From 3b1b64ab12e74d76fedddd1df1fa68bd014d3efb Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Thu, 10 Jul 2025 09:12:18 +0200 Subject: [PATCH 1/2] CS fixes --- Command/DebugFirewallCommand.php | 30 +++++++++---------- DataCollector/SecurityDataCollector.php | 2 +- .../Compiler/AddSecurityVotersPass.php | 2 +- .../AddSessionDomainConstraintPass.php | 6 ++-- .../Compiler/RegisterEntryPointPass.php | 2 +- .../ReplaceDecoratedRememberMeHandlerPass.php | 2 +- .../Compiler/SortFirewallListenersPass.php | 2 +- DependencyInjection/MainConfiguration.php | 8 ++--- .../Security/Factory/AccessTokenFactory.php | 6 ++-- .../Security/Factory/LoginLinkFactory.php | 4 +-- .../Factory/LoginThrottlingFactory.php | 4 +-- .../Security/Factory/RememberMeFactory.php | 4 +-- .../Factory/SignatureAlgorithmFactory.php | 4 +-- DependencyInjection/SecurityExtension.php | 25 ++++++++-------- Resources/config/security_authenticator.php | 2 +- Security.php | 10 +++---- Security/FirewallAwareTrait.php | 2 +- Security/FirewallConfig.php | 2 +- .../SecurityDataCollectorTest.php | 4 +-- Tests/Functional/AccessTokenTest.php | 2 +- .../Controller/FooController.php | 2 +- .../Http/JsonAuthenticationSuccessHandler.php | 2 +- .../Controller/TestController.php | 2 +- .../Http/JsonAuthenticationSuccessHandler.php | 2 +- .../TestCustomLoginLinkSuccessHandler.php | 2 +- .../Security/Core/User/ArrayUserProvider.php | 4 +-- Tests/Functional/RememberMeCookieTest.php | 2 +- Tests/Functional/SecurityTest.php | 4 +-- Tests/Functional/app/AppKernel.php | 6 ++-- Tests/SecurityTest.php | 4 +-- 30 files changed, 77 insertions(+), 76 deletions(-) diff --git a/Command/DebugFirewallCommand.php b/Command/DebugFirewallCommand.php index f728408b..5499d165 100644 --- a/Command/DebugFirewallCommand.php +++ b/Command/DebugFirewallCommand.php @@ -75,7 +75,7 @@ protected function configure(): void EOF ) ->setDefinition([ - new InputArgument('name', InputArgument::OPTIONAL, sprintf('A firewall name (for example "%s")', $exampleName)), + new InputArgument('name', InputArgument::OPTIONAL, \sprintf('A firewall name (for example "%s")', $exampleName)), new InputOption('events', null, InputOption::VALUE_NONE, 'Include a list of event listeners (only available in combination with the "name" argument)'), ]); } @@ -92,10 +92,10 @@ protected function execute(InputInterface $input, OutputInterface $output): int return 0; } - $serviceId = sprintf('security.firewall.map.context.%s', $name); + $serviceId = \sprintf('security.firewall.map.context.%s', $name); if (!$this->contexts->has($serviceId)) { - $io->error(sprintf('Firewall %s was not found. Available firewalls are: %s', $name, implode(', ', $this->firewallNames))); + $io->error(\sprintf('Firewall %s was not found. Available firewalls are: %s', $name, implode(', ', $this->firewallNames))); return 1; } @@ -103,7 +103,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int /** @var FirewallContext $context */ $context = $this->contexts->get($serviceId); - $io->title(sprintf('Firewall "%s"', $name)); + $io->title(\sprintf('Firewall "%s"', $name)); $this->displayFirewallSummary($name, $context, $io); @@ -125,7 +125,7 @@ protected function displayFirewallList(SymfonyStyle $io): void $io->listing($this->firewallNames); - $io->comment(sprintf('To view details of a specific firewall, re-run this command with a firewall name. (e.g. debug:firewall %s)', $this->getExampleName())); + $io->comment(\sprintf('To view details of a specific firewall, re-run this command with a firewall name. (e.g. debug:firewall %s)', $this->getExampleName())); } protected function displayFirewallSummary(string $name, FirewallContext $context, SymfonyStyle $io): void @@ -169,9 +169,9 @@ private function displaySwitchUser(FirewallContext $context, SymfonyStyle $io): protected function displayEventListeners(string $name, FirewallContext $context, SymfonyStyle $io): void { - $io->title(sprintf('Event listeners for firewall "%s"', $name)); + $io->title(\sprintf('Event listeners for firewall "%s"', $name)); - $dispatcherId = sprintf('security.event_dispatcher.%s', $name); + $dispatcherId = \sprintf('security.event_dispatcher.%s', $name); if (!$this->eventDispatchers->has($dispatcherId)) { $io->text('No event dispatcher has been registered for this firewall.'); @@ -183,12 +183,12 @@ protected function displayEventListeners(string $name, FirewallContext $context, $dispatcher = $this->eventDispatchers->get($dispatcherId); foreach ($dispatcher->getListeners() as $event => $listeners) { - $io->section(sprintf('"%s" event', $event)); + $io->section(\sprintf('"%s" event', $event)); $rows = []; foreach ($listeners as $order => $listener) { $rows[] = [ - sprintf('#%d', $order + 1), + \sprintf('#%d', $order + 1), $this->formatCallable($listener), $dispatcher->getListenerPriority($event, $listener), ]; @@ -203,7 +203,7 @@ protected function displayEventListeners(string $name, FirewallContext $context, private function displayAuthenticators(string $name, SymfonyStyle $io): void { - $io->title(sprintf('Authenticators for firewall "%s"', $name)); + $io->title(\sprintf('Authenticators for firewall "%s"', $name)); $authenticators = $this->authenticators[$name] ?? []; @@ -226,14 +226,14 @@ private function formatCallable(mixed $callable): string { if (\is_array($callable)) { if (\is_object($callable[0])) { - return sprintf('%s::%s()', $callable[0]::class, $callable[1]); + return \sprintf('%s::%s()', $callable[0]::class, $callable[1]); } - return sprintf('%s::%s()', $callable[0], $callable[1]); + return \sprintf('%s::%s()', $callable[0], $callable[1]); } if (\is_string($callable)) { - return sprintf('%s()', $callable); + return \sprintf('%s()', $callable); } if ($callable instanceof \Closure) { @@ -242,14 +242,14 @@ private function formatCallable(mixed $callable): string return 'Closure()'; } if ($class = \PHP_VERSION_ID >= 80111 ? $r->getClosureCalledClass() : $r->getClosureScopeClass()) { - return sprintf('%s::%s()', $class->name, $r->name); + return \sprintf('%s::%s()', $class->name, $r->name); } return $r->name.'