symfony
diff --git a/‎.github/workflows/unit-tests.yml
+7-5 b/‎.github/workflows/unit-tests.yml
+7-5
diff --git a/‎UPGRADE-5.4.md
+14 b/‎UPGRADE-5.4.md
+14
diff --git a/‎UPGRADE-6.0.md
+3 b/‎UPGRADE-6.0.md
+3
diff --git a/‎src/Symfony/Bridge/Monolog/Tests/Processor/ConsoleCommandProcessorTest.php
+2-4 b/‎src/Symfony/Bridge/Monolog/Tests/Processor/ConsoleCommandProcessorTest.php
+2-4
diff --git a/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+6 b/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
+6
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+4-1 b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+4-1
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+3 b/‎src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+3
diff --git a/‎src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php
+23-45 b/‎src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php
+23-45
diff --git a/‎src/Symfony/Component/Cache/CHANGELOG.md
+1 b/‎src/Symfony/Component/Cache/CHANGELOG.md
+1
@@ -183,24 +183,26 @@ jobs:
           # matrix.mode = high-deps
           echo "$COMPONENTS" | xargs -n1 | parallel -j +3 "_run_tests {} 'cd {} && $COMPOSER_UP && $PHPUNIT$LEGACY'" || X=1
 
+          # get a list of the patched components (relies on .github/build-packages.php being called in the previous step)
           (cd src/Symfony/Component/HttpFoundation; mv composer.bak composer.json)
-          COMPONENTS=$(git diff --name-only src/ | grep composer.json || true)
+          PATCHED_COMPONENTS=$(git diff --name-only src/ | grep composer.json || true)
 
-          if [[ $COMPONENTS && $SYMFONY_VERSION = *.4 ]]; then
+          # for x.4 branches, checkout and test previous major with the patched components (only for patched components)
+          if [[ $PATCHED_COMPONENTS && $SYMFONY_VERSION = *.4 ]]; then
               export FLIP='^'
               SYMFONY_VERSION=$(echo $SYMFONY_VERSION | awk '{print $1 - 1}')
               echo -e "\\n\\e[33;1mChecking out Symfony $SYMFONY_VERSION and running tests with patched components as deps\\e[0m"
               export COMPOSER_ROOT_VERSION=$SYMFONY_VERSION.x-dev
               export SYMFONY_REQUIRE=">=$SYMFONY_VERSION"
               git fetch --depth=2 origin $SYMFONY_VERSION
               git checkout -m FETCH_HEAD
-              COMPONENTS=$(echo "$COMPONENTS" | xargs dirname | xargs -n1 -I{} bash -c "[ -e '{}/phpunit.xml.dist' ] && echo '{}'" | sort || true)
+              PATCHED_COMPONENTS=$(echo "$PATCHED_COMPONENTS" | xargs dirname | xargs -n1 -I{} bash -c "[ -e '{}/phpunit.xml.dist' ] && echo '{}'" | sort || true)
               (cd src/Symfony/Component/HttpFoundation; composer require --dev --no-update mongodb/mongodb)
-              if [[ $COMPONENTS ]]; then
+              if [[ $PATCHED_COMPONENTS ]]; then
                 echo "::group::install phpunit"
                 ./phpunit install
                 echo "::endgroup::"
-                echo "$COMPONENTS" | parallel -j +3 "_run_tests {} 'cd {} && rm composer.lock vendor/ -Rf && $COMPOSER_UP && $PHPUNIT$LEGACY'" || X=1
+                echo "$PATCHED_COMPONENTS" | parallel -j +3 "_run_tests {} 'cd {} && rm composer.lock vendor/ -Rf && $COMPOSER_UP && $PHPUNIT$LEGACY'" || X=1
               fi
           fi
 
 
@@ -16,3 +16,17 @@ HttpKernel
 ----------
 
  * Deprecate `AbstractTestSessionListener::getSession` inject a session in the request instead
+
+SecurityBundle
+--------------
+
+ * Deprecate the `always_authenticate_before_granting` option
+
+Security
+--------
+
+ * Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
+   5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker` (this is the default
+   behavior when using `enable_authenticator_manager: true`)
+ * Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
+   (this is the default behavior when using `enable_authenticator_manager: true`)
@@ -205,6 +205,8 @@ Routing
 Security
 --------
 
+ * Remove the 4th and 5th argument of `AuthorizationChecker`
+ * Remove the 5th argument of `AccessListener`
  * Remove class `User`, use `InMemoryUser` or your own implementation instead.
    If you are using the `isAccountNonLocked()`, `isAccountNonExpired()` or `isCredentialsNonExpired()` method, consider re-implementing them
    in your own user class as they are not part of the `InMemoryUser` API
@@ -324,6 +326,7 @@ Security
 SecurityBundle
 --------------
 
