security #cve-2021-21424 [security] fix cve-2021-21424 legacy Symfony…

… 3.x + MakerBundle (jrushlow) This PR was squashed before being merged into the 3.x branch.
symfony · May 18, 2021 · 94be78c · 94be78c
2 parents 313b566 + b162ace
commit 94be78c
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,13 @@
+# Changelog
+
+## [v1.29.2](https://github.com/symfony/maker-bundle/releases/tag/v1.29.2)
+
+*May 18th, 2021*
+
+### Security
+
+- [#882](https://github.com/symfony/maker-bundle/pull/882) - [security] fix cve-2021-21424 legacy Symfony 3.x + MakerBundle- *@jrushlow*
+
 1.29
 ====
 

diff --git a/src/Resources/skeleton/authenticator/LoginFormAuthenticator.tpl.php b/src/Resources/skeleton/authenticator/LoginFormAuthenticator.tpl.php
@@ -9,8 +9,8 @@
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 <?= $user_needs_encoder ? "use Symfony\\Component\\Security\\Core\\Encoder\\UserPasswordEncoderInterface;\n" : null ?>
-use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
 use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
+use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -74,7 +74,7 @@ public function getUser($credentials, UserProviderInterface $userProvider)
 
         if (!$user) {
             // fail authentication with a custom error
-            throw new CustomUserMessageAuthenticationException('<?= ucfirst($username_field_label) ?> could not be found.');
+            throw new UsernameNotFoundException('<?= ucfirst($username_field_label) ?> could not be found.');
         }
 
         return $user;

diff --git a/...res/MakeRegistrationFormVerifyEmailFunctionalTest/src/Security/LoginFormAuthenticator.php b/...res/MakeRegistrationFormVerifyEmailFunctionalTest/src/Security/LoginFormAuthenticator.php
@@ -9,8 +9,8 @@
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
-use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
 use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
+use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -70,7 +70,7 @@ public function getUser($credentials, UserProviderInterface $userProvider)
         $user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);
 
         if (!$user) {
-            throw new CustomUserMessageAuthenticationException('Email could not be found.');
+            throw new UsernameNotFoundException('Email could not be found.');
         }
 
         return $user;