()'; } if (method_exists($callable, '__invoke')) { - return sprintf('%s::__invoke()', $callable::class); + return \sprintf('%s::__invoke()', $callable::class); } throw new \InvalidArgumentException('Callable is not describable.'); diff --git a/DataCollector/SecurityDataCollector.php b/DataCollector/SecurityDataCollector.php index 2c0562e4..85043db5 100644 --- a/DataCollector/SecurityDataCollector.php +++ b/DataCollector/SecurityDataCollector.php @@ -187,7 +187,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep if ($this->data['impersonated'] && null !== $switchUserConfig = $firewallConfig->getSwitchUser()) { $exitPath = $request->getRequestUri(); $exitPath .= null === $request->getQueryString() ? '?' : '&'; - $exitPath .= sprintf('%s=%s', urlencode($switchUserConfig['parameter']), SwitchUserListener::EXIT_VALUE); + $exitPath .= \sprintf('%s=%s', urlencode($switchUserConfig['parameter']), SwitchUserListener::EXIT_VALUE); $this->data['impersonation_exit_path'] = $exitPath; } diff --git a/DependencyInjection/Compiler/AddSecurityVotersPass.php b/DependencyInjection/Compiler/AddSecurityVotersPass.php index 8a2bad79..36750a8f 100644 --- a/DependencyInjection/Compiler/AddSecurityVotersPass.php +++ b/DependencyInjection/Compiler/AddSecurityVotersPass.php @@ -52,7 +52,7 @@ public function process(ContainerBuilder $container) $class = $container->getParameterBag()->resolveValue($definition->getClass()); if (!is_a($class, VoterInterface::class, true)) { - throw new LogicException(sprintf('"%s" must implement the "%s" when used as a voter.', $class, VoterInterface::class)); + throw new LogicException(\sprintf('"%s" must implement the "%s" when used as a voter.', $class, VoterInterface::class)); } if ($debug) { diff --git a/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php b/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php index 9a7a94ca..dee1e712 100644 --- a/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php +++ b/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php @@ -31,10 +31,10 @@ public function process(ContainerBuilder $container) } $sessionOptions = $container->getParameter('session.storage.options'); - $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : sprintf('(?:%%%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.'))); + $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : \sprintf('(?:%%%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.'))); if ('auto' === ($sessionOptions['cookie_secure'] ?? null)) { - $secureDomainRegexp = sprintf('{^https://%s$}i', $domainRegexp); + $secureDomainRegexp = \sprintf('{^https://%s$}i', $domainRegexp); $domainRegexp = 'https?://'.$domainRegexp; } else { $secureDomainRegexp = null; @@ -42,7 +42,7 @@ public function process(ContainerBuilder $container) } $container->findDefinition('security.http_utils') - ->addArgument(sprintf('{^%s$}i', $domainRegexp)) + ->addArgument(\sprintf('{^%s$}i', $domainRegexp)) ->addArgument($secureDomainRegexp); } } diff --git a/DependencyInjection/Compiler/RegisterEntryPointPass.php b/DependencyInjection/Compiler/RegisterEntryPointPass.php index 3ca2a70a..e01de6bd 100644 --- a/DependencyInjection/Compiler/RegisterEntryPointPass.php +++ b/DependencyInjection/Compiler/RegisterEntryPointPass.php @@ -76,7 +76,7 @@ public function process(ContainerBuilder $container) $entryPointNames[] = is_numeric($key) ? $serviceId : $key; } - throw new InvalidConfigurationException(sprintf('Because you have multiple authenticators in firewall "%s", you need to set the "entry_point" key to one of your authenticators ("%s") or a service ID implementing "%s". The "entry_point" determines what should happen (e.g. redirect to "/login") when an anonymous user tries to access a protected page.', $firewallName, implode('", "', $entryPointNames), AuthenticationEntryPointInterface::class)); + throw new InvalidConfigurationException(\sprintf('Because you have multiple authenticators in firewall "%s", you need to set the "entry_point" key to one of your authenticators ("%s") or a service ID implementing "%s". The "entry_point" determines what should happen (e.g. redirect to "/login") when an anonymous user tries to access a protected page.', $firewallName, implode('", "', $entryPointNames), AuthenticationEntryPointInterface::class)); } $config->replaceArgument(7, $entryPoint); diff --git a/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php b/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php index 4727e62f..742d3c08 100644 --- a/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php +++ b/DependencyInjection/Compiler/ReplaceDecoratedRememberMeHandlerPass.php @@ -38,7 +38,7 @@ public function process(ContainerBuilder $container): void // get the actual custom remember me handler definition (passed to the decorator) $realRememberMeHandler = $container->findDefinition((string) $definition->getArgument(0)); if (null === $realRememberMeHandler) { - throw new \LogicException(sprintf('Invalid service definition for custom remember me handler; no service found with ID "%s".', (string) $definition->getArgument(0))); + throw new \LogicException(\sprintf('Invalid service definition for custom remember me handler; no service found with ID "%s".', (string) $definition->getArgument(0))); } foreach ($rememberMeHandlerTags as $rememberMeHandlerTag) { diff --git a/DependencyInjection/Compiler/SortFirewallListenersPass.php b/DependencyInjection/Compiler/SortFirewallListenersPass.php index 7f0301a3..2c3e14fe 100644 --- a/DependencyInjection/Compiler/SortFirewallListenersPass.php +++ b/DependencyInjection/Compiler/SortFirewallListenersPass.php @@ -62,7 +62,7 @@ private function getListenerPriorities(IteratorArgument $listeners, ContainerBui $class = $def->getClass(); if (!