symfony
diff --git a/‎UPGRADE-6.0.md
Lines changed: 5 additions & 0 deletions b/‎UPGRADE-6.0.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_legacy.php
Lines changed: 121 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_legacy.php
Lines changed: 121 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php
Lines changed: 0 additions & 118 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php
Lines changed: 0 additions & 118 deletions
diff --git a/‎src/Symfony/Component/Form/Extension/Core/Type/DateType.php
Lines changed: 1 addition & 3 deletions b/‎src/Symfony/Component/Form/Extension/Core/Type/DateType.php
Lines changed: 1 addition & 3 deletions
diff --git a/‎src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
Lines changed: 3 additions & 7 deletions b/‎src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
Lines changed: 3 additions & 7 deletions
diff --git a/‎src/Symfony/Component/Intl/DateFormatter/IntlDateFormatter.php
Lines changed: 8 additions & 5 deletions b/‎src/Symfony/Component/Intl/DateFormatter/IntlDateFormatter.php
Lines changed: 8 additions & 5 deletions
diff --git a/‎src/Symfony/Component/Intl/Tests/DateFormatter/IntlDateFormatterTest.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Intl/Tests/DateFormatter/IntlDateFormatterTest.php
Lines changed: 1 addition & 1 deletion
@@ -199,6 +199,11 @@ Routing
 Security
 --------
 
+ * Authentication tokens do not implement the deprecated `Serializable`
+   interface anymore. The consequence is that tokens that were serialized (e.g.
+   into the session) with PHP 7.3 or below cannot be unserialized anymore. It is
+   recommended to roll out a Symfony 5 application with PHP 7.4 or later first
+   before upgrading it to Symfony 6.
  * Remove class `User`, use `InMemoryUser` or your own implementation instead.
    If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing them
    in your own user class as they are not part of the `InMemoryUser` API
 
@@ -13,6 +13,16 @@
 
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 use Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager;
+use Symfony\Component\Security\Core\Authentication\Provider\AnonymousAuthenticationProvider;
+use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider;
+use Symfony\Component\Security\Core\Authentication\Provider\LdapBindAuthenticationProvider;
+use Symfony\Component\Security\Core\Authentication\Provider\PreAuthenticatedAuthenticationProvider;
+use Symfony\Component\Security\Http\Firewall\AnonymousAuthenticationListener;
+use Symfony\Component\Security\Http\Firewall\BasicAuthenticationListener;
+use Symfony\Component\Security\Http\Firewall\RemoteUserAuthenticationListener;
+use Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener;
+use Symfony\Component\Security\Http\Firewall\UsernamePasswordJsonAuthenticationListener;
+use Symfony\Component\Security\Http\Firewall\X509AuthenticationListener;
 
