feature #42595 Fix incompatibilities with upcoming security 6.0 (wouterj)

fabpot · fabpot · commit f1643e871dd8 · 2021-08-17T18:10:28.000+02:00
This PR was squashed before being merged into the 5.4 branch. Discussion ---------- Fix incompatibilities with upcoming security 6.0 | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | yes | Tickets | - | License | MIT | Doc PR | - Hats of to the person that invented the flipped tests on a new major branch! All these incompatibility bugs were discovered by the flipped tests of #41613 Commits ------- 96532e5 [SecurityHttp] Fix incompatibility with 6.0 fb45f6b [SecurityGuard] Fix incompatibility with 6.0 d2a1abf [SecurityBundle] Fix incompatibility with 6.0 4628689 [FrameworkBundle] Fix incompatibility with 6.0 98328ad [SecurityHttp] Fix incompatibility with 6.0 9137242 [PasswordHasher] Fix incompatibility with 6.0 915f75b [MonologBridge] Fix incompatibility with 6.0 0b59bc2 [Security] Minor fixes
diff --git a/UPGRADE-5.4.md b/UPGRADE-5.4.md
@@ -66,6 +66,7 @@ SecurityBundle
 Security
 --------
 
+ * Deprecate `AuthenticationEvents::AUTHENTICATION_FAILURE`, use the `LoginFailureEvent` instead
  * Deprecate the `$authenticationEntryPoint` argument of `ChannelListener`, and add `$httpPort` and `$httpsPort` arguments
  * Deprecate `RetryAuthenticationEntryPoint`, this code is now inlined in the `ChannelListener`
  * Deprecate `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, in the new system the `FormLoginAuthenticator`
diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md
@@ -208,6 +208,7 @@ Routing
 Security
 --------
 
+ * Remove `AuthenticationEvents::AUTHENTICATION_FAILURE`, use the `LoginFailureEvent` instead
  * Remove the `$authenticationEntryPoint` argument of `ChannelListener`
  * Remove `RetryAuthenticationEntryPoint`, this code was inlined in the `ChannelListener`
  * Remove `FormAuthenticationEntryPoint` and `BasicAuthenticationEntryPoint`, the `FormLoginAuthenticator` and `HttpBasicAuthenticator` should be used instead.
diff --git a/src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php b/src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php
@@ -42,7 +42,7 @@ public function __invoke(array $record): array
 
         if (null !== $token = $this->getToken()) {
             $record['extra'][$this->getKey()] = [
-                'authenticated' => $token->isAuthenticated(false), // @deprecated since Symfony 5.4, always true in 6.0
+                'authenticated' => method_exists($token, 'isAuthenticated') ? $token->isAuthenticated(false) : true, // @deprecated since Symfony 5.4, always true in 6.0
                 'roles' => $token->getRoleNames(),
             ];
 
diff --git a/src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php b/src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php
@@ -123,7 +123,10 @@ public function loginUser(object $user, string $firewallContext = 'main'): self
         }
 
         $token = new TestBrowserToken($user->getRoles(), $user, $firewallContext);
-        $token->setAuthenticated(true, false);
+        // @deprecated since Symfony 5.4
+        if (method_exists($token, 'isAuthenticated')) {
+            $token->setAuthenticated(true, false);
+        }
 
         $container = $this->getContainer();
         $container->get('security.untracked_token_storage')->setToken($token);
diff --git a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
@@ -127,7 +127,7 @@ public function collect(Request $request, Response $response, \Throwable $except
 
             $this->data = [
                 'enabled' => true,
-                'authenticated' => $token->isAuthenticated(false),
+                'authenticated' => method_exists($token, 'isAuthenticated') ? $token->isAuthenticated(false) : true,
                 'impersonated' => null !== $impersonatorUser,
                 'impersonator_user' => $impersonatorUser,
                 'impersonation_exit_path' => null,
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterEntryPointsPassTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterEntryPointsPassTest.php
@@ -25,7 +25,7 @@
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 use Symfony\Component\Security\Http\Authentication\AuthenticatorManager;
 use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
-use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Security\Http\Firewall\ExceptionListener;
 
@@ -76,7 +76,7 @@ public function supports(Request $request): ?bool
         return false;
     }
 