$r = $container->getReflectionClass($class)) { - throw new InvalidArgumentException(sprintf('Class "%s" used for service "%s" cannot be found.', $class, $id)); + throw new InvalidArgumentException(\sprintf('Class "%s" used for service "%s" cannot be found.', $class, $id)); } $priority = 0; diff --git a/DependencyInjection/MainConfiguration.php b/DependencyInjection/MainConfiguration.php index b2eabca0..ebd1df7e 100644 --- a/DependencyInjection/MainConfiguration.php +++ b/DependencyInjection/MainConfiguration.php @@ -194,7 +194,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto ->scalarNode('pattern') ->beforeNormalization() ->ifArray() - ->then(fn ($v) => sprintf('(?:%s)', implode('|', $v))) + ->then(fn ($v) => \sprintf('(?:%s)', implode('|', $v))) ->end() ->end() ->scalarNode('host')->end() @@ -212,7 +212,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto ->scalarNode('access_denied_url')->end() ->scalarNode('access_denied_handler')->end() ->scalarNode('entry_point') - ->info(sprintf('An enabled authenticator name or a service id that implements "%s"', AuthenticationEntryPointInterface::class)) + ->info(\sprintf('An enabled authenticator name or a service id that implements "%s"', AuthenticationEntryPointInterface::class)) ->end() ->scalarNode('provider')->end() ->booleanNode('stateless')->defaultFalse()->end() @@ -313,7 +313,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto } } - throw new InvalidConfigurationException(sprintf('Undefined security Badge class "%s" set in "security.firewall.required_badges".', $requiredBadge)); + throw new InvalidConfigurationException(\sprintf('Undefined security Badge class "%s" set in "security.firewall.required_badges".', $requiredBadge)); }, $requiredBadges); }) ->end() @@ -347,7 +347,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto } if (str_contains($firewall[$k]['check_path'], '/') && !preg_match('#'.$firewall['pattern'].'#', $firewall[$k]['check_path'])) { - throw new \LogicException(sprintf('The check_path "%s" for login method "%s" is not matched by the firewall pattern "%s".', $firewall[$k]['check_path'], $k, $firewall['pattern'])); + throw new \LogicException(\sprintf('The check_path "%s" for login method "%s" is not matched by the firewall pattern "%s".', $firewall[$k]['check_path'], $k, $firewall['pattern'])); } } diff --git a/DependencyInjection/Security/Factory/AccessTokenFactory.php b/DependencyInjection/Security/Factory/AccessTokenFactory.php index 50395522..371049c8 100644 --- a/DependencyInjection/Security/Factory/AccessTokenFactory.php +++ b/DependencyInjection/Security/Factory/AccessTokenFactory.php @@ -107,7 +107,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal { $successHandler = isset($config['success_handler']) ? new Reference($this->createAuthenticationSuccessHandler($container, $firewallName, $config)) : null; $failureHandler = isset($config['failure_handler']) ? new Reference($this->createAuthenticationFailureHandler($container, $firewallName, $config)) : null; - $authenticatorId = sprintf('security.authenticator.access_token.%s', $firewallName); + $authenticatorId = \sprintf('security.authenticator.access_token.%s', $firewallName); $extractorId = $this->createExtractor($container, $firewallName, $config['token_extractors']); $tokenHandlerId = $this->createTokenHandler($container, $firewallName, $config['token_handler'], $userProviderId); @@ -139,7 +139,7 @@ private function createExtractor(ContainerBuilder $container, string $firewallNa if (1 === \count($extractors)) { return current($extractors); } - $extractorId = sprintf('security.authenticator.access_token.chain_extractor.%s', $firewallName); + $extractorId = \sprintf('security.authenticator.access_token.chain_extractor.%s', $firewallName); $container ->setDefinition($extractorId, new ChildDefinition('security.authenticator.access_token.chain_extractor')) ->replaceArgument(0, array_map(fn (string $extractorId): Reference => new Reference($extractorId), $extractors)) @@ -151,7 +151,7 @@ private function createExtractor(ContainerBuilder $container, string $firewallNa private function createTokenHandler(ContainerBuilder $container, string $firewallName, array $config, ?string $userProviderId): string { $key = array_keys($config)[0]; - $id = sprintf('security.access_token_handler.%s', $firewallName); + $id = \sprintf('security.access_token_handler.%s', $firewallName); foreach ($this->tokenHandlerFactories as $factory) { if ($key !