diff --git a/UPGRADE-8.0.md b/UPGRADE-8.0.md
index 80948b9422e55..051e2fd3cccb6 100644
--- a/UPGRADE-8.0.md
+++ b/UPGRADE-8.0.md
@@ -330,6 +330,20 @@ Security
* Remove `AbstractListener::__invoke`
* Remove `LazyFirewallContext::__invoke()`
+SecurityBundle
+--------------
+
+ * Remove the deprecated `hide_user_not_found` configuration option, use `expose_security_errors` instead
+
+ ```diff
+ # config/packages/security.yaml
+ security:
+ - hide_user_not_found: false
+ + expose_security_errors: true
+ ```
+
+ Note: `expose_security_errors: true` is equivalent to `hide_user_not_found: false`. The logic is inverted.
+
Serializer
----------
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
index 6bc26a1312870..4054a5625073e 100644
--- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
8.0
---
+ * Remove the deprecated `hide_user_not_found` configuration option, use `expose_security_errors` instead
* Remove `LazyFirewallContext::__invoke()`
7.4
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
index 0a2d32c9f3f4d..dca27a14720e4 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -56,29 +56,12 @@ public function getConfigTreeBuilder(): TreeBuilder
$rootNode
->docUrl('https://symfony.com/doc/{version:major}.{version:minor}/reference/configuration/security.html', 'symfony/security-bundle')
- ->beforeNormalization()
- ->always()
- ->then(function ($v) {
- if (isset($v['hide_user_not_found']) && isset($v['expose_security_errors'])) {
- throw new InvalidConfigurationException('You cannot use both "hide_user_not_found" and "expose_security_errors" at the same time.');
- }
-
- if (isset($v['hide_user_not_found']) && !isset($v['expose_security_errors'])) {
- $v['expose_security_errors'] = $v['hide_user_not_found'] ? ExposeSecurityLevel::None : ExposeSecurityLevel::All;
- }
-
- return $v;
- })
- ->end()
->children()
->scalarNode('access_denied_url')->defaultNull()->example('/foo/error403')->end()
->enumNode('session_fixation_strategy')
->values([SessionAuthenticationStrategy::NONE, SessionAuthenticationStrategy::MIGRATE, SessionAuthenticationStrategy::INVALIDATE])
->defaultValue(SessionAuthenticationStrategy::MIGRATE)
->end()
- ->booleanNode('hide_user_not_found')
- ->setDeprecated('symfony/security-bundle', '7.3', 'The "%node%" option is deprecated and will be removed in 8.0. Use the "expose_security_errors" option instead.')
- ->end()
->enumNode('expose_security_errors')
->beforeNormalization()->ifString()->then(fn ($v) => ExposeSecurityLevel::tryFrom($v))->end()
->values(ExposeSecurityLevel::cases())
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
index 6904a21b18113..7adf08ed4977e 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
@@ -259,42 +259,4 @@ public static function provideHideUserNotFoundData(): iterable
yield [['expose_security_errors' => 'all'], ExposeSecurityLevel::All];
}
- /**
- * @dataProvider provideHideUserNotFoundLegacyData
- *
- * @group legacy
- */
- public function testExposeSecurityErrorsWithLegacyConfig(array $config, ExposeSecurityLevel $expectedExposeSecurityErrors, ?bool $expectedHideUserNotFound)
- {
- $this->expectUserDeprecationMessage('Since symfony/security-bundle 7.3: The "hide_user_not_found" option is deprecated and will be removed in 8.0. Use the "expose_security_errors" option instead.');
-
- $config = array_merge(static::$minimalConfig, $config);
-
- $processor = new Processor();
- $configuration = new MainConfiguration([], []);
- $processedConfig = $processor->processConfiguration($configuration, [$config]);
-
- $this->assertEquals($expectedExposeSecurityErrors, $processedConfig['expose_security_errors']);
- $this->assertEquals($expectedHideUserNotFound, $processedConfig['hide_user_not_found']);
- }
-
- public static function provideHideUserNotFoundLegacyData(): iterable
- {
- yield [['hide_user_not_found' => true], ExposeSecurityLevel::None, true];
- yield [['hide_user_not_found' => false], ExposeSecurityLevel::All, false];
- }
-
- public function testCannotUseHideUserNotFoundAndExposeSecurityErrorsAtTheSameTime()
- {
- $processor = new Processor();
- $configuration = new MainConfiguration([], []);
-
- $this->expectException(InvalidConfigurationException::class);
- $this->expectExceptionMessage('You cannot use both "hide_user_not_found" and "expose_security_errors" at the same time.');
-
- $processor->processConfiguration($configuration, [static::$minimalConfig + [
- 'hide_user_not_found' => true,
- 'expose_security_errors' => ExposeSecurityLevel::None,
- ]]);
- }
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy