Merge branch '6.4' into 7.0

* 6.4:
  Update FileProfilerStorage.php
  [Security] Allow custom scheme to be used as redirection URIs
  [Validator] Do not mock metadata factory on debug command tests
  [HttpKernel][WebProfilerBundle] Fix search feature
  [ErrorHandler] Avoid compile crash while trying to find candidate when a class is not found
  [Security] Make `PersistentToken` immutable and tell `TokenProviderInterface::updateToken()` implementations should accept `DateTimeInterface`
  do not listen to signals if the pcntl extension is missing
  [DependencyInjection] Improve reporting named autowiring aliases
  [DependencyInjection] Make better use of memory and CPU during auto-discovery
  update Intl component to take into account B-variant when converting Alpha3 to Alpha2. fixing issue with Darwin.
  [VarDumper] Fix dumping `ArrayObject` with `DumpDataCollector`
  [VarDumper] Add tests to demonstrate a bug when dumping ArrayObject with full stack fmk
  [DebugBundle][FrameworkBundle] Fix using the framework without the Console component
  [FrameworkBundle] Add missing monolog channel tag to the `messenger:failed:retry` command
  fetch all known ChoiceType values at once
  [RateLimiter] fix incorrect retryAfter of FixedWindow
  Fix Finder phpdoc
  [TwigBundle] Allow omitting the `autoescape_service_method` option when `autoescape_service` is set to an invokable service id
  [PropertyAccess] Auto-cast from/to DateTime/Immutable when appropriate

Author: nicolas-grekas

Authentication/RememberMe/InMemoryTokenProvider.php

@@ -18,7 +18,7 @@
  *
  * @author Johannes M. Schmitt <[email protected]>
  */
-class InMemoryTokenProvider implements TokenProviderInterface
+final class InMemoryTokenProvider implements TokenProviderInterface
 {
     private array $tokens = [];
 
@@ -31,7 +31,7 @@ public function loadTokenBySeries(string $series): PersistentTokenInterface
         return $this->tokens[$series];
     }
 
-    public function updateToken(string $series, #[\SensitiveParameter] string $tokenValue, \DateTime $lastUsed): void
+    public function updateToken(string $series, #[\SensitiveParameter] string $tokenValue, \DateTimeInterface $lastUsed)
     {
         if (!isset($this->tokens[$series])) {
             throw new TokenNotFoundException('No token found.');

Authentication/RememberMe/PersistentToken.php

@@ -22,9 +22,9 @@ final class PersistentToken implements PersistentTokenInterface
     private string $userIdentifier;
     private string $series;
     private string $tokenValue;
-    private \DateTime $lastUsed;
+    private \DateTimeImmutable $lastUsed;
 
-    public function __construct(string $class, string $userIdentifier, string $series, #[\SensitiveParameter] string $tokenValue, \DateTime $lastUsed)
+    public function __construct(string $class, string $userIdentifier, string $series, #[\SensitiveParameter] string $tokenValue, \DateTimeInterface $lastUsed)
     {
         if (empty($class)) {
             throw new \InvalidArgumentException('$class must not be empty.');
@@ -43,7 +43,7 @@ public function __construct(string $class, string $userIdentifier, string $serie
         $this->userIdentifier = $userIdentifier;
         $this->series = $series;
         $this->tokenValue = $tokenValue;
-        $this->lastUsed = $lastUsed;
+        $this->lastUsed = \DateTimeImmutable::createFromInterface($lastUsed);
     }
 
     public function getClass(): string
@@ -68,6 +68,6 @@ public function getTokenValue(): string
 
     public function getLastUsed(): \DateTime
     {
-        return $this->lastUsed;
+        return \DateTime::createFromImmutable($this->lastUsed);
     }
 }

Authentication/RememberMe/PersistentTokenInterface.php

@@ -36,6 +36,8 @@ public function getTokenValue(): string;
 
     /**
      * Returns the time the token was last used.
+     *
+     * Each call SHOULD return a new distinct DateTime instance.
      */
     public function getLastUsed(): \DateTime;
 

Authentication/RememberMe/TokenProviderInterface.php

@@ -39,6 +39,8 @@ public function deleteTokenBySeries(string $series);
     /**
      * Updates the token according to this data.
      *
+     * @param \DateTimeInterface $lastUsed Accepting only DateTime is deprecated since Symfony 6.4
+     *
      * @return void
      *
      * @throws TokenNotFoundException if the token is not found

