Merge branch '5.4' into 6.3

* 5.4:
  Fix implicitly-required parameters
  List CS fix in .git-blame-ignore-revs
  Apply php-cs-fixer fix --rules nullable_type_declaration_for_default_null_value
  [Messenger][AmazonSqs] Allow async-aws/sqs version 2

Author: nicolas-grekas

AccessMap.php

@@ -30,7 +30,7 @@ class AccessMap implements AccessMapInterface
      *
      * @return void
      */
-    public function add(RequestMatcherInterface $requestMatcher, array $attributes = [], string $channel = null)
+    public function add(RequestMatcherInterface $requestMatcher, array $attributes = [], ?string $channel = null)
     {
         $this->map[] = [$requestMatcher, $attributes, $channel];
     }

Authentication/AuthenticatorManager.php

@@ -58,7 +58,7 @@ class AuthenticatorManager implements AuthenticatorManagerInterface, UserAuthent
     /**
      * @param iterable<mixed, AuthenticatorInterface> $authenticators
      */
-    public function __construct(iterable $authenticators, TokenStorageInterface $tokenStorage, EventDispatcherInterface $eventDispatcher, string $firewallName, LoggerInterface $logger = null, bool $eraseCredentials = true, bool $hideUserNotFoundExceptions = true, array $requiredBadges = [])
+    public function __construct(iterable $authenticators, TokenStorageInterface $tokenStorage, EventDispatcherInterface $eventDispatcher, string $firewallName, ?LoggerInterface $logger = null, bool $eraseCredentials = true, bool $hideUserNotFoundExceptions = true, array $requiredBadges = [])
     {
         $this->authenticators = $authenticators;
         $this->tokenStorage = $tokenStorage;

Authentication/DefaultAuthenticationFailureHandler.php

@@ -43,7 +43,7 @@ class DefaultAuthenticationFailureHandler implements AuthenticationFailureHandle
         'failure_path_parameter' => '_failure_path',
     ];
 
-    public function __construct(HttpKernelInterface $httpKernel, HttpUtils $httpUtils, array $options = [], LoggerInterface $logger = null)
+    public function __construct(HttpKernelInterface $httpKernel, HttpUtils $httpUtils, array $options = [], ?LoggerInterface $logger = null)
     {
         $this->httpKernel = $httpKernel;
         $this->httpUtils = $httpUtils;

Authentication/DefaultAuthenticationSuccessHandler.php

@@ -45,7 +45,7 @@ class DefaultAuthenticationSuccessHandler implements AuthenticationSuccessHandle
     /**
      * @param array $options Options for processing a successful authentication attempt
      */
-    public function __construct(HttpUtils $httpUtils, array $options = [], LoggerInterface $logger = null)
+    public function __construct(HttpUtils $httpUtils, array $options = [], ?LoggerInterface $logger = null)
     {
         $this->httpUtils = $httpUtils;
         $this->logger = $logger;

Authenticator/AbstractLoginFormAuthenticator.php

@@ -60,7 +60,7 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio
      * Override to control what happens when the user hits a secure page
      * but isn't logged in yet.
      */
-    public function start(Request $request, AuthenticationException $authException = null): Response
+    public function start(Request $request, ?AuthenticationException $authException = null): Response
     {
         $url = $this->getLoginUrl($request);
 

Authenticator/AbstractPreAuthenticatedAuthenticator.php

@@ -41,7 +41,7 @@ abstract class AbstractPreAuthenticatedAuthenticator implements InteractiveAuthe
     private string $firewallName;
     private ?LoggerInterface $logger;
 
-    public function __construct(UserProviderInterface $userProvider, TokenStorageInterface $tokenStorage, string $firewallName, LoggerInterface $logger = null)
+    public function __construct(UserProviderInterface $userProvider, TokenStorageInterface $tokenStorage, string $firewallName, ?LoggerInterface $logger = null)
     {
         $this->userProvider = $userProvider;
         $this->tokenStorage = $tokenStorage;

Authenticator/AccessTokenAuthenticator.php

@@ -106,7 +106,7 @@ public function setTranslator(?TranslatorInterface $translator)
     /**
      * @see https://datatracker.ietf.org/doc/html/rfc6750#section-3
      */
-    private function getAuthenticateHeader(string $errorDescription = null): string
+    private function getAuthenticateHeader(?string $errorDescription = null): string
     {
         $data = [
             'realm' => $this->realm,

Authenticator/Debug/TraceableAuthenticator.php

@@ -78,7 +78,7 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio
         return $this->authenticator->onAuthenticationFailure($request, $exception);
     }
 
