From 5de7da6346ce760bad9ad90c1c5336e184bb9d52 Mon Sep 17 00:00:00 2001
From: Maxime Steinhausser <maxime.steinhausser@gmail.com>
Date: Fri, 15 Sep 2023 17:31:34 +0200
Subject: [PATCH] [SecurityBundle][DX] Throw on using both "id" and
 "migrate_from" option in hasher config

---
 .../DependencyInjection/MainConfiguration.php |  4 ++++
 .../MainConfigurationTest.php                 | 23 +++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
index ac9fd2a1e9e3d..60cacc61fc62e 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -435,6 +435,10 @@ private function addPasswordHashersSection(ArrayNodeDefinition $rootNode): void
                         ->canBeUnset()
                         ->performNoDeepMerging()
                         ->beforeNormalization()->ifString()->then(fn ($v) => ['algorithm' => $v])->end()
+                        ->validate()
+                            ->ifTrue(fn ($v) => isset($v['migrate_from'], $v['id']) && 0 !== \count($v['migrate_from']))
+                            ->thenInvalid('You cannot use "migrate_from" when using a custom service id.')
+                        ->end()
                         ->children()
                             ->scalarNode('algorithm')
                                 ->cannotBeEmpty()
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
index 5a813010653d3..cb6692a202be8 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
@@ -191,4 +191,27 @@ public function testFirewalls()
         $configuration = new MainConfiguration(['stub' => $factory], []);
         $configuration->getConfigTreeBuilder();
     }
+
+    public function testHasherThrowsOnServiceIdWithMigrate()
+    {
+        $config = [
+            'password_hashers' => [
+                'legacy' => 'bcrypt',
+                'custom' => [
+                    'id' => 'app.custom_hasher',
+                    'migrate_from' => 'legacy',
+                ],
+            ],
+        ];
+
+        $config = array_merge(static::$minimalConfig, $config);
+
+        $processor = new Processor();
+        $configuration = new MainConfiguration([], []);
+
+        $this->expectException(InvalidConfigurationException::class);
+        $this->expectExceptionMessage('Invalid configuration for path "security.password_hashers.custom": You cannot use "migrate_from" when using a custom service id');
+
+        $processor->processConfiguration($configuration, [$config]);
+    }
 }