-    public function authenticate(Request $request): PassportInterface
+    public function authenticate(Request $request): Passport
     {
         throw new BadCredentialsException();
     }
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -38,6 +38,7 @@
 use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface;
 use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
 use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
 use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
 
 class SecurityExtensionTest extends TestCase
@@ -841,7 +842,7 @@ public function supports(Request $request): ?bool
     {
     }
 
-    public function authenticate(Request $request): PassportInterface
+    public function authenticate(Request $request): Passport
     {
     }
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/AuthenticatorBundle/ApiAuthenticator.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/AuthenticatorBundle/ApiAuthenticator.php
@@ -20,7 +20,7 @@
 use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
-use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
 use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
 
 class ApiAuthenticator extends AbstractAuthenticator
@@ -37,7 +37,7 @@ public function supports(Request $request): ?bool
         return $request->headers->has('X-USER-EMAIL');
     }
 
-    public function authenticate(Request $request): PassportInterface
+    public function authenticate(Request $request): Passport
     {
         $email = $request->headers->get('X-USER-EMAIL');
         if (false === strpos($email, '@')) {
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/AuthenticatorBundle/LoginFormAuthenticator.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/AuthenticatorBundle/LoginFormAuthenticator.php
@@ -21,7 +21,6 @@
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
 use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
 use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
-use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
 use Symfony\Component\Security\Http\Util\TargetPathTrait;
 
 class LoginFormAuthenticator extends AbstractLoginFormAuthenticator
@@ -36,7 +35,7 @@ public function __construct(UrlGeneratorInterface $urlGenerator)
         $this->urlGenerator = $urlGenerator;
     }
 
-    public function authenticate(Request $request): PassportInterface
+    public function authenticate(Request $request): Passport
     {
         $username = $request->request->get('_username', '');
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
@@ -177,60 +177,60 @@ public function getPassword(): ?string
     /**
      * {@inheritdoc}
      */
-    public function getSalt()
+    public function getSalt(): string
     {
-        return null;
+        return '';
     }
 
     /**
      * {@inheritdoc}
      */
-    public function getUsername()
+    public function getUsername(): string
     {
         return $this->username;
     }
 
-    public function getUserIdentifier()
+    public function getUserIdentifier(): string
     {
         return $this->username;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function isAccountNonExpired()
+    public function isAccountNonExpired(): bool
     {
         return $this->accountNonExpired;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function isAccountNonLocked()
+    public function isAccountNonLocked(): bool
     {
         return $this->accountNonLocked;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function isCredentialsNonExpired()
+    public function isCredentialsNonExpired(): bool
     {
         return $this->credentialsNonExpired;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function isEnabled()
+    public function isEnabled(): bool
     {
         return $this->enabled;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function eraseCredentials()
+    public function eraseCredentials(): void
     {
     }
 }
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml
@@ -39,19 +39,19 @@ security:
                 path: /second/logout
 
     access_control:
-        - { path: ^/en/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/unprotected_resource$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/secure-but-not-covered-by-access-control$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/secured-by-one-ip$, ip: 10.10.10.10, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/secured-by-two-ips$, ips: [1.1.1.1, 2.2.2.2], roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/en/$, roles: PUBLIC_ACCESS }
+        - { path: ^/unprotected_resource$, roles: PUBLIC_ACCESS }
+        - { path: ^/secure-but-not-covered-by-access-control$, roles: PUBLIC_ACCESS }
+        - { path: ^/secured-by-one-ip$, ip: 10.10.10.10, roles: PUBLIC_ACCESS }
+        - { path: ^/secured-by-two-ips$, ips: [1.1.1.1, 2.2.2.2], roles: PUBLIC_ACCESS }
         # these real IP addresses are reserved for docs/examples (https://tools.ietf.org/search/rfc5737)
-        - { path: ^/secured-by-one-real-ip$, ips: 198.51.100.0, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/secured-by-one-real-ip-with-mask$, ips: '203.0.113.0/24', roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/secured-by-one-real-ipv6$, ips: 0:0:0:0:0:ffff:c633:6400, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/secured-by-one-env-placeholder$, ips: '%env(APP_IP)%', roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/secured-by-one-env-placeholder-multiple-ips$, ips: '%env(APP_IPS)%', roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/secured-by-one-env-placeholder-multiple-ips-and-one-real-ip$, ips: ['%env(APP_IPS)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/secured-by-one-real-ip$, ips: 198.51.100.0, roles: PUBLIC_ACCESS }
+        - { path: ^/secured-by-one-real-ip-with-mask$, ips: '203.0.113.0/24', roles: PUBLIC_ACCESS }
+        - { path: ^/secured-by-one-real-ipv6$, ips: 0:0:0:0:0:ffff:c633:6400, roles: PUBLIC_ACCESS }
+        - { path: ^/secured-by-one-env-placeholder$, ips: '%env(APP_IP)%', roles: PUBLIC_ACCESS }
+        - { path: ^/secured-by-one-env-placeholder-multiple-ips$, ips: '%env(APP_IPS)%', roles: PUBLIC_ACCESS }
+        - { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: PUBLIC_ACCESS }
+        - { path: ^/secured-by-one-env-placeholder-multiple-ips-and-one-real-ip$, ips: ['%env(APP_IPS)%', 198.51.100.0], roles: PUBLIC_ACCESS }
         - { path: ^/highly_protected_resource$, roles: IS_ADMIN }
         - { path: ^/protected-via-expression$, allow_if: "(!is_authenticated() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
         - { path: .*, roles: IS_AUTHENTICATED_FULLY }
diff --git a/src/Symfony/Component/PasswordHasher/Hasher/UserPasswordHasher.php b/src/Symfony/Component/PasswordHasher/Hasher/UserPasswordHasher.php
@@ -48,7 +48,7 @@ public function hashPassword($user, string $plainPassword): string
         if ($user instanceof LegacyPasswordAuthenticatedUserInterface) {
             $salt = $user->getSalt();
         } elseif ($user instanceof UserInterface) {
-            $salt = $user->getSalt();
+            $salt = method_exists($user, 'getSalt') ? $user->getSalt() : null;
 
