symfony
diff --git a/‎.github/expected-missing-return-types.diff
Lines changed: 10 additions & 17 deletions b/‎.github/expected-missing-return-types.diff
Lines changed: 10 additions & 17 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
Lines changed: 0 additions & 16 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
Lines changed: 0 additions & 16 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
Lines changed: 0 additions & 15 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
Lines changed: 0 additions & 15 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 3 additions & 18 deletions b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 3 additions & 18 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
Lines changed: 0 additions & 3 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
Lines changed: 0 additions & 3 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Security.php
Lines changed: 29 additions & 4 deletions b/‎src/Symfony/Bundle/SecurityBundle/Security.php
Lines changed: 29 additions & 4 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
Lines changed: 4 additions & 29 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
Lines changed: 4 additions & 29 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
Lines changed: 0 additions & 15 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
Lines changed: 0 additions & 15 deletions
diff --git a/‎src/Symfony/Component/Ldap/CHANGELOG.md
Lines changed: 5 additions & 0 deletions b/‎src/Symfony/Component/Ldap/CHANGELOG.md
Lines changed: 5 additions & 0 deletions
@@ -2389,10 +2389,10 @@ index cecce6c01b..f2e0c7fdf5 100644
      {
          parent::newLine($count);
 diff --git a/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php b/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php
-index 6ad89dc522..40020baee7 100644
+index 10bed7d031..e26109851f 100644
 --- a/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php
 +++ b/src/Symfony/Component/Console/Tests/EventListener/ErrorListenerTest.php
-@@ -141,5 +141,5 @@ class NonStringInput extends Input
+@@ -128,5 +128,5 @@ class NonStringInput extends Input
      }
 
 -    public function parse()
@@ -9981,17 +9981,17 @@ index eabfe17bba..5a41823338 100644
      {
          throw new \BadMethodCallException('Cannot add attribute to NullToken.');
 diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
-index 0ec6b1cfb9..2e235a6069 100644
+index 8acc31bca2..25779a31b5 100644
 --- a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
 +++ b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/TokenStorage.php
@@ -41,5 +41,5 @@ class TokenStorage implements TokenStorageInterface, ResetInterface
       * @return void
       */
--    public function setToken(TokenInterface $token = null)
-+    public function setToken(TokenInterface $token = null): void
+-    public function setToken(?TokenInterface $token)
++    public function setToken(?TokenInterface $token): void
      {
-         if (1 > \func_num_args()) {
-@@ -64,5 +64,5 @@ class TokenStorage implements TokenStorageInterface, ResetInterface
+         if ($token) {
+@@ -60,5 +60,5 @@ class TokenStorage implements TokenStorageInterface, ResetInterface
       * @return void
       */
 -    public function reset()
@@ -10172,23 +10172,16 @@ index a493b00e79..377dcacc09 100644
      {
      }
 diff --git a/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php b/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
-index e0aef90a14..651578d1f1 100644
+index 13441bc758..e2bc96ff48 100644
 --- a/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
 +++ b/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
-@@ -55,5 +55,5 @@ class InMemoryUserProvider implements UserProviderInterface
-      * @throws \LogicException
+@@ -53,5 +53,5 @@ class InMemoryUserProvider implements UserProviderInterface
+      * @return void
       */
 -    public function createUser(UserInterface $user)
 +    public function createUser(UserInterface $user): void
      {
          if (!$user instanceof InMemoryUser) {
-@@ -100,5 +100,5 @@ class InMemoryUserProvider implements UserProviderInterface
-      * @throws UserNotFoundException if user whose given username does not exist
-      */
--    private function getUser(string $username): UserInterface
-+    private function getUser(string $username): InMemoryUser
-     {
-         if (!isset($this->users[strtolower($username)])) {
 diff --git a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php b/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php
 index 91f21c71d0..95e818392e 100644
 --- a/src/Symfony/Component/Security/Core/User/UserCheckerInterface.php
 
@@ -5,6 +5,7 @@ CHANGELOG
 ---
 
  * Enabling SecurityBundle and not configuring it is not allowed
+ * Remove configuration options `enable_authenticator_manager` and `csrf_token_generator`
 
