From ab2ca7145f5d5ef628d6b08d1adf83427afcb7d7 Mon Sep 17 00:00:00 2001
From: Wouter de Jong <wouter@wouterj.nl>
Date: Sat, 16 Jan 2021 23:34:24 +0100
Subject: [PATCH] [Security] Replace message data in JSON security error
 response

---
 .../Firewall/UsernamePasswordJsonAuthenticationListener.php   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php
index 7cb5102e97..d2d77f0a13 100644
--- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php
@@ -191,7 +191,9 @@ class UsernamePasswordJsonAuthenticationListener extends AbstractListener implem
         }
 
         if (!$this->failureHandler) {
-            return new JsonResponse(['error' => $failed->getMessageKey()], 401);
+            $errorMessage = strtr($failed->getMessageKey(), $failed->getMessageData());
+
+            return new JsonResponse(['error' => $errorMessage], 401);
         }
 
         $response = $this->failureHandler->onAuthenticationFailure($request, $failed);