             if ($salt) {
                 trigger_deprecation('symfony/password-hasher', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
diff --git a/src/Symfony/Component/PasswordHasher/Tests/Fixtures/TestLegacyPasswordAuthenticatedUser.php b/src/Symfony/Component/PasswordHasher/Tests/Fixtures/TestLegacyPasswordAuthenticatedUser.php
@@ -30,23 +30,23 @@ public function getPassword(): ?string
         return $this->password;
     }
 
-    public function getRoles()
+    public function getRoles(): array
     {
         return $this->roles;
     }
 
-    public function eraseCredentials()
+    public function eraseCredentials(): void
     {
         // Do nothing
         return;
     }
 
-    public function getUsername()
+    public function getUsername(): string
     {
         return $this->username;
     }
 
-    public function getUserIdentifier()
+    public function getUserIdentifier(): string
     {
         return $this->username;
     }
diff --git a/src/Symfony/Component/Security/Core/AuthenticationEvents.php b/src/Symfony/Component/Security/Core/AuthenticationEvents.php
@@ -29,6 +29,8 @@ final class AuthenticationEvents
      * authenticated by any of the providers.
      *
      * @Event("Symfony\Component\Security\Core\Event\AuthenticationFailureEvent")
+     *
+     * @deprecated since Symfony 5.4, use {@see Event\LoginFailureEvent} instead
      */
     public const AUTHENTICATION_FAILURE = 'security.authentication.failure';
 
diff --git a/src/Symfony/Component/Security/Core/CHANGELOG.md b/src/Symfony/Component/Security/Core/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 5.4
 ---
 
+ * Deprecate `AuthenticationEvents::AUTHENTICATION_FAILURE`, use the `LoginFailureEvent` instead
  * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
  * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
  * Deprecate returning `string|\Stringable` from `Token::getUser()` (it must return a `UserInterface`)
diff --git a/src/Symfony/Component/Security/Core/User/ChainUserProvider.php b/src/Symfony/Component/Security/Core/User/ChainUserProvider.php
@@ -56,25 +56,25 @@ public function loadUserByUsername(string $username)
         return $this->loadUserByIdentifier($username);
     }
 
-    public function loadUserByIdentifier(string $userIdentifier): UserInterface
+    public function loadUserByIdentifier(string $identifier): UserInterface
     {
         foreach ($this->providers as $provider) {
             try {
                 // @deprecated since Symfony 5.3, change to $provider->loadUserByIdentifier() in 6.0
                 if (!method_exists($provider, 'loadUserByIdentifier')) {
                     trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "loadUserByIdentifier()" in user provider "%s" is deprecated. This method will replace "loadUserByUsername()" in Symfony 6.0.', get_debug_type($provider));
 
-                    return $provider->loadUserByUsername($userIdentifier);
+                    return $provider->loadUserByUsername($identifier);
                 }
 