== $factory->getKey()) { diff --git a/DependencyInjection/Security/Factory/LoginLinkFactory.php b/DependencyInjection/Security/Factory/LoginLinkFactory.php index 9a03a0f0..862085ee 100644 --- a/DependencyInjection/Security/Factory/LoginLinkFactory.php +++ b/DependencyInjection/Security/Factory/LoginLinkFactory.php @@ -61,10 +61,10 @@ public function addConfiguration(NodeDefinition $node): void ->info('Cache service id used to expired links of max_uses is set.') ->end() ->scalarNode('success_handler') - ->info(sprintf('A service id that implements %s.', AuthenticationSuccessHandlerInterface::class)) + ->info(\sprintf('A service id that implements %s.', AuthenticationSuccessHandlerInterface::class)) ->end() ->scalarNode('failure_handler') - ->info(sprintf('A service id that implements %s.', AuthenticationFailureHandlerInterface::class)) + ->info(\sprintf('A service id that implements %s.', AuthenticationFailureHandlerInterface::class)) ->end() ->scalarNode('provider') ->info('The user provider to load users from.') diff --git a/DependencyInjection/Security/Factory/LoginThrottlingFactory.php b/DependencyInjection/Security/Factory/LoginThrottlingFactory.php index b62720bf..dcfb6d98 100644 --- a/DependencyInjection/Security/Factory/LoginThrottlingFactory.php +++ b/DependencyInjection/Security/Factory/LoginThrottlingFactory.php @@ -48,7 +48,7 @@ public function addConfiguration(NodeDefinition $builder): void { $builder ->children() - ->scalarNode('limiter')->info(sprintf('A service id implementing "%s".', RequestRateLimiterInterface::class))->end() + ->scalarNode('limiter')->info(\sprintf('A service id implementing "%s".', RequestRateLimiterInterface::class))->end() ->integerNode('max_attempts')->defaultValue(5)->end() ->scalarNode('interval')->defaultValue('1 minute')->end() ->scalarNode('lock_factory')->info('The service ID of the lock factory used by the login rate limiter (or null to disable locking)')->defaultNull()->end() @@ -97,7 +97,7 @@ private function registerRateLimiter(ContainerBuilder $container, string $name, if (null !== $limiterConfig['lock_factory']) { if (!interface_exists(LockInterface::class)) { - throw new LogicException(sprintf('Rate limiter "%s" requires the Lock component to be installed. Try running "composer require symfony/lock".', $name)); + throw new LogicException(\sprintf('Rate limiter "%s" requires the Lock component to be installed. Try running "composer require symfony/lock".', $name)); } $limiter->replaceArgument(2, new Reference($limiterConfig['lock_factory'])); diff --git a/DependencyInjection/Security/Factory/RememberMeFactory.php b/DependencyInjection/Security/Factory/RememberMeFactory.php index 95b59c3e..6e87f882 100644 --- a/DependencyInjection/Security/Factory/RememberMeFactory.php +++ b/DependencyInjection/Security/Factory/RememberMeFactory.php @@ -58,7 +58,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal // create remember me handler (which manage the remember-me cookies) $rememberMeHandlerId = 'security.authenticator.remember_me_handler.'.$firewallName; if (isset($config['service']) && isset($config['token_provider'])) { - throw new InvalidConfigurationException(sprintf('You cannot use both "service" and "token_provider" in "security.firewalls.%s.remember_me".', $firewallName)); + throw new InvalidConfigurationException(\sprintf('You cannot use both "service" and "token_provider" in "security.firewalls.%s.remember_me".', $firewallName)); } if (isset($config['service'])) { @@ -203,7 +203,7 @@ private function createTokenProvider(ContainerBuilder $container, string $firewa } if (!$tokenProviderId) { - throw new InvalidConfigurationException(sprintf('No token provider was set for firewall "%s". Either configure a service ID or set "remember_me.token_provider.doctrine" to true.', $firewallName)); + throw new InvalidConfigurationException(\sprintf('No token provider was set for firewall "%s". Either configure a service ID or set "remember_me.token_provider.doctrine" to true.', $firewallName)); } return $tokenProviderId; diff --git a/DependencyInjection/Security/Factory/SignatureAlgorithmFactory.php b/DependencyInjection/Security/Factory/SignatureAlgorithmFactory.php index feb63c26..e9a34d40 100644 --- a/DependencyInjection/Security/Factory/SignatureAlgorithmFactory.php +++ b/DependencyInjection/Security/Factory/SignatureAlgorithmFactory.php @@ -30,7 +30,7 @@ public static function create(string $algorithm): AlgorithmInterface case 'ES384': case 'ES512': if (!class_exists(Algorithm::class.'\\'.$algorithm)) { - throw new \LogicException(sprintf('You cannot use the "%s" signature algorithm since "web-token/jwt-signature-algorithm-ecdsa" is not installed. Try running "composer require web-token/jwt-signature-algorithm-ecdsa".', $algorithm)); + throw new \LogicException(\sprintf('You cannot use the "%s" signature algorithm since "web-token/jwt-signature-algorithm-ecdsa" is not installed. Try running "composer require web-token/jwt-signature-algorithm-ecdsa".', $algorithm)); } $algorithm = Algorithm::class.'\\'.$algorithm; @@ -38,6 +38,6 @@ public static function create(string $algorithm): AlgorithmInterface return new $algorithm(); } - throw new InvalidArgumentException(sprintf('Unsupported signature algorithm "%s". Only ES* algorithms are supported. If you want to use another algorithm, create your TokenHandler as a service.', $algorithm)); + throw new InvalidArgumentException(\sprintf('Unsupported signature algorithm "%s". Only ES* algorithms are supported. If you want to use another algorithm, create your TokenHandler as a service.', $algorithm)); } } diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php index d75a1d8f..6c821744 100644 --- a/DependencyInjection/SecurityExtension.php +++ b/DependencyInjection/SecurityExtension.php @@ -98,6 +98,7 @@ public function load(array $configs, ContainerBuilder $container) { if (!array_filter($configs)) { trigger_deprecation('symfony/security-bundle', '6.3', 'Enabling bundle "%s" and not configuring it is deprecated.', SecurityBundle::class); + // uncomment the following line in 7.0 // throw new InvalidConfigurationException(sprintf('Enabling bundle "%s" and not configuring it is not allowed.', SecurityBundle::class)); return; @@ -207,7 +208,7 @@ private function createStrategyDefinition(string $strategy, bool $allowIfAllAbst MainConfiguration::STRATEGY_CONSENSUS => new