 return static function (ContainerConfigurator $container) {
     $container->services()
@@ -24,6 +34,117 @@
                 param('security.authentication.manager.erase_credentials'),
             ])
             ->call('setEventDispatcher', [service('event_dispatcher')])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
         ->alias(AuthenticationManagerInterface::class, 'security.authentication.manager')
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.listener.anonymous', AnonymousAuthenticationListener::class)
+            ->args([
+                service('security.untracked_token_storage'),
+                abstract_arg('Key'),
+                service('logger')->nullOnInvalid(),
+                service('security.authentication.manager'),
+            ])
+            ->tag('monolog.logger', ['channel' => 'security'])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.provider.anonymous', AnonymousAuthenticationProvider::class)
+            ->args([abstract_arg('Key')])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.listener.form', UsernamePasswordFormAuthenticationListener::class)
+            ->parent('security.authentication.listener.abstract')
+            ->abstract()
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.listener.x509', X509AuthenticationListener::class)
+            ->abstract()
+            ->args([
+                service('security.token_storage'),
+                service('security.authentication.manager'),
+                abstract_arg('Provider-shared Key'),
+                abstract_arg('x509 user'),
+                abstract_arg('x509 credentials'),
+                service('logger')->nullOnInvalid(),
+                service('event_dispatcher')->nullOnInvalid(),
+            ])
+            ->tag('monolog.logger', ['channel' => 'security'])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.listener.json', UsernamePasswordJsonAuthenticationListener::class)
+            ->abstract()
+            ->args([
+                service('security.token_storage'),
+                service('security.authentication.manager'),
+                service('security.http_utils'),
+                abstract_arg('Provider-shared Key'),
+                abstract_arg('Failure handler'),
+                abstract_arg('Success Handler'),
+                [], // Options
+                service('logger')->nullOnInvalid(),
+                service('event_dispatcher')->nullOnInvalid(),
+                service('property_accessor')->nullOnInvalid(),
+            ])
+            ->call('setTranslator', [service('translator')->ignoreOnInvalid()])
+            ->tag('monolog.logger', ['channel' => 'security'])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.listener.remote_user', RemoteUserAuthenticationListener::class)
+            ->abstract()
+            ->args([
+                service('security.token_storage'),
+                service('security.authentication.manager'),
+                abstract_arg('Provider-shared Key'),
+                abstract_arg('REMOTE_USER server env var'),
+                service('logger')->nullOnInvalid(),
+                service('event_dispatcher')->nullOnInvalid(),
+            ])
+            ->tag('monolog.logger', ['channel' => 'security'])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.listener.basic', BasicAuthenticationListener::class)
+            ->abstract()
+            ->args([
+                service('security.token_storage'),
+                service('security.authentication.manager'),
+                abstract_arg('Provider-shared Key'),
+                abstract_arg('Entry Point'),
+                service('logger')->nullOnInvalid(),
+            ])
+            ->tag('monolog.logger', ['channel' => 'security'])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.provider.dao', DaoAuthenticationProvider::class)
+            ->abstract()
+            ->args([
+                abstract_arg('User Provider'),
+                abstract_arg('User Checker'),
+                abstract_arg('Provider-shared Key'),
+                service('security.password_hasher_factory'),
+                param('security.authentication.hide_user_not_found'),
+            ])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.provider.ldap_bind', LdapBindAuthenticationProvider::class)
+            ->abstract()
+            ->args([
+                abstract_arg('User Provider'),
+                abstract_arg('UserChecker'),
+                abstract_arg('Provider-shared Key'),
+                abstract_arg('LDAP'),
+                abstract_arg('Base DN'),
+                param('security.authentication.hide_user_not_found'),
+                abstract_arg('search dn'),
+                abstract_arg('search password'),
+            ])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
+
+        ->set('security.authentication.provider.pre_authenticated', PreAuthenticatedAuthenticationProvider::class)
+            ->abstract()
+            ->args([
+                abstract_arg('User Provider'),
+                abstract_arg('UserChecker'),
+            ])
+            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
     ;
 };
@@ -11,10 +11,6 @@
 
 namespace Symfony\Component\DependencyInjection\Loader\Configurator;
 
-use Symfony\Component\Security\Core\Authentication\Provider\AnonymousAuthenticationProvider;
-use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider;
-use Symfony\Component\Security\Core\Authentication\Provider\LdapBindAuthenticationProvider;
-use Symfony\Component\Security\Core\Authentication\Provider\PreAuthenticatedAuthenticationProvider;
 use Symfony\Component\Security\Http\AccessMap;
 use Symfony\Component\Security\Http\Authentication\CustomAuthenticationFailureHandler;
 use Symfony\Component\Security\Http\Authentication\CustomAuthenticationSuccessHandler;
@@ -27,33 +23,14 @@
 use Symfony\Component\Security\Http\EventListener\DefaultLogoutListener;
 use Symfony\Component\Security\Http\EventListener\SessionLogoutListener;
 use Symfony\Component\Security\Http\Firewall\AccessListener;
-use Symfony\Component\Security\Http\Firewall\AnonymousAuthenticationListener;
-use Symfony\Component\Security\Http\Firewall\BasicAuthenticationListener;
 use Symfony\Component\Security\Http\Firewall\ChannelListener;
 use Symfony\Component\Security\Http\Firewall\ContextListener;
 use Symfony\Component\Security\Http\Firewall\ExceptionListener;
 use Symfony\Component\Security\Http\Firewall\LogoutListener;
-use Symfony\Component\Security\Http\Firewall\RemoteUserAuthenticationListener;
 use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
-use Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener;
-use Symfony\Component\Security\Http\Firewall\UsernamePasswordJsonAuthenticationListener;
-use Symfony\Component\Security\Http\Firewall\X509AuthenticationListener;
 
