From d9d16d2ce7a178c7fa5aaabf75acf1d4047674f3 Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Sun, 27 Oct 2019 17:21:30 +0100
Subject: [PATCH] [FrameworkBundle] make SodiumVault report bad decryption key
 accurately

---
 .../Bundle/FrameworkBundle/Secrets/SodiumVault.php        | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php b/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php
index 17328b2a6d..e81f5ebaec 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php
@@ -115,7 +115,13 @@ class SodiumVault extends AbstractVault
             return null;
         }
 
-        return sodium_crypto_box_seal_open(include $file, $this->decryptionKey);
+        if (false === $value = sodium_crypto_box_seal_open(include $file, $this->decryptionKey)) {
+            $this->lastMessage = sprintf('Secrets cannot be revealed as the wrong decryption key was provided for "%s".', $this->getPrettyPath(\dirname($this->pathPrefix).\DIRECTORY_SEPARATOR));
+
+            return null;
+        }
+
+        return $value;
     }
 
     public function remove(string $name): bool