-                return $provider->loadUserByIdentifier($userIdentifier);
+                return $provider->loadUserByIdentifier($identifier);
             } catch (UserNotFoundException $e) {
                 // try next one
             }
         }
 
-        $ex = new UserNotFoundException(sprintf('There is no user with identifier "%s".', $userIdentifier));
-        $ex->setUserIdentifier($userIdentifier);
+        $ex = new UserNotFoundException(sprintf('There is no user with identifier "%s".', $identifier));
+        $ex->setUserIdentifier($identifier);
         throw $ex;
     }
 
diff --git a/src/Symfony/Component/Security/Guard/Authenticator/GuardBridgeAuthenticator.php b/src/Symfony/Component/Security/Guard/Authenticator/GuardBridgeAuthenticator.php
@@ -121,6 +121,11 @@ public function createAuthenticatedToken(PassportInterface $passport, string $fi
         return $this->guard->createAuthenticatedToken($passport->getUser(), $firewallName);
     }
 
+    public function createToken(Passport $passport, string $firewallName): TokenInterface
+    {
+        return $this->guard->createAuthenticatedToken($passport->getUser(), $firewallName);
+    }
+
     public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
     {
         return $this->guard->onAuthenticationSuccess($request, $token, $firewallName);
diff --git a/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php
@@ -113,7 +113,7 @@ public function createAuthenticatedToken(PassportInterface $passport, string $fi
 
     public function createToken(Passport $passport, string $firewallName): TokenInterface
     {
-        return new PreAuthenticatedToken($passport->getUser(), null, $firewallName, $passport->getUser()->getRoles());
+        return new PreAuthenticatedToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles());
     }
 
     public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
diff --git a/src/Symfony/Component/Security/Http/Authenticator/HttpBasicAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/HttpBasicAuthenticator.php
@@ -95,7 +95,7 @@ public function createAuthenticatedToken(PassportInterface $passport, string $fi
 
     public function createToken(Passport $passport, string $firewallName): TokenInterface
     {
-        return new UsernamePasswordToken($passport->getUser(), null, $firewallName, $passport->getUser()->getRoles());
+        return new UsernamePasswordToken($passport->getUser(), $firewallName, $passport->getUser()->getRoles());
     }
 
     public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
diff --git a/src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php b/src/Symfony/Component/Security/Http/Authenticator/Token/PostAuthenticationToken.php
@@ -35,8 +35,10 @@ public function __construct(UserInterface $user, string $firewallName, array $ro
         $this->firewallName = $firewallName;
 
         // @deprecated since Symfony 5.4
-        // this token is meant to be used after authentication success, so it is always authenticated
-        $this->setAuthenticated(true, false);
+        if (method_exists($this, 'setAuthenticated')) {
+            // this token is meant to be used after authentication success, so it is always authenticated
+            $this->setAuthenticated(true, false);
+        }
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php b/src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php
@@ -74,7 +74,7 @@ public function checkPassport(CheckPassportEvent $event): void
                 throw new BadCredentialsException('The presented password is invalid.');
             }
 
-            $salt = $user->getSalt();
+            $salt = method_exists($user, 'getSalt') ? $user->getSalt() : '';
             if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
                 trigger_deprecation('symfony/security-http', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
             }
diff --git a/src/Symfony/Component/Security/Http/Firewall/AccessListener.php b/src/Symfony/Component/Security/Http/Firewall/AccessListener.php
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
diff --git a/src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/LoginLink/LoginLinkHandlerTest.php