 return static function (ContainerConfigurator $container) {
     $container->services()
-        ->set('security.authentication.listener.anonymous', AnonymousAuthenticationListener::class)
-            ->args([
-                service('security.untracked_token_storage'),
-                abstract_arg('Key'),
-                service('logger')->nullOnInvalid(),
-                service('security.authentication.manager'),
-            ])
-            ->tag('monolog.logger', ['channel' => 'security'])
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
-
-        ->set('security.authentication.provider.anonymous', AnonymousAuthenticationProvider::class)
-            ->args([abstract_arg('Key')])
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
 
         ->set('security.authentication.retry_entry_point', RetryAuthenticationEntryPoint::class)
             ->args([
@@ -160,101 +137,6 @@
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
 
-        ->set('security.authentication.listener.form', UsernamePasswordFormAuthenticationListener::class)
-            ->parent('security.authentication.listener.abstract')
-            ->abstract()
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
-
-        ->set('security.authentication.listener.x509', X509AuthenticationListener::class)
-            ->abstract()
-            ->args([
-                service('security.token_storage'),
-                service('security.authentication.manager'),
-                abstract_arg('Provider-shared Key'),
-                abstract_arg('x509 user'),
-                abstract_arg('x509 credentials'),
-                service('logger')->nullOnInvalid(),
-                service('event_dispatcher')->nullOnInvalid(),
-            ])
-            ->tag('monolog.logger', ['channel' => 'security'])
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
-
-        ->set('security.authentication.listener.json', UsernamePasswordJsonAuthenticationListener::class)
-            ->abstract()
-            ->args([
-                service('security.token_storage'),
-                service('security.authentication.manager'),
-                service('security.http_utils'),
-                abstract_arg('Provider-shared Key'),
-                abstract_arg('Failure handler'),
-                abstract_arg('Success Handler'),
-                [], // Options
-                service('logger')->nullOnInvalid(),
-                service('event_dispatcher')->nullOnInvalid(),
-                service('property_accessor')->nullOnInvalid(),
-            ])
-            ->call('setTranslator', [service('translator')->ignoreOnInvalid()])
-            ->tag('monolog.logger', ['channel' => 'security'])
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
-
-        ->set('security.authentication.listener.remote_user', RemoteUserAuthenticationListener::class)
-            ->abstract()
-            ->args([
-                service('security.token_storage'),
-                service('security.authentication.manager'),
-                abstract_arg('Provider-shared Key'),
-                abstract_arg('REMOTE_USER server env var'),
-                service('logger')->nullOnInvalid(),
-                service('event_dispatcher')->nullOnInvalid(),
-            ])
-            ->tag('monolog.logger', ['channel' => 'security'])
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
-
-        ->set('security.authentication.listener.basic', BasicAuthenticationListener::class)
-            ->abstract()
-            ->args([
-                service('security.token_storage'),
-                service('security.authentication.manager'),
-                abstract_arg('Provider-shared Key'),
-                abstract_arg('Entry Point'),
-                service('logger')->nullOnInvalid(),
-            ])
-            ->tag('monolog.logger', ['channel' => 'security'])
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
-
-        ->set('security.authentication.provider.dao', DaoAuthenticationProvider::class)
-            ->abstract()
-            ->args([
-                abstract_arg('User Provider'),
-                abstract_arg('User Checker'),
-                abstract_arg('Provider-shared Key'),
-                service('security.password_hasher_factory'),
-                param('security.authentication.hide_user_not_found'),
-            ])
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
-
-        ->set('security.authentication.provider.ldap_bind', LdapBindAuthenticationProvider::class)
-            ->abstract()
-            ->args([
-                abstract_arg('User Provider'),
-                abstract_arg('UserChecker'),
-                abstract_arg('Provider-shared Key'),
-                abstract_arg('LDAP'),
-                abstract_arg('Base DN'),
-                param('security.authentication.hide_user_not_found'),
-                abstract_arg('search dn'),
-                abstract_arg('search password'),
-            ])
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
-
-        ->set('security.authentication.provider.pre_authenticated', PreAuthenticatedAuthenticationProvider::class)
-            ->abstract()
-            ->args([
-                abstract_arg('User Provider'),
-                abstract_arg('UserChecker'),
-            ])
-            ->deprecate('symfony/security-bundle', '5.3', 'The "%service_id%" service is deprecated, use the new authenticator system instead.')
-
         ->set('security.exception_listener', ExceptionListener::class)
             ->abstract()
             ->args([
 