 6.3
 ---
 
@@ -65,7 +65,6 @@ public function getConfigTreeBuilder(): TreeBuilder
                 ->end()
                 ->booleanNode('hide_user_not_found')->defaultTrue()->end()
                 ->booleanNode('erase_credentials')->defaultTrue()->end()
-                ->booleanNode('enable_authenticator_manager')->setDeprecated('symfony/security-bundle', '6.2', 'The "%node%" option at "%path%" is deprecated.')->defaultTrue()->end()
                 ->arrayNode('access_decision_manager')
                     ->addDefaultsIfNotSet()
                     ->children()
@@ -216,14 +215,6 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
             ->arrayNode('logout')
                 ->treatTrueLike([])
                 ->canBeUnset()
-                ->beforeNormalization()
-                    ->ifTrue(fn ($v): bool => isset($v['csrf_token_generator']) && !isset($v['csrf_token_manager']))
-                    ->then(function (array $v): array {
-                        $v['csrf_token_manager'] = $v['csrf_token_generator'];
-
-                        return $v;
-                    })
-                ->end()
                 ->beforeNormalization()
                     ->ifTrue(fn ($v): bool => \is_array($v) && (isset($v['csrf_token_manager']) xor isset($v['enable_csrf'])))
                     ->then(function (array $v): array {
@@ -240,13 +231,6 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
                     ->booleanNode('enable_csrf')->defaultNull()->end()
                     ->scalarNode('csrf_token_id')->defaultValue('logout')->end()
                     ->scalarNode('csrf_parameter')->defaultValue('_csrf_token')->end()
-                    ->scalarNode('csrf_token_generator')
-                        ->setDeprecated(
-                            'symfony/security-bundle',
-                            '6.3',
-                            'The "%node%" option is deprecated. Use "csrf_token_manager" instead.'
-                        )
-                    ->end()
                     ->scalarNode('csrf_token_manager')->end()
                     ->scalarNode('path')->defaultValue('/logout')->end()
                     ->scalarNode('target')->defaultValue('/')->end()
 
@@ -50,23 +50,8 @@ public function getKey(): string
         return 'form-login';
     }
 
-    public function addConfiguration(NodeDefinition $node): void
-    {
-        parent::addConfiguration($node);
-
-        $node
-            ->children()
-                ->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
-            ->end()
-        ;
-    }
-
     public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
     {
-        if (isset($config['csrf_token_generator'])) {
-            throw new InvalidConfigurationException('The "csrf_token_generator" on "form_login" does not exist, use "enable_csrf" instead.');
-        }
-
         $authenticatorId = 'security.authenticator.form_login.'.$firewallName;
         $options = array_intersect_key($config, $this->options);
         $authenticator = $container
 
@@ -54,7 +54,6 @@
 use Symfony\Component\Security\Core\Authorization\Strategy\PriorityStrategy;
 use Symfony\Component\Security\Core\Authorization\Strategy\UnanimousStrategy;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
-use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\User\ChainUserChecker;
 use Symfony\Component\Security\Core\User\ChainUserProvider;
 use Symfony\Component\Security\Core\User\UserCheckerInterface;
@@ -91,7 +90,7 @@ public function prepend(ContainerBuilder $container): void
     public function load(array $configs, ContainerBuilder $container): void
     {
         if (!array_filter($configs)) {
-            throw new InvalidArgumentException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class));
+            throw new InvalidConfigurationException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class));
         }
 
         $mainConfig = $this->getConfiguration($configs, $container);
@@ -104,11 +103,6 @@ public function load(array $configs, ContainerBuilder $container): void
         $loader->load('security.php');
         $loader->load('password_hasher.php');
         $loader->load('security_listeners.php');
-
-        if (!$config['enable_authenticator_manager']) {
-            throw new InvalidConfigurationException('"security.enable_authenticator_manager" must be set to "true".');
-        }
-
         $loader->load('security_authenticator.php');
         $loader->load('security_authenticator_access_token.php');
 
@@ -177,11 +171,6 @@ public function load(array $configs, ContainerBuilder $container): void
 
         $container->registerForAutoconfiguration(VoterInterface::class)
             ->addTag('security.voter');
-
-        // required for compatibility with Symfony 5.4
-        $container->getDefinition('security.access_listener')->setArgument(3, false);
-        $container->getDefinition('security.authorization_checker')->setArgument(2, false);
-        $container->getDefinition('security.authorization_checker')->setArgument(3, false);
     }
 
     /**
@@ -669,15 +658,11 @@ private function getUserProvider(ContainerBuilder $container, string $id, array
             return $this->createMissingUserProvider($container, $id, $factoryKey);
         }
 
-        if ('remember_me' === $factoryKey || 'anonymous' === $factoryKey || 'custom_authenticators' === $factoryKey) {
-            if ('custom_authenticators' === $factoryKey) {
-                trigger_deprecation('symfony/security-bundle', '5.4', 'Not configuring explicitly the provider for the "%s" firewall is deprecated because it\'s ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.', $id);
-            }
-
+        if ('remember_me' === $factoryKey || 'anonymous' === $factoryKey) {
             return 'security.user_providers';
         }
 
-        throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider.', $factoryKey, $id));
+        throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.', $factoryKey, $id));
     }
 
     private function createMissingUserProvider(ContainerBuilder $container, string $id, string $factoryKey): string
 
@@ -35,7 +35,6 @@
 use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
 use Symfony\Component\Security\Core\Role\RoleHierarchy;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
-use Symfony\Component\Security\Core\Security as LegacySecurity;
 use Symfony\Component\Security\Core\User\ChainUserProvider;
 use Symfony\Component\Security\Core\User\InMemoryUserChecker;
 use Symfony\Component\Security\Core\User\InMemoryUserProvider;
@@ -94,8 +93,6 @@
                 abstract_arg('authenticators'),
             ])
         ->alias(Security::class, 'security.helper')
-        ->alias(LegacySecurity::class, 'security.helper')
-            ->deprecate('symfony/security-bundle', '6.2', 'The "%alias_id%" service alias is deprecated, use "'.Security::class.'" instead.')
 