Definition(ConsensusStrategy::class, [$allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions]), MainConfiguration::STRATEGY_UNANIMOUS => new Definition(UnanimousStrategy::class, [$allowIfAllAbstainDecisions]), MainConfiguration::STRATEGY_PRIORITY => new Definition(PriorityStrategy::class, [$allowIfAllAbstainDecisions]), - default => throw new InvalidConfigurationException(sprintf('The strategy "%s" is not supported.', $strategy)), + default => throw new InvalidConfigurationException(\sprintf('The strategy "%s" is not supported.', $strategy)), }; } @@ -396,7 +397,7 @@ private function createFirewall(ContainerBuilder $container, string $id, array $ $defaultProvider = null; if (isset($firewall['provider'])) { if (!isset($providerIds[$normalizedName = str_replace('-', '_', $firewall['provider'])])) { - throw new InvalidConfigurationException(sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall['provider'])); + throw new InvalidConfigurationException(\sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall['provider'])); } $defaultProvider = $providerIds[$normalizedName]; @@ -630,7 +631,7 @@ private function createAuthenticationListeners(ContainerBuilder $container, stri $userProvider = $this->getUserProvider($container, $id, $firewall, $key, $defaultProvider, $providerIds); if (!$factory instanceof AuthenticatorFactoryInterface) { - throw new InvalidConfigurationException(sprintf('Authenticator factory "%s" ("%s") must implement "%s".', get_debug_type($factory), $key, AuthenticatorFactoryInterface::class)); + throw new InvalidConfigurationException(\sprintf('Authenticator factory "%s" ("%s") must implement "%s".', get_debug_type($factory), $key, AuthenticatorFactoryInterface::class)); } if (null === $userProvider && !$factory instanceof StatelessAuthenticatorFactoryInterface) { @@ -667,7 +668,7 @@ private function getUserProvider(ContainerBuilder $container, string $id, array { if (isset($firewall[$factoryKey]['provider'])) { if (!isset($providerIds[$normalizedName = str_replace('-', '_', $firewall[$factoryKey]['provider'])])) { - throw new InvalidConfigurationException(sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall[$factoryKey]['provider'])); + throw new InvalidConfigurationException(\sprintf('Invalid firewall "%s": user provider "%s" not found.', $id, $firewall[$factoryKey]['provider'])); } return $providerIds[$normalizedName]; @@ -693,12 +694,12 @@ private function getUserProvider(ContainerBuilder $container, string $id, array return 'security.user_providers'; } - throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider.', $factoryKey, $id)); + throw new InvalidConfigurationException(\sprintf('Not configuring explicitly the provider for the "%s" authenticator on "%s" firewall is ambiguous as there is more than one registered provider.', $factoryKey, $id)); } private function createMissingUserProvider(ContainerBuilder $container, string $id, string $factoryKey): string { - $userProvider = sprintf('security.user.provider.missing.%s', $factoryKey); + $userProvider = \sprintf('security.user.provider.missing.%s', $factoryKey); $container->setDefinition( $userProvider, (new ChildDefinition('security.user.provider.missing'))->replaceArgument(0, $id) @@ -778,7 +779,7 @@ private function createHasher(array $config): Reference|array $config['algorithm'] = 'native'; $config['native_algorithm'] = \PASSWORD_ARGON2I; } else { - throw new InvalidConfigurationException(sprintf('Algorithm "argon2i" is not available. Either use "%s" or upgrade to PHP 7.2+ instead.', \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13') ? 'argon2id", "auto' : 'auto')); + throw new InvalidConfigurationException(\sprintf('Algorithm "argon2i" is not available. Either use "%s" or upgrade to PHP 7.2+ instead.', \defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13') ? 'argon2id", "auto' : 'auto')); } return $this->createHasher($config); @@ -791,7 +792,7 @@ private function createHasher(array $config): Reference|array $config['algorithm'] = 'native'; $config['native_algorithm'] = \PASSWORD_ARGON2ID; } else { - throw new InvalidConfigurationException(sprintf('Algorithm "argon2id" is not available. Either use "%s", upgrade to PHP 7.3+ or use libsodium 1.0.15+ instead.', \defined('PASSWORD_ARGON2I') || $hasSodium ? 'argon2i", "auto' : 'auto')); + throw new InvalidConfigurationException(\sprintf('Algorithm "argon2id" is not available. Either use "%s", upgrade to PHP 7.3+ or use libsodium 1.0.15+ instead.', \defined('PASSWORD_ARGON2I') || $hasSodium ? 'argon2i", "auto' : 'auto')); } return $this->createHasher($config); @@ -875,7 +876,7 @@ private function createUserDaoProvider(string $name, array $provider, ContainerB return $name; } - throw new InvalidConfigurationException(sprintf('Unable to create definition for "%s" user provider.', $name)); + throw new InvalidConfigurationException(\sprintf('Unable to create definition for "%s" user provider.', $name)); } private function getUserProviderId(string $name): string @@ -906,10 +907,10 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i $userProvider = isset($config['provider']) ? $this->getUserProviderId($config['provider']) : $defaultProvider; if (!$userProvider) { - throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "switch_user" listener on "%s" firewall is ambiguous as there is more than one registered provider.', $id)); + throw new InvalidConfigurationException(\sprintf('Not configuring explicitly the provider for the "switch_user" listener on "%s" firewall is ambiguous as there is more than one registered provider.', $id)); } if ($stateless && null !