CHANGELOG.md

@@ -1,12 +1,19 @@
 CHANGELOG
 =========
 
+
 7.0
 ---
 
  * Remove the `Security` class, use `Symfony\Bundle\SecurityBundle\Security` instead
  * Require explicit argument when calling `TokenStorage::setToken()`
 
+6.4
+---
+
+ * Make `PersistentToken` immutable
+ * Deprecate accepting only `DateTime` for `TokenProviderInterface::updateToken()`, use `DateTimeInterface` instead
+
 6.3
 ---
 

Tests/Authentication/RememberMe/CacheTokenVerifierTest.php

@@ -21,23 +21,23 @@ class CacheTokenVerifierTest extends TestCase
     public function testVerifyCurrentToken()
     {
         $verifier = new CacheTokenVerifier(new ArrayAdapter());
-        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTime());
+        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
         $this->assertTrue($verifier->verifyToken($token, 'value'));
     }
 
     public function testVerifyFailsInvalidToken()
     {
         $verifier = new CacheTokenVerifier(new ArrayAdapter());
-        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTime());
+        $token = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
         $this->assertFalse($verifier->verifyToken($token, 'wrong-value'));
     }
 
     public function testVerifyOutdatedToken()
     {
         $verifier = new CacheTokenVerifier(new ArrayAdapter());
-        $outdatedToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTime());
-        $newToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'newvalue', new \DateTime());
-        $verifier->updateExistingToken($outdatedToken, 'newvalue', new \DateTime());
+        $outdatedToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'value', new \DateTimeImmutable());
+        $newToken = new PersistentToken('class', 'user', 'series1@special:chars=/', 'newvalue', new \DateTimeImmutable());
+        $verifier->updateExistingToken($outdatedToken, 'newvalue', new \DateTimeImmutable());
         $this->assertTrue($verifier->verifyToken($newToken, 'value'));
     }
 }

Tests/Authentication/RememberMe/InMemoryTokenProviderTest.php

@@ -22,7 +22,7 @@ public function testCreateNewToken()
     {
         $provider = new InMemoryTokenProvider();
 
-        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTime());
+        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable());
         $provider->createNewToken($token);
 
         $this->assertSame($provider->loadTokenBySeries('foo'), $token);
@@ -39,21 +39,21 @@ public function testUpdateToken()
     {
         $provider = new InMemoryTokenProvider();
 
-        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTime());
+        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable());
         $provider->createNewToken($token);
         $provider->updateToken('foo', 'newFoo', $lastUsed = new \DateTime());
         $token = $provider->loadTokenBySeries('foo');
 
         $this->assertEquals('newFoo', $token->getTokenValue());
-        $this->assertSame($token->getLastUsed(), $lastUsed);
+        $this->assertEquals($token->getLastUsed(), $lastUsed);
     }
 
     public function testDeleteToken()
     {
         $this->expectException(TokenNotFoundException::class);
         $provider = new InMemoryTokenProvider();
 
-        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTime());
+        $token = new PersistentToken('foo', 'foo', 'foo', 'foo', new \DateTimeImmutable());
         $provider->createNewToken($token);
         $provider->deleteTokenBySeries('foo');
         $provider->loadTokenBySeries('foo');

Tests/Authentication/RememberMe/PersistentTokenTest.php

@@ -18,13 +18,21 @@ class PersistentTokenTest extends TestCase
 {
     public function testConstructor()
     {
-        $lastUsed = new \DateTime();
+        $lastUsed = new \DateTimeImmutable();
         $token = new PersistentToken('fooclass', 'fooname', 'fooseries', 'footokenvalue', $lastUsed);
 
         $this->assertEquals('fooclass', $token->getClass());
         $this->assertEquals('fooname', $token->getUserIdentifier());
         $this->assertEquals('fooseries', $token->getSeries());
         $this->assertEquals('footokenvalue', $token->getTokenValue());
-        $this->assertSame($lastUsed, $token->getLastUsed());
+        $this->assertEquals($lastUsed, $token->getLastUsed());
+    }
+
+    public function testDateTime()
+    {
+        $lastUsed = new \DateTime();
+        $token = new PersistentToken('fooclass', 'fooname', 'fooseries', 'footokenvalue', $lastUsed);
+
+        $this->assertEquals($lastUsed, $token->getLastUsed());
     }
 }