AutoLogin

Includes #25, which fixes compatibility with Symfony 5.0 compatibility by splitting Security component dependencies.

Includes #23, which modifies AutoLoginListener to extend AbstractListener (see: symfony/symfony@b20ebe6b908cadca5c37040f305a101ce8cdf981). Also includes #24, which adds CI.

This release bumps the lowest Symfony requirement to 4.4, and 4.4.1 specifically for the Security component.

Includes #22, which fixes AutoLoginToken serialization for symfony/security-core > 4.3.

Includes #21, which allows compatibility with Symfony 5.0 and bumps the lowest Symfony requirement to 4.3.

Includes #20, which allows compatibility with Symfony 4.0.

Includes #18, which allows compatibility with Symfony 3.0 and bumps the lowest Symfony requirement to 2.2. AutoLoginListener's constructor now takes a PSR-3 LoggerInterface instead of Symfony 2.x's HttpKernel LoggerInterface. Symfony 2.x's class has extended PSR-3's interface since 2.2, so this is not a BC break.

Includes #13, which allows the AutoLoginListener to be constructed with a Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface instance (introduced in Symfony 2.6). Symfony\Component\Security\Core\SecurityContextInterface, which will be removed in Symfony 3.0, is still supported for backwards compatibility.

Includes #11, which adds logic in the authentication provider to check for the user in the token before querying the user provider. In some cases on Symfony 2.6.x and earlier, loadUserByAutoLoginToken() might have been called with a null key value.

Adds an override_already_authenticated option to the listener service, which allows customization of the default behavior to do nothing after emitting an "already authenticated" event. This option makes it possible to use auto-login links to override an existing authenticated user, where previously a user would need to manually log out. See the README for additional documentation.

Implements support for dispatching a new "already authenticated" event when a token parameter is found in the request but a user is already authenticated. See the README for additional documentation and a practical use case for this feature.