diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index 4c15203380..65ac279549 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -39,7 +39,7 @@ jobs:
run: |
echo "::group::modify composer.json"
composer remove --no-update --no-interaction symfony/phpunit-bridge
- composer require --no-update psalm/phar phpunit/phpunit php-http/discovery psr/event-dispatcher
+ composer require --no-update psalm/phar phpunit/phpunit:@stable php-http/discovery psr/event-dispatcher
echo "::endgroup::"
echo "::group::composer update"
composer update --no-progress --ansi
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
index 1d9a2a6647..54f222a84e 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -502,7 +502,7 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
->replaceArgument(0, $authenticators)
->replaceArgument(2, new Reference($firewallEventDispatcherId))
->replaceArgument(3, $id)
- ->replaceArgument(6, $firewall['required_badges'] ?? [])
+ ->replaceArgument(7, $firewall['required_badges'] ?? [])
->addTag('monolog.logger', ['channel' => 'security'])
;
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php
index 60677a94de..f113dec880 100644
--- a/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/guard.php
@@ -45,6 +45,7 @@ return static function (ContainerConfigurator $container) {
abstract_arg('Provider-shared Key'),
abstract_arg('Authenticators'),
service('logger')->nullOnInvalid(),
+ param('security.authentication.hide_user_not_found'),
])
->tag('monolog.logger', ['channel' => 'security'])
;
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php
index ebc9a5fa64..0f7d557354 100644
--- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator.php
@@ -44,6 +44,7 @@ return static function (ContainerConfigurator $container) {
abstract_arg('provider key'),
service('logger')->nullOnInvalid(),
param('security.authentication.manager.erase_credentials'),
+ param('security.authentication.hide_user_not_found'),
abstract_arg('required badges'),
])
->tag('monolog.logger', ['channel' => 'security'])
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
index 317da3930b..9e8a044923 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
@@ -43,7 +43,7 @@ abstract class CompleteConfigurationTest extends TestCase
$this->assertEquals(AuthenticatorManager::class, $authenticatorManager->getClass());
// required badges
- $this->assertEquals([CsrfTokenBadge::class, RememberMeBadge::class], $authenticatorManager->getArgument(6));
+ $this->assertEquals([CsrfTokenBadge::class, RememberMeBadge::class], $authenticatorManager->getArgument(7));
// login link
$expiredStorage = $container->getDefinition($expiredStorageId = 'security.authenticator.expired_login_link_storage.main');
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
index 5aeb0b8335..5c60294876 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AuthenticatorTest.php
@@ -40,7 +40,7 @@ class AuthenticatorTest extends AbstractWebTestCase
if ($withinFirewall) {
$this->assertJsonStringEqualsJsonString('{"email":"'.$email.'"}', $client->getResponse()->getContent());
} else {
- $this->assertJsonStringEqualsJsonString('{"error":"Username could not be found."}', $client->getResponse()->getContent());
+ $this->assertJsonStringEqualsJsonString('{"error":"Invalid credentials."}', $client->getResponse()->getContent());
}
}
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php
index 05b27e82ac..de3c15ab83 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/FormLoginTest.php
@@ -142,7 +142,7 @@ class FormLoginTest extends AbstractWebTestCase
break;
case 2: // Third attempt with unexisting username
- $this->assertStringContainsString('Username could not be found.', $text, 'Invalid response on 3rd attempt');
+ $this->assertStringContainsString('Invalid credentials.', $text, 'Invalid response on 3rd attempt');
break;
case 3: // Fourth attempt : still login throttling !
diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
index 4dfff685a7..a4811faffe 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
@@ -14,6 +14,7 @@ namespace Symfony\Component\Security\Core\Authentication\Provider;
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@@ -79,7 +80,7 @@ abstract class UserAuthenticationProvider implements AuthenticationProviderInter
$this->userChecker->checkPreAuth($user);
$this->checkAuthentication($user, $token);
$this->userChecker->checkPostAuth($user);
- } catch (BadCredentialsException $e) {
+ } catch (AccountStatusException $e) {
if ($this->hideUserNotFoundExceptions) {
throw new BadCredentialsException('Bad credentials.', 0, $e);
}
diff --git a/src/Symfony/Component/Security/Core/Resources/translations/security.fi.xlf b/src/Symfony/Component/Security/Core/Resources/translations/security.fi.xlf
index 7b8d232cdd..d0e94545e7 100644
--- a/src/Symfony/Component/Security/Core/Resources/translations/security.fi.xlf
+++ b/src/Symfony/Component/Security/Core/Resources/translations/security.fi.xlf
@@ -70,6 +70,14 @@
Virheellinen tai vanhentunut kirjautumislinkki.
+
+
+ Liian monta epäonnistunutta kirjautumisyritystä, yritä uudelleen %minutes% minuutin kuluttua.
+
+
+
+ Liian monta epäonnistunutta kirjautumisyritystä, yritä uudelleen %minutes% minuutin kuluttua.
+