-    public function start(Request $request, AuthenticationException $authException = null): Response
+    public function start(Request $request, ?AuthenticationException $authException = null): Response
     {
         if (!$this->authenticator instanceof AuthenticationEntryPointInterface) {
             throw new NotAnEntryPointException();

Authenticator/FormLoginAuthenticator.php

@@ -143,7 +143,7 @@ public function setHttpKernel(HttpKernelInterface $httpKernel): void
         $this->httpKernel = $httpKernel;
     }
 
-    public function start(Request $request, AuthenticationException $authException = null): Response
+    public function start(Request $request, ?AuthenticationException $authException = null): Response
     {
         if (!$this->options['use_forward']) {
             return parent::start($request, $authException);

Authenticator/HttpBasicAuthenticator.php

@@ -37,14 +37,14 @@ class HttpBasicAuthenticator implements AuthenticatorInterface, AuthenticationEn
     private UserProviderInterface $userProvider;
     private ?LoggerInterface $logger;
 
-    public function __construct(string $realmName, UserProviderInterface $userProvider, LoggerInterface $logger = null)
+    public function __construct(string $realmName, UserProviderInterface $userProvider, ?LoggerInterface $logger = null)
     {
         $this->realmName = $realmName;
         $this->userProvider = $userProvider;
         $this->logger = $logger;
     }
 
-    public function start(Request $request, AuthenticationException $authException = null): Response
+    public function start(Request $request, ?AuthenticationException $authException = null): Response
     {
         $response = new Response();
         $response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName));

Authenticator/JsonLoginAuthenticator.php

@@ -52,7 +52,7 @@ class JsonLoginAuthenticator implements InteractiveAuthenticatorInterface
     private ?AuthenticationFailureHandlerInterface $failureHandler;
     private ?TranslatorInterface $translator = null;
 
-    public function __construct(HttpUtils $httpUtils, UserProviderInterface $userProvider, AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, array $options = [], PropertyAccessorInterface $propertyAccessor = null)
+    public function __construct(HttpUtils $httpUtils, UserProviderInterface $userProvider, ?AuthenticationSuccessHandlerInterface $successHandler = null, ?AuthenticationFailureHandlerInterface $failureHandler = null, array $options = [], ?PropertyAccessorInterface $propertyAccessor = null)
     {
         $this->options = array_merge(['username_path' => 'username', 'password_path' => 'password'], $options);
         $this->httpUtils = $httpUtils;

Authenticator/Passport/Badge/PasswordUpgradeBadge.php

@@ -32,7 +32,7 @@ class PasswordUpgradeBadge implements BadgeInterface
      * @param string                         $plaintextPassword The presented password, used in the rehash
      * @param PasswordUpgraderInterface|null $passwordUpgrader  The password upgrader, defaults to the UserProvider if null
      */
-    public function __construct(#[\SensitiveParameter] string $plaintextPassword, PasswordUpgraderInterface $passwordUpgrader = null)
+    public function __construct(#[\SensitiveParameter] string $plaintextPassword, ?PasswordUpgraderInterface $passwordUpgrader = null)
     {
         $this->plaintextPassword = $plaintextPassword;
         $this->passwordUpgrader = $passwordUpgrader;

Authenticator/Passport/Badge/UserBadge.php

@@ -49,7 +49,7 @@ class UserBadge implements BadgeInterface
      * is thrown). If this is not set, the default user provider will be used with
      * $userIdentifier as username.
      */
-    public function __construct(string $userIdentifier, callable $userLoader = null, array $attributes = null)
+    public function __construct(string $userIdentifier, ?callable $userLoader = null, ?array $attributes = null)
     {
         if (\strlen($userIdentifier) > self::MAX_USERNAME_LENGTH) {
             throw new BadCredentialsException('Username too long.');

Authenticator/RememberMeAuthenticator.php

@@ -49,7 +49,7 @@ class RememberMeAuthenticator implements InteractiveAuthenticatorInterface
     private string $cookieName;
     private ?LoggerInterface $logger;
 
-    public function __construct(RememberMeHandlerInterface $rememberMeHandler, #[\SensitiveParameter] string $secret, TokenStorageInterface $tokenStorage, string $cookieName, LoggerInterface $logger = null)
+    public function __construct(RememberMeHandlerInterface $rememberMeHandler, #[\SensitiveParameter] string $secret, TokenStorageInterface $tokenStorage, string $cookieName, ?LoggerInterface $logger = null)
     {
         $this->rememberMeHandler = $rememberMeHandler;
         $this->secret = $secret;