== $config['target_route']) { - throw new InvalidConfigurationException(sprintf('Cannot set a "target_route" for the "switch_user" listener on the "%s" firewall as it is stateless.', $id)); + throw new InvalidConfigurationException(\sprintf('Cannot set a "target_route" for the "switch_user" listener on the "%s" firewall as it is stateless.', $id)); } $switchUserListenerId = 'security.authentication.switchuser_listener.'.$id; @@ -954,7 +955,7 @@ private function createRequestMatcher(ContainerBuilder $container, ?string $path $container->resolveEnvPlaceholders($ip, null, $usedEnvs); if (!$usedEnvs && !$this->isValidIps($ip)) { - throw new \LogicException(sprintf('The given value "%s" in the "security.access_control" config option is not a valid IP address.', $ip)); + throw new \LogicException(\sprintf('The given value "%s" in the "security.access_control" config option is not a valid IP address.', $ip)); } $usedEnvs = null; diff --git a/Resources/config/security_authenticator.php b/Resources/config/security_authenticator.php index 92c91e98..1ea4ef55 100644 --- a/Resources/config/security_authenticator.php +++ b/Resources/config/security_authenticator.php @@ -67,7 +67,7 @@ // Listeners ->set('security.listener.check_authenticator_credentials', CheckCredentialsListener::class) ->args([ - service('security.password_hasher_factory'), + service('security.password_hasher_factory'), ]) ->tag('kernel.event_subscriber') diff --git a/Security.php b/Security.php index 6b5286f2..8f1669d2 100644 --- a/Security.php +++ b/Security.php @@ -162,7 +162,7 @@ public function logout(bool $validateCsrfToken = true): ?Response if ($validateCsrfToken) { if (!$this->container->has('security.csrf.token_manager') || !$logoutConfig = $firewallConfig->getLogout()) { - throw new LogicException(sprintf('Unable to logout with CSRF token validation. Either make sure that CSRF protection is enabled and "logout" is configured on the "%s" firewall, or bypass CSRF token validation explicitly by passing false to the $validateCsrfToken argument of this method.', $firewallConfig->getName())); + throw new LogicException(\sprintf('Unable to logout with CSRF token validation. Either make sure that CSRF protection is enabled and "logout" is configured on the "%s" firewall, or bypass CSRF token validation explicitly by passing false to the $validateCsrfToken argument of this method.', $firewallConfig->getName())); } $csrfToken = ParameterBagUtils::getRequestParameterValue($request, $logoutConfig['csrf_parameter']); if (!\is_string($csrfToken) || !$this->container->get('security.csrf.token_manager')->isTokenValid(new CsrfToken($logoutConfig['csrf_token_id'], $csrfToken))) { @@ -181,7 +181,7 @@ public function logout(bool $validateCsrfToken = true): ?Response private function getAuthenticator(?string $authenticatorName, string $firewallName): AuthenticatorInterface { if (!isset($this->authenticators[$firewallName])) { - throw new LogicException(sprintf('No authenticators found for firewall "%s".', $firewallName)); + throw new LogicException(\sprintf('No authenticators found for firewall "%s".', $firewallName)); } /** @var ServiceProviderInterface $firewallAuthenticatorLocator */ @@ -190,10 +190,10 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa if (!$authenticatorName) { $authenticatorIds = array_filter(array_keys($firewallAuthenticatorLocator->getProvidedServices()), fn (string $authenticatorId) => $authenticatorId !== \sprintf('security.authenticator.remember_me.%s', $firewallName)); if (!$authenticatorIds) { - throw new LogicException(sprintf('No authenticator was found for the firewall "%s".', $firewallName)); + throw new LogicException(\sprintf('No authenticator was found for the firewall "%s".', $firewallName)); } if (1 < \count($authenticatorIds)) { - throw new LogicException(sprintf('Too many authenticators were found for the current firewall "%s". You must provide an instance of "%s" to login programmatically. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $authenticatorIds))); + throw new LogicException(\sprintf('Too many authenticators were found for the current firewall "%s". You must provide an instance of "%s" to login programmatically. The available authenticators for the firewall "%s" are "%s".', $firewallName, AuthenticatorInterface::class, $firewallName, implode('" ,"', $authenticatorIds))); } return $firewallAuthenticatorLocator->get($authenticatorIds[0]); @@ -206,7 +206,7 @@ private function getAuthenticator(?string $authenticatorName, string $firewallNa $authenticatorId = 'security.authenticator.'.$authenticatorName.'.'.$firewallName; if (!$firewallAuthenticatorLocator->has($authenticatorId)) { - throw new LogicException(sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Available authenticators: "%s".', $authenticatorName, $firewallName, implode('", "', array_keys($firewallAuthenticatorLocator->getProvidedServices())))); + throw new LogicException(\sprintf('Unable to find an authenticator named "%s" for the firewall "%s". Available authenticators: "%s".', $authenticatorName, $firewallName, implode('", "', array_keys($firewallAuthenticatorLocator->getProvidedServices())))); } return $firewallAuthenticatorLocator->get($authenticatorId); diff --git a/Security/FirewallAwareTrait.php b/Security/FirewallAwareTrait.php index c5f04511..38260aab 100644 --- a/Security/FirewallAwareTrait.php +++ b/Security/FirewallAwareTrait.php @@ -44,7 +44,7 @@ private function getForFirewall(): object if (!$this->locator->has($firewallName)) { $message = 'No '.$serviceIdentifier.' found for this firewall.'; if (\defined(static::class.'::FIREWALL_OPTION')) { - $message .= sprintf(' Did you forget to add a "'.static::FIREWALL_OPTION.'" key under your "%s" firewall?', $firewallName); + $message .