@@ -375,9 +375,7 @@ private function listYears(array $years)
         $result = [];
 
         foreach ($years as $year) {
-            if (false !== $y = gmmktime(0, 0, 0, 6, 15, $year)) {
-                $result[$y] = $year;
-            }
+            $result[\PHP_INT_SIZE === 4 ? \DateTime::createFromFormat('Y e', $year.' UTC')->format('U') : gmmktime(0, 0, 0, 6, 15, $year)] = $year;
         }
 
         return $result;
 
@@ -927,19 +927,15 @@ public function testDayErrorsBubbleUp($widget)
         $this->assertSame([$error], iterator_to_array($form->getErrors()));
     }
 
-    public function testYearsFor32BitsMachines()
+    public function testYears()
     {
-        if (4 !== \PHP_INT_SIZE) {
-            $this->markTestSkipped('PHP 32 bit is required.');
-        }
-
         $view = $this->factory->create(static::TESTED_TYPE, null, [
-            'years' => range(1900, 2040),
+            'years' => [1900, 2000, 2040],
         ])
             ->createView();
 
         $listChoices = [];
-        foreach (range(1902, 2037) as $y) {
+        foreach ([1900, 2000, 2040] as $y) {
             $listChoices[] = new ChoiceView($y, $y, $y);
         }
 
 
@@ -182,7 +182,7 @@ public static function create(?string $locale, ?int $datetype, ?int $timetype, $
     /**
      * Format the date/time value (timestamp) as a string.
      *
-     * @param int|\DateTimeInterface $timestamp The timestamp to format
+     * @param int|string|\DateTimeInterface $timestamp The timestamp to format
      *
      * @return string|bool The formatted value or false if formatting failed
      *
@@ -194,11 +194,15 @@ public function format($timestamp)
     {
         // intl allows timestamps to be passed as arrays - we don't
         if (\is_array($timestamp)) {
-            $message = 'Only integer Unix timestamps and DateTime objects are supported';
+            $message = 'Only Unix timestamps and DateTime objects are supported';
 
             throw new MethodArgumentValueNotImplementedException(__METHOD__, 'timestamp', $timestamp, $message);
         }
 
+        if (\is_string($timestamp) && $dt = \DateTime::createFromFormat('U', $timestamp)) {
+            $timestamp = $dt;
+        }
+
         // behave like the intl extension
         $argumentError = null;
         if (!\is_int($timestamp) && !$timestamp instanceof \DateTimeInterface) {
@@ -214,7 +218,7 @@ public function format($timestamp)
         }
 
         if ($timestamp instanceof \DateTimeInterface) {
-            $timestamp = $timestamp->getTimestamp();
+            $timestamp = $timestamp->format('U');
         }
 
         $transformer = new FullTransformer($this->getPattern(), $this->getTimeZoneId());
@@ -585,8 +589,7 @@ public function setTimeZone($timeZone)
      */
     protected function createDateTime(int $timestamp)
     {
-        $dateTime = new \DateTime();
-        $dateTime->setTimestamp($timestamp);
+        $dateTime = \DateTime::createFromFormat('U', $timestamp);
         $dateTime->setTimezone($this->dateTimeZone);
 
         return $dateTime;
 
@@ -75,7 +75,7 @@ public function testFormatWithUnsupportedTimestampArgument()
         } catch (\Exception $e) {
             $this->assertInstanceOf(MethodArgumentValueNotImplementedException::class, $e);
 
