Merge branch '5.2' into 5.x

nicolas-grekas · nicolas-grekas · commit 647d1925c5df · 2021-05-12T15:40:11.000+02:00
* 5.2:
  [CI][Psalm] Install stable/released PHPUnit
  [Security] Add missing Finnish translations
  [Security][Guard] Prevent user enumeration via response content
diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php
@@ -502,7 +502,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $
                 ->replaceArgument(0, $authenticators)
                 ->replaceArgument(2, new Reference($firewallEventDispatcherId))
                 ->replaceArgument(3, $id)
-                ->replaceArgument(6, $firewall['required_badges'] ?? [])
+                ->replaceArgument(7, $firewall['required_badges'] ?? [])
                 ->addTag('monolog.logger', ['channel' => 'security'])
             ;
 
diff --git a/Resources/config/guard.php b/Resources/config/guard.php
@@ -45,6 +45,7 @@
                 abstract_arg('Provider-shared Key'),
                 abstract_arg('Authenticators'),
                 service('logger')->nullOnInvalid(),
+                param('security.authentication.hide_user_not_found'),
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
     ;
diff --git a/Resources/config/security_authenticator.php b/Resources/config/security_authenticator.php
@@ -44,6 +44,7 @@
                 abstract_arg('provider key'),
                 service('logger')->nullOnInvalid(),
                 param('security.authentication.manager.erase_credentials'),
+                param('security.authentication.hide_user_not_found'),
                 abstract_arg('required badges'),
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
diff --git a/Tests/DependencyInjection/CompleteConfigurationTest.php b/Tests/DependencyInjection/CompleteConfigurationTest.php
@@ -43,7 +43,7 @@ public function testAuthenticatorManager()
         $this->assertEquals(AuthenticatorManager::class, $authenticatorManager->getClass());
 
         // required badges
-        $this->assertEquals([CsrfTokenBadge::class, RememberMeBadge::class], $authenticatorManager->getArgument(6));
+        $this->assertEquals([CsrfTokenBadge::class, RememberMeBadge::class], $authenticatorManager->getArgument(7));
 
         // login link
         $expiredStorage = $container->getDefinition($expiredStorageId = 'security.authenticator.expired_login_link_storage.main');
diff --git a/Tests/Functional/AuthenticatorTest.php b/Tests/Functional/AuthenticatorTest.php
@@ -40,7 +40,7 @@ public function testFirewallUserProvider($email, $withinFirewall)
         if ($withinFirewall) {
             $this->assertJsonStringEqualsJsonString('{"email":"'.$email.'"}', $client->getResponse()->getContent());
         } else {
-            $this->assertJsonStringEqualsJsonString('{"error":"Username could not be found."}', $client->getResponse()->getContent());
+            $this->assertJsonStringEqualsJsonString('{"error":"Invalid credentials."}', $client->getResponse()->getContent());
         }
     }
 
diff --git a/Tests/Functional/FormLoginTest.php b/Tests/Functional/FormLoginTest.php
@@ -142,7 +142,7 @@ public function testLoginThrottling()
 
                     break;
                 case 2: // Third attempt with unexisting username
-                    $this->assertStringContainsString('Username could not be found.', $text, 'Invalid response on 3rd attempt');
+                    $this->assertStringContainsString('Invalid credentials.', $text, 'Invalid response on 3rd attempt');
 
                     break;
                 case 3: // Fourth attempt : still login throttling !

Original file line number	Diff line number	Diff line change
`@@ -502,7 +502,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $`
`502`	`502`	`->replaceArgument(0, $authenticators)`
`503`	`503`	`->replaceArgument(2, new Reference($firewallEventDispatcherId))`
`504`	`504`	`->replaceArgument(3, $id)`
`505`		`- ->replaceArgument(6, $firewall['required_badges'] ?? [])`
	`505`	`+ ->replaceArgument(7, $firewall['required_badges'] ?? [])`
`506`	`506`	`->addTag('monolog.logger', ['channel' => 'security'])`
`507`	`507`	`;`
`508`	`508`
Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@`
`45`	`45`	`abstract_arg('Provider-shared Key'),`
`46`	`46`	`abstract_arg('Authenticators'),`
`47`	`47`	`service('logger')->nullOnInvalid(),`
	`48`	`+ param('security.authentication.hide_user_not_found'),`
`48`	`49`	`])`
`49`	`50`	`->tag('monolog.logger', ['channel' => 'security'])`
`50`	`51`	`;`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ public function testFirewallUserProvider($email, $withinFirewall)`
`40`	`40`	`if ($withinFirewall) {`
`41`	`41`	`$this->assertJsonStringEqualsJsonString('{"email":"'.$email.'"}', $client->getResponse()->getContent());`
`42`	`42`	`} else {`
`43`		`- $this->assertJsonStringEqualsJsonString('{"error":"Username could not be found."}', $client->getResponse()->getContent());`
	`43`	`+ $this->assertJsonStringEqualsJsonString('{"error":"Invalid credentials."}', $client->getResponse()->getContent());`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`