         ->set('security.user_value_resolver', UserValueResolver::class)
             ->args([
 
@@ -16,9 +16,10 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Exception\LogicException;
 use Symfony\Component\Security\Core\Exception\LogoutException;
-use Symfony\Component\Security\Core\Security as LegacySecurity;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Csrf\CsrfToken;
 use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
@@ -36,15 +37,39 @@
  *
  * @final
  */
-class Security extends LegacySecurity
+class Security implements AuthorizationCheckerInterface
 {
     public const ACCESS_DENIED_ERROR = SecurityRequestAttributes::ACCESS_DENIED_ERROR;
     public const AUTHENTICATION_ERROR = SecurityRequestAttributes::AUTHENTICATION_ERROR;
     public const LAST_USERNAME = SecurityRequestAttributes::LAST_USERNAME;
 
-    public function __construct(private readonly ContainerInterface $container, private readonly array $authenticators = [])
+    public function __construct(
+        private readonly ContainerInterface $container,
+        private readonly array $authenticators = [],
+    ) {
+    }
+
+    public function getUser(): ?UserInterface
+    {
+        if (!$token = $this->getToken()) {
+            return null;
+        }
+
+        return $token->getUser();
+    }
+
+    /**
+     * Checks if the attributes are granted against the current authentication token and optionally supplied subject.
+     */
+    public function isGranted(mixed $attributes, mixed $subject = null): bool
+    {
+        return $this->container->get('security.authorization_checker')
+            ->isGranted($attributes, $subject);
+    }
+
+    public function getToken(): ?TokenInterface
     {
-        parent::__construct($container, false);
+        return $this->container->get('security.token_storage')->getToken();
     }
 
     public function getFirewallConfig(Request $request): ?FirewallConfig
 
@@ -30,7 +30,6 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
-use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\User\InMemoryUserChecker;
 use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
@@ -162,8 +161,6 @@ public function testPerListenerProvider()
 
     public function testMissingProviderForListener()
     {
-        $this->expectException(InvalidConfigurationException::class);
-        $this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" authenticator on "ambiguous" firewall is ambiguous as there is more than one registered provider.');
         $container = $this->getRawContainer();
         $container->loadFromExtension('security', [
             'providers' => [
@@ -179,6 +176,9 @@ public function testMissingProviderForListener()
             ],
         ]);
 
+        $this->expectException(InvalidConfigurationException::class);
+        $this->expectExceptionMessage('Not configuring explicitly the provider for the "http_basic" authenticator on "ambiguous" firewall is ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.');
+
         $container->compile();
     }
 
@@ -476,31 +476,6 @@ public function testDoNotRegisterTheUserProviderAliasWithMultipleProviders()
         $this->assertFalse($container->has(UserProviderInterface::class));
     }
 
-    /**
-     * @group legacy
-     */
-    public function testFirewallWithNoUserProviderTriggerDeprecation()
-    {
-        $container = $this->getRawContainer();
-
-        $container->loadFromExtension('security', [
-            'providers' => [
-                'first' => ['id' => 'foo'],
-                'second' => ['id' => 'foo'],
-            ],
-
-            'firewalls' => [
-                'some_firewall' => [
-                    'custom_authenticator' => 'my_authenticator',
-                ],
-            ],
-        ]);
-
-        $this->expectDeprecation('Since symfony/security-bundle 5.4: Not configuring explicitly the provider for the "some_firewall" firewall is deprecated because it\'s ambiguous as there is more than one registered provider. Set the "provider" key to one of the configured providers, even if your custom authenticators don\'t use it.');
-
-        $container->compile();
-    }
-
     /**
      * @dataProvider acceptableIpsProvider
      */
@@ -878,7 +853,7 @@ public function testNothingDoneWithEmptyConfiguration()
 
         $container->loadFromExtension('security');
 
-        $this->expectException(InvalidArgumentException::class);
+        $this->expectException(InvalidConfigurationException::class);
         $this->expectExceptionMessage('Enabling bundle "Symfony\Bundle\SecurityBundle\SecurityBundle" and not configuring it is not allowed.');
 
         $container->compile();
 
@@ -13,21 +13,6 @@
 
 class AuthenticatorTest extends AbstractWebTestCase
 {
-    /**
-     * @group legacy
-     *
-     * @dataProvider provideEmails
-     */
-    public function testLegacyGlobalUserProvider($email)
-    {
-        $client = $this->createClient(['test_case' => 'Authenticator', 'root_config' => 'implicit_user_provider.yml']);
-
-        $client->request('GET', '/profile', [], [], [
-            'HTTP_X-USER-EMAIL' => $email,
-        ]);
-        $this->assertJsonStringEqualsJsonString('{"email":"'.$email.'"}', $client->getResponse()->getContent());
-    }
-
     /**
      * @dataProvider provideEmails
      */
 
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+7.0
+---
+
+ * Remove `{username}` parameter, use `{user_identifier}` instead
+
 6.2
 ---