-            $this->assertStringEndsWith('Only integer Unix timestamps and DateTime objects are supported.  Please install the "intl" extension for full localization capabilities.', $e->getMessage());
+            $this->assertStringEndsWith('Only Unix timestamps and DateTime objects are supported.  Please install the "intl" extension for full localization capabilities.', $e->getMessage());
         }
     }
Original file line number	Diff line number	Diff line change
`@@ -375,9 +375,7 @@ private function listYears(array $years)`
`375`	`375`	`$result = [];`
`376`	`376`
`377`	`377`	`foreach ($years as $year) {`
`378`		`- if (false !== $y = gmmktime(0, 0, 0, 6, 15, $year)) {`
`379`		`- $result[$y] = $year;`
`380`		`- }`
	`378`	`+ $result[\PHP_INT_SIZE === 4 ? \DateTime::createFromFormat('Y e', $year.' UTC')->format('U') : gmmktime(0, 0, 0, 6, 15, $year)] = $year;`
`381`	`379`	`}`
`382`	`380`
`383`	`381`	`return $result;`
Original file line number	Diff line number	Diff line change
`@@ -182,7 +182,7 @@ public static function create(?string $locale, ?int $datetype, ?int $timetype, $`
`182`	`182`	`/**`
`183`	`183`	`* Format the date/time value (timestamp) as a string.`
`184`	`184`	`*`
`185`		`- * @param int\|\DateTimeInterface $timestamp The timestamp to format`
	`185`	`+ * @param int\|string\|\DateTimeInterface $timestamp The timestamp to format`
`186`	`186`	`*`
`187`	`187`	`* @return string\|bool The formatted value or false if formatting failed`
`188`	`188`	`*`
`@@ -194,11 +194,15 @@ public function format($timestamp)`
`194`	`194`	`{`
`195`	`195`	`// intl allows timestamps to be passed as arrays - we don't`
`196`	`196`	`if (\is_array($timestamp)) {`
`197`		`- $message = 'Only integer Unix timestamps and DateTime objects are supported';`
	`197`	`+ $message = 'Only Unix timestamps and DateTime objects are supported';`
`198`	`198`
`199`	`199`	`throw new MethodArgumentValueNotImplementedException(__METHOD__, 'timestamp', $timestamp, $message);`
`200`	`200`	`}`
`201`	`201`
	`202`	`+ if (\is_string($timestamp) && $dt = \DateTime::createFromFormat('U', $timestamp)) {`
	`203`	`+ $timestamp = $dt;`
	`204`	`+ }`
	`205`	`+`
`202`	`206`	`// behave like the intl extension`
`203`	`207`	`$argumentError = null;`
`204`	`208`	`if (!\is_int($timestamp) && !$timestamp instanceof \DateTimeInterface) {`
`@@ -214,7 +218,7 @@ public function format($timestamp)`
`214`	`218`	`}`
`215`	`219`
`216`	`220`	`if ($timestamp instanceof \DateTimeInterface) {`
`217`		`- $timestamp = $timestamp->getTimestamp();`
	`221`	`+ $timestamp = $timestamp->format('U');`
`218`	`222`	`}`
`219`	`223`
`220`	`224`	`$transformer = new FullTransformer($this->getPattern(), $this->getTimeZoneId());`
`@@ -585,8 +589,7 @@ public function setTimeZone($timeZone)`
`585`	`589`	`*/`
`586`	`590`	`protected function createDateTime(int $timestamp)`
`587`	`591`	`{`
`588`		`- $dateTime = new \DateTime();`
`589`		`- $dateTime->setTimestamp($timestamp);`
	`592`	`+ $dateTime = \DateTime::createFromFormat('U', $timestamp);`
`590`	`593`	`$dateTime->setTimezone($this->dateTimeZone);`
`591`	`594`
`592`	`595`	`return $dateTime;`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ public function testFormatWithUnsupportedTimestampArgument()`
`75`	`75`	`} catch (\Exception $e) {`
`76`	`76`	`$this->assertInstanceOf(MethodArgumentValueNotImplementedException::class, $e);`
`77`	`77`
`78`		`- $this->assertStringEndsWith('Only integer Unix timestamps and DateTime objects are supported. Please install the "intl" extension for full localization capabilities.', $e->getMessage());`
	`78`	`+ $this->assertStringEndsWith('Only Unix timestamps and DateTime objects are supported. Please install the "intl" extension for full localization capabilities.', $e->getMessage());`
`79`	`79`	`}`
`80`	`80`	`}`
`81`	`81`