= \sprintf(' Did you forget to add a "'.static::FIREWALL_OPTION.'" key under your "%s" firewall?', $firewallName); } throw new \LogicException($message); diff --git a/Security/FirewallConfig.php b/Security/FirewallConfig.php index 6525a23e..16edc631 100644 --- a/Security/FirewallConfig.php +++ b/Security/FirewallConfig.php @@ -29,7 +29,7 @@ public function __construct( private readonly ?string $accessDeniedUrl = null, private readonly array $authenticators = [], private readonly ?array $switchUser = null, - private readonly ?array $logout = null + private readonly ?array $logout = null, ) { } diff --git a/Tests/DataCollector/SecurityDataCollectorTest.php b/Tests/DataCollector/SecurityDataCollectorTest.php index bee9a14c..c74200e1 100644 --- a/Tests/DataCollector/SecurityDataCollectorTest.php +++ b/Tests/DataCollector/SecurityDataCollectorTest.php @@ -226,7 +226,7 @@ public function testCollectCollectsDecisionLogWhenStrategyIsAffirmative() $voter1 = new DummyVoter(); $voter2 = new DummyVoter(); - $decoratedVoter1 = new TraceableVoter($voter1, new class() implements EventDispatcherInterface { + $decoratedVoter1 = new TraceableVoter($voter1, new class implements EventDispatcherInterface { public function dispatch(object $event, ?string $eventName = null): object { return new \stdClass(); @@ -301,7 +301,7 @@ public function testCollectCollectsDecisionLogWhenStrategyIsUnanimous() $voter1 = new DummyVoter(); $voter2 = new DummyVoter(); - $decoratedVoter1 = new TraceableVoter($voter1, new class() implements EventDispatcherInterface { + $decoratedVoter1 = new TraceableVoter($voter1, new class implements EventDispatcherInterface { public function dispatch(object $event, ?string $eventName = null): object { return new \stdClass(); diff --git a/Tests/Functional/AccessTokenTest.php b/Tests/Functional/AccessTokenTest.php index 6cc2b1f0..71d42c49 100644 --- a/Tests/Functional/AccessTokenTest.php +++ b/Tests/Functional/AccessTokenTest.php @@ -376,7 +376,7 @@ public function testOidcSuccess() ); $client = $this->createClient(['test_case' => 'AccessToken', 'root_config' => 'config_oidc.yml']); - $client->request('GET', '/foo', [], [], ['HTTP_AUTHORIZATION' => sprintf('Bearer %s', $token)]); + $client->request('GET', '/foo', [], [], ['HTTP_AUTHORIZATION' => \sprintf('Bearer %s', $token)]); $response = $client->getResponse(); $this->assertInstanceOf(Response::class, $response); diff --git a/Tests/Functional/Bundle/AccessTokenBundle/Controller/FooController.php b/Tests/Functional/Bundle/AccessTokenBundle/Controller/FooController.php index 7bc8e735..034c1d41 100644 --- a/Tests/Functional/Bundle/AccessTokenBundle/Controller/FooController.php +++ b/Tests/Functional/Bundle/AccessTokenBundle/Controller/FooController.php @@ -18,6 +18,6 @@ class FooController { public function __invoke(UserInterface $user): JsonResponse { - return new JsonResponse(['message' => sprintf('Welcome @%s!', $user->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome @%s!', $user->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/AccessTokenBundle/Security/Http/JsonAuthenticationSuccessHandler.php b/Tests/Functional/Bundle/AccessTokenBundle/Security/Http/JsonAuthenticationSuccessHandler.php index d6148158..2d5139ed 100644 --- a/Tests/Functional/Bundle/AccessTokenBundle/Security/Http/JsonAuthenticationSuccessHandler.php +++ b/Tests/Functional/Bundle/AccessTokenBundle/Security/Http/JsonAuthenticationSuccessHandler.php @@ -21,6 +21,6 @@ class JsonAuthenticationSuccessHandler implements AuthenticationSuccessHandlerIn { public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response { - return new JsonResponse(['message' => sprintf('Good game @%s!', $token->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Good game @%s!', $token->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/JsonLoginBundle/Controller/TestController.php b/Tests/Functional/Bundle/JsonLoginBundle/Controller/TestController.php index 6bd571d1..33cec70a 100644 --- a/Tests/Functional/Bundle/JsonLoginBundle/Controller/TestController.php +++ b/Tests/Functional/Bundle/JsonLoginBundle/Controller/TestController.php @@ -21,6 +21,6 @@ class TestController { public function loginCheckAction(UserInterface $user) { - return new JsonResponse(['message' => sprintf('Welcome @%s!', $user->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome @%s!', $user->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/JsonLoginBundle/Security/Http/JsonAuthenticationSuccessHandler.php b/Tests/Functional/Bundle/JsonLoginBundle/Security/Http/JsonAuthenticationSuccessHandler.php index b7dd3fd3..d045636b 100644 --- a/Tests/Functional/Bundle/JsonLoginBundle/Security/Http/JsonAuthenticationSuccessHandler.php +++ b/Tests/Functional/Bundle/JsonLoginBundle/Security/Http/JsonAuthenticationSuccessHandler.php @@ -21,6 +21,6 @@ class JsonAuthenticationSuccessHandler implements AuthenticationSuccessHandlerIn { public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response { - return new JsonResponse(['message' => sprintf('Good game @%s!', $token->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Good game @%s!', $token->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/LoginLink/TestCustomLoginLinkSuccessHandler.php b/Tests/Functional/Bundle/LoginLink/TestCustomLoginLinkSuccessHandler.php index 06997641..04caf251 100644 --- a/Tests/Functional/Bundle/LoginLink/TestCustomLoginLinkSuccessHandler.php +++ b/Tests/Functional/Bundle/LoginLink/TestCustomLoginLinkSuccessHandler.php @@ -21,6 +21,6 @@ class TestCustomLoginLinkSuccessHandler implements AuthenticationSuccessHandlerI { public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response { - return new