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@`
`25`	`25`	`use Symfony\Component\Security\Core\Exception\BadCredentialsException;`
`26`	`26`	`use Symfony\Component\Security\Http\Authentication\AuthenticatorManager;`
`27`	`27`	`use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;`
`28`		`-use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;`
	`28`	`+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;`
`29`	`29`	`use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;`
`30`	`30`	`use Symfony\Component\Security\Http\Firewall\ExceptionListener;`
`31`	`31`
`@@ -76,7 +76,7 @@ public function supports(Request $request): ?bool`
`76`	`76`	`return false;`
`77`	`77`	`}`
`78`	`78`
`79`		`- public function authenticate(Request $request): PassportInterface`
	`79`	`+ public function authenticate(Request $request): Passport`
`80`	`80`	`{`
`81`	`81`	`throw new BadCredentialsException();`
`82`	`82`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@`
`38`	`38`	`use Symfony\Component\Security\Guard\AuthenticatorInterface as GuardAuthenticatorInterface;`
`39`	`39`	`use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;`
`40`	`40`	`use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;`
	`41`	`+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;`
`41`	`42`	`use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;`
`42`	`43`
`43`	`44`	`class SecurityExtensionTest extends TestCase`
`@@ -841,7 +842,7 @@ public function supports(Request $request): ?bool`
`841`	`842`	`{`
`842`	`843`	`}`
`843`	`844`
`844`		`- public function authenticate(Request $request): PassportInterface`
	`845`	`+ public function authenticate(Request $request): Passport`
`845`	`846`	`{`
`846`	`847`	`}`
`847`	`848`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,6 @@`
`21`	`21`	`use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;`
`22`	`22`	`use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;`
`23`	`23`	`use Symfony\Component\Security\Http\Authenticator\Passport\Passport;`
`24`		`-use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;`
`25`	`24`	`use Symfony\Component\Security\Http\Util\TargetPathTrait;`
`26`	`25`
`27`	`26`	`class LoginFormAuthenticator extends AbstractLoginFormAuthenticator`
`@@ -36,7 +35,7 @@ public function __construct(UrlGeneratorInterface $urlGenerator)`
`36`	`35`	`$this->urlGenerator = $urlGenerator;`
`37`	`36`	`}`
`38`	`37`
`39`		`- public function authenticate(Request $request): PassportInterface`
	`38`	`+ public function authenticate(Request $request): Passport`
`40`	`39`	`{`
`41`	`40`	`$username = $request->request->get('_username', '');`
`42`	`41`
Original file line number	Diff line number	Diff line change
`@@ -177,60 +177,60 @@ public function getPassword(): ?string`
`177`	`177`	`/**`
`178`	`178`	`* {@inheritdoc}`
`179`	`179`	`*/`
`180`		`- public function getSalt()`
	`180`	`+ public function getSalt(): string`
`181`	`181`	`{`
`182`		`- return null;`
	`182`	`+ return '';`
`183`	`183`	`}`
`184`	`184`
`185`	`185`	`/**`
`186`	`186`	`* {@inheritdoc}`
`187`	`187`	`*/`
`188`		`- public function getUsername()`
	`188`	`+ public function getUsername(): string`
`189`	`189`	`{`
`190`	`190`	`return $this->username;`
`191`	`191`	`}`
`192`	`192`
`193`		`- public function getUserIdentifier()`
	`193`	`+ public function getUserIdentifier(): string`
`194`	`194`	`{`
`195`	`195`	`return $this->username;`
`196`	`196`	`}`
`197`	`197`
`198`	`198`	`/**`
`199`	`199`	`* {@inheritdoc}`
`200`	`200`	`*/`
`201`		`- public function isAccountNonExpired()`
	`201`	`+ public function isAccountNonExpired(): bool`
`202`	`202`	`{`
`203`	`203`	`return $this->accountNonExpired;`
`204`	`204`	`}`
`205`	`205`
`206`	`206`	`/**`
`207`	`207`	`* {@inheritdoc}`
`208`	`208`	`*/`
`209`		`- public function isAccountNonLocked()`
	`209`	`+ public function isAccountNonLocked(): bool`
`210`	`210`	`{`
`211`	`211`	`return $this->accountNonLocked;`
`212`	`212`	`}`
`213`	`213`
`214`	`214`	`/**`
`215`	`215`	`* {@inheritdoc}`
`216`	`216`	`*/`
`217`		`- public function isCredentialsNonExpired()`
	`217`	`+ public function isCredentialsNonExpired(): bool`
`218`	`218`	`{`
`219`	`219`	`return $this->credentialsNonExpired;`
`220`	`220`	`}`
`221`	`221`
`222`	`222`	`/**`
`223`	`223`	`* {@inheritdoc}`
`224`	`224`	`*/`
`225`		`- public function isEnabled()`
	`225`	`+ public function isEnabled(): bool`
`226`	`226`	`{`
`227`	`227`	`return $this->enabled;`
`228`	`228`	`}`
`229`	`229`
`230`	`230`	`/**`
`231`	`231`	`* {@inheritdoc}`
`232`	`232`	`*/`
`233`		`- public function eraseCredentials()`
	`233`	`+ public function eraseCredentials(): void`
`234`	`234`	`{`
`235`	`235`	`}`
`236`	`236`	`}`