        $listener = $container->setDefinition($exceptionListenerId, new DefinitionDecorator('security.exception_listener'));
+        $listener = $container->setDefinition($exceptionListenerId, new ChildDefinition('security.exception_listener'));
         $listener->replaceArgument(3, $id);
         $listener->replaceArgument(4, null === $defaultEntryPoint ? null : new Reference($defaultEntryPoint));
         $listener->replaceArgument(8, $stateless);
@@ -619,7 +642,7 @@ class SecurityExtension extends Extension
         $userProvider = isset($config['provider']) ? $this->getUserProviderId($config['provider']) : $defaultProvider;
 
         $switchUserListenerId = 'security.authentication.switchuser_listener.'.$id;
-        $listener = $container->setDefinition($switchUserListenerId, new DefinitionDecorator('security.authentication.switchuser_listener'));
+        $listener = $container->setDefinition($switchUserListenerId, new ChildDefinition('security.authentication.switchuser_listener'));
         $listener->replaceArgument(1, new Reference($userProvider));
         $listener->replaceArgument(2, new Reference('security.user_checker.'.$id));
         $listener->replaceArgument(3, $id);