JsonResponse(['message' => sprintf('Welcome %s!', $token->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome %s!', $token->getUserIdentifier())]); } } diff --git a/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php b/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php index 55b411da..784a0327 100644 --- a/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php +++ b/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php @@ -48,7 +48,7 @@ public function loadUserByIdentifier(string $identifier): UserInterface $user = $this->getUser($identifier); if (null === $user) { - $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier)); + $e = new UserNotFoundException(\sprintf('User "%s" not found.', $identifier)); $e->setUsername($identifier); throw $e; @@ -60,7 +60,7 @@ public function loadUserByIdentifier(string $identifier): UserInterface public function refreshUser(UserInterface $user): UserInterface { if (!$user instanceof UserInterface) { - throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user))); + throw new UnsupportedUserException(\sprintf('Instances of "%s" are not supported.', get_debug_type($user))); } $storedUser = $this->getUser($user->getUserIdentifier()); diff --git a/Tests/Functional/RememberMeCookieTest.php b/Tests/Functional/RememberMeCookieTest.php index d91b321b..34fbca10 100644 --- a/Tests/Functional/RememberMeCookieTest.php +++ b/Tests/Functional/RememberMeCookieTest.php @@ -24,7 +24,7 @@ public function testSessionRememberMeSecureCookieFlagAuto($https, $expectedSecur '_username' => 'test', '_password' => 'test', ], [], [ - 'HTTPS' => (int) $https, + 'HTTPS' => (int) $https, ]); $cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY); diff --git a/Tests/Functional/SecurityTest.php b/Tests/Functional/SecurityTest.php index 5bd3ab6a..e206af58 100644 --- a/Tests/Functional/SecurityTest.php +++ b/Tests/Functional/SecurityTest.php @@ -255,7 +255,7 @@ public function welcome() $user = new InMemoryUser('chalasr', 'the-password', ['ROLE_FOO']); $this->security->login($user, $this->authenticator); - return new JsonResponse(['message' => sprintf('Welcome @%s!', $this->security->getUser()->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome @%s!', $this->security->getUser()->getUserIdentifier())]); } } @@ -279,6 +279,6 @@ class LoggedInController { public function __invoke(UserInterface $user) { - return new JsonResponse(['message' => sprintf('Welcome back @%s', $user->getUserIdentifier())]); + return new JsonResponse(['message' => \sprintf('Welcome back @%s', $user->getUserIdentifier())]); } } diff --git a/Tests/Functional/app/AppKernel.php b/Tests/Functional/app/AppKernel.php index edac38dd..6fa8aedb 100644 --- a/Tests/Functional/app/AppKernel.php +++ b/Tests/Functional/app/AppKernel.php @@ -29,7 +29,7 @@ class AppKernel extends Kernel public function __construct($varDir, $testCase, $rootConfig, $environment, $debug) { if (!is_dir(__DIR__.'/'.$testCase)) { - throw new \InvalidArgumentException(sprintf('The test case "%s" does not exist.', $testCase)); + throw new \InvalidArgumentException(\sprintf('The test case "%s" does not exist.', $testCase)); } $this->varDir = $varDir; $this->testCase = $testCase; @@ -37,7 +37,7 @@ public function __construct($varDir, $testCase, $rootConfig, $environment, $debu $fs = new Filesystem(); foreach ((array) $rootConfig as $config) { if (!$fs->isAbsolutePath($config) && !is_file($config = __DIR__.'/'.$testCase.'/'.$config)) { - throw new \InvalidArgumentException(sprintf('The root config "%s" does not exist.', $config)); + throw new \InvalidArgumentException(\sprintf('The root config "%s" does not exist.', $config)); } $this->rootConfig[] = $config; @@ -54,7 +54,7 @@ public function getContainerClass(): string public function registerBundles(): iterable { if (!is_file($filename = $this->getProjectDir().'/'.$this->testCase.'/bundles.php')) { - throw new \RuntimeException(sprintf('The bundles file "%s" does not exist.', $filename)); + throw new \RuntimeException(\sprintf('The bundles file "%s" does not exist.', $filename)); } return include $filename; diff --git a/Tests/SecurityTest.php b/Tests/SecurityTest.php index c150730c..45094bf7 100644 --- a/Tests/SecurityTest.php +++ b/Tests/SecurityTest.php @@ -157,7 +157,7 @@ public function testLogin() ->method('getProvidedServices') ->willReturn([ 'security.authenticator.custom.dev' => $authenticator, - 'security.authenticator.remember_me.main' => $authenticator + 'security.authenticator.remember_me.main' => $authenticator, ]) ; $firewallAuthenticatorLocator @@ -309,7 +309,7 @@ public function testLoginFailsWhenTooManyAuthenticatorsFound() ->method('getProvidedServices') ->willReturn([ 'security.authenticator.custom.main' => $authenticator, - 'security.authenticator.other.main' => $authenticator + 'security.authenticator.other.main' => $authenticator, ]) ; From 4661890f7d2571e9ef58431401a390c2dde68c78 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 22 Jul 2025 09:39:44 +0200 Subject: [PATCH 2/2] [Security] Fix added $token argument to UserCheckerInterface::checkPostAuth() --- Tests/DependencyInjection/SecurityExtensionTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/DependencyInjection/SecurityExtensionTest.php b/Tests/DependencyInjection/SecurityExtensionTest.php index d0f3549a..8607e45a 100644 --- a/Tests/DependencyInjection/SecurityExtensionTest.php +++ b/Tests/DependencyInjection/SecurityExtensionTest.php @@ -986,7 +986,7 @@ public function checkPreAuth(UserInterface $user): void { } - public function checkPostAuth(UserInterface $user): void + public function checkPostAuth(UserInterface $user, ?TokenInterface $token = null): void { } }