Authenticator/RemoteUserAuthenticator.php

@@ -32,7 +32,7 @@ class RemoteUserAuthenticator extends AbstractPreAuthenticatedAuthenticator
 {
     private string $userKey;
 
-    public function __construct(UserProviderInterface $userProvider, TokenStorageInterface $tokenStorage, string $firewallName, string $userKey = 'REMOTE_USER', LoggerInterface $logger = null)
+    public function __construct(UserProviderInterface $userProvider, TokenStorageInterface $tokenStorage, string $firewallName, string $userKey = 'REMOTE_USER', ?LoggerInterface $logger = null)
     {
         parent::__construct($userProvider, $tokenStorage, $firewallName, $logger);
 

Authenticator/X509Authenticator.php

@@ -32,7 +32,7 @@ class X509Authenticator extends AbstractPreAuthenticatedAuthenticator
     private string $credentialsKey;
     private string $credentialUserIdentifier;
 
-    public function __construct(UserProviderInterface $userProvider, TokenStorageInterface $tokenStorage, string $firewallName, string $userKey = 'SSL_CLIENT_S_DN_Email', string $credentialsKey = 'SSL_CLIENT_S_DN', LoggerInterface $logger = null, string $credentialUserIdentifier = 'emailAddress')
+    public function __construct(UserProviderInterface $userProvider, TokenStorageInterface $tokenStorage, string $firewallName, string $userKey = 'SSL_CLIENT_S_DN_Email', string $credentialsKey = 'SSL_CLIENT_S_DN', ?LoggerInterface $logger = null, string $credentialUserIdentifier = 'emailAddress')
     {
         parent::__construct($userProvider, $tokenStorage, $firewallName, $logger);
 

EntryPoint/AuthenticationEntryPointInterface.php

@@ -42,5 +42,5 @@ interface AuthenticationEntryPointInterface
      *
      * @return Response
      */
-    public function start(Request $request, AuthenticationException $authException = null);
+    public function start(Request $request, ?AuthenticationException $authException = null);
 }

EntryPoint/BasicAuthenticationEntryPoint.php

@@ -0,0 +1,48 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\EntryPoint;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\Authenticator\HttpBasicAuthenticator;
+
+trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use the new security system with "%s" instead.', BasicAuthenticationEntryPoint::class, HttpBasicAuthenticator::class);
+
+/**
+ * BasicAuthenticationEntryPoint starts an HTTP Basic authentication.
+ *
+ * @author Fabien Potencier <[email protected]>
+ *
+ * @deprecated since Symfony 5.4
+ */
+class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface
+{
+    private $realmName;
+
+    public function __construct(string $realmName)
+    {
+        $this->realmName = $realmName;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function start(Request $request, ?AuthenticationException $authException = null)
+    {
+        $response = new Response();
+        $response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName));
+        $response->setStatusCode(401);
+
+        return $response;
+    }
+}

EntryPoint/FormAuthenticationEntryPoint.php

@@ -0,0 +1,66 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\EntryPoint;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
+use Symfony\Component\Security\Http\HttpUtils;
+
+trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use the new security system with "%s" instead.', FormAuthenticationEntryPoint::class, FormLoginAuthenticator::class);
+
+/**
+ * FormAuthenticationEntryPoint starts an authentication via a login form.
+ *
+ * @author Fabien Potencier <[email protected]>
+ *
+ * @deprecated since Symfony 5.4
+ */
+class FormAuthenticationEntryPoint implements AuthenticationEntryPointInterface
+{
+    private $loginPath;
+    private $useForward;
+    private $httpKernel;
+    private $httpUtils;
+
+    /**
+     * @param string $loginPath  The path to the login form
+     * @param bool   $useForward Whether to forward or redirect to the login form
+     */
+    public function __construct(HttpKernelInterface $kernel, HttpUtils $httpUtils, string $loginPath, bool $useForward = false)
+    {
+        $this->httpKernel = $kernel;
+        $this->httpUtils = $httpUtils;
+        $this->loginPath = $loginPath;
+        $this->useForward = $useForward;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function start(Request $request, ?AuthenticationException $authException = null)
+    {
+        if ($this->useForward) {
+            $subRequest = $this->httpUtils->createRequest($request, $this->loginPath);
+
+            $response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+            if (200 === $response->getStatusCode()) {
+                $response->setStatusCode(401);
+            }
+
+            return $response;
+        }
+
+        return $this->httpUtils->createRedirectResponse($request, $this->loginPath);
+    }
+}

EntryPoint/RetryAuthenticationEntryPoint.php

@@ -0,0 +1,64 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\EntryPoint;
+
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\Firewall\ChannelListener;
+
+trigger_deprecation('symfony/security-http', '5.4', 'The "%s" class is deprecated, use "%s" directly (and optionally configure the HTTP(s) ports there).', RetryAuthenticationEntryPoint::class, ChannelListener::class);
+
+/**
+ * RetryAuthenticationEntryPoint redirects URL based on the configured scheme.
+ *
+ * This entry point is not intended to work with HTTP post requests.
+ *
+ * @author Fabien Potencier <[email protected]>
+ *
+ * @deprecated since Symfony 5.4
+ */
+class RetryAuthenticationEntryPoint implements AuthenticationEntryPointInterface
+{
+    private $httpPort;
+    private $httpsPort;
+
+    public function __construct(int $httpPort = 80, int $httpsPort = 443)
+    {
+        $this->httpPort = $httpPort;
+        $this->httpsPort = $httpsPort;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function start(Request $request, ?AuthenticationException $authException = null)
+    {
+        $scheme = $request->isSecure() ? 'http' : 'https';
+        if ('http' === $scheme && 80 != $this->httpPort) {
+            $port = ':'.$this->httpPort;
+        } elseif ('https' === $scheme && 443 != $this->httpsPort) {
+            $port = ':'.$this->httpsPort;
+        } else {
+            $port = '';
+        }
+
+        $qs = $request->getQueryString();
+        if (null !== $qs) {
+            $qs = '?'.$qs;
+        }
+
+        $url = $scheme.'://'.$request->getHost().$port.$request->getBaseUrl().$request->getPathInfo().$qs;
+
+        return new RedirectResponse($url, 301);
+    }
+}

Event/LoginFailureEvent.php

@@ -36,7 +36,7 @@ class LoginFailureEvent extends Event
     private string $firewallName;
     private ?Passport $passport;
 
-    public function __construct(AuthenticationException $exception, AuthenticatorInterface $authenticator, Request $request, ?Response $response, string $firewallName, Passport $passport = null)
+    public function __construct(AuthenticationException $exception, AuthenticatorInterface $authenticator, Request $request, ?Response $response, string $firewallName, ?Passport $passport = null)
     {
         $this->exception = $exception;
         $this->authenticator = $authenticator;

Event/LoginSuccessEvent.php

@@ -40,7 +40,7 @@ class LoginSuccessEvent extends Event
     private ?Response $response;
     private string $firewallName;
 
-    public function __construct(AuthenticatorInterface $authenticator, Passport $passport, TokenInterface $authenticatedToken, Request $request, ?Response $response, string $firewallName, TokenInterface $previousToken = null)
+    public function __construct(AuthenticatorInterface $authenticator, Passport $passport, TokenInterface $authenticatedToken, Request $request, ?Response $response, string $firewallName, ?TokenInterface $previousToken = null)
     {
         $this->authenticator = $authenticator;
         $this->passport = $passport;

Event/SwitchUserEvent.php

@@ -27,7 +27,7 @@ final class SwitchUserEvent extends Event
     private UserInterface $targetUser;
     private ?TokenInterface $token;
 
-    public function __construct(Request $request, UserInterface $targetUser, TokenInterface $token = null)
+    public function __construct(Request $request, UserInterface $targetUser, ?TokenInterface $token = null)
     {
         $this->request = $request;
         $this->targetUser = $targetUser;

EventListener/CheckRememberMeConditionsListener.php

@@ -38,7 +38,7 @@ class CheckRememberMeConditionsListener implements EventSubscriberInterface
     private array $options;
     private ?LoggerInterface $logger;
 
-    public function __construct(array $options = [], LoggerInterface $logger = null)
+    public function __construct(array $options = [], ?LoggerInterface $logger = null)
     {
         $this->options = $options + ['always_remember_me' => false, 'remember_me_parameter' => '_remember_me'];
         $this->logger = $logger;

EventListener/RememberMeListener.php

@@ -37,7 +37,7 @@ class RememberMeListener implements EventSubscriberInterface
     private RememberMeHandlerInterface $rememberMeHandler;
     private ?LoggerInterface $logger;
 
-    public function __construct(RememberMeHandlerInterface $rememberMeHandler, LoggerInterface $logger = null)
+    public function __construct(RememberMeHandlerInterface $rememberMeHandler, ?LoggerInterface $logger = null)
     {
         $this->rememberMeHandler = $rememberMeHandler;
         $this->logger = $logger;