+ * Remove the `always_authenticate_before_granting` option
  * Remove the `UserPasswordEncoderCommand` class and the corresponding `user:encode-password` command,
    use `UserPasswordHashCommand` and `user:hash-password` instead
  * Remove the `security.encoder_factory.generic` service, the `security.encoder_factory` and `Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface` aliases,
 
@@ -16,6 +16,7 @@
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Event\ConsoleEvent;
 use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
 
 class ConsoleCommandProcessorTest extends TestCase
 {
@@ -66,10 +67,7 @@ private function getConsoleEvent(): ConsoleEvent
         $input->method('getOptions')->willReturn(self::TEST_OPTIONS);
         $command = $this->createMock(Command::class);
         $command->method('getName')->willReturn(self::TEST_NAME);
-        $consoleEvent = $this->createMock(ConsoleEvent::class);
-        $consoleEvent->method('getCommand')->willReturn($command);
-        $consoleEvent->method('getInput')->willReturn($input);
 
-        return $consoleEvent;
+        return new ConsoleEvent($command, $input, $this->createMock(OutputInterface::class));
     }
 }
@@ -12,6 +12,12 @@ CHANGELOG
  * Remove the `security.user_password_encoder.generic` service, the `security.password_encoder` and the `Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface` aliases,
    use `security.user_password_hasher`, `security.password_hasher` and `Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface` instead
 
+5.4
+---
+
+ * Deprecate the `always_authenticate_before_granting` option
+
+
 5.3
 ---
 
 
@@ -73,7 +73,10 @@ public function getConfigTreeBuilder()
                     ->defaultValue(SessionAuthenticationStrategy::MIGRATE)
                 ->end()
                 ->booleanNode('hide_user_not_found')->defaultTrue()->end()
-                ->booleanNode('always_authenticate_before_granting')->defaultFalse()->end()
+                ->booleanNode('always_authenticate_before_granting')
+                    ->defaultFalse()
+                    ->setDeprecated('symfony/security-bundle', '5.4')
+                ->end()
                 ->booleanNode('erase_credentials')->defaultTrue()->end()
                 ->booleanNode('enable_authenticator_manager')->defaultFalse()->info('Enables the new Symfony Security system based on Authenticators, all used authenticators must support this before enabling this.')->end()
                 ->arrayNode('access_decision_manager')
 
@@ -635,6 +635,9 @@ public function provideEntryPointRequiredData()
         ];
     }
 
+    /**
+     * @group legacy
+     */
     public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticatorManager()
     {
         $this->expectException(InvalidConfigurationException::class);
 
@@ -14,7 +14,6 @@
 use PHPUnit\Framework\TestCase;
 use Symfony\Bundle\WebProfilerBundle\Csp\ContentSecurityPolicyHandler;
 use Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener;
-use Symfony\Component\HttpFoundation\HeaderBag;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\Session\Session;
@@ -63,11 +62,11 @@ public function getInjectToolbarTests()
     /**
      * @dataProvider provideRedirects
      */
-    public function testHtmlRedirectionIsIntercepted($statusCode, $hasSession)
+    public function testHtmlRedirectionIsIntercepted($statusCode)
     {
         $response = new Response('Some content', $statusCode);
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(false, 'html', $hasSession), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock('Redirection'), true);
         $listener->onKernelResponse($event);
@@ -80,7 +79,7 @@ public function testNonHtmlRedirectionIsNotIntercepted()
     {
         $response = new Response('Some content', '301');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(false, 'json', true), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request([], [], ['_format' => 'json']), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock('Redirection'), true);
         $listener->onKernelResponse($event);
@@ -94,7 +93,7 @@ public function testToolbarIsInjected()
         $response = new Response('<html><head></head><body></body></html>');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock());
         $listener->onKernelResponse($event);
@@ -110,7 +109,7 @@ public function testToolbarIsNotInjectedOnNonHtmlContentType()
         $response = new Response('<html><head></head><body></body></html>');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
         $response->headers->set('Content-Type', 'text/xml');
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock());
         $listener->onKernelResponse($event);
@@ -126,7 +125,7 @@ public function testToolbarIsNotInjectedOnContentDispositionAttachment()
         $response = new Response('<html><head></head><body></body></html>');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
         $response->headers->set('Content-Disposition', 'attachment; filename=test.html');
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(false, 'html'), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock());
         $listener->onKernelResponse($event);
@@ -138,11 +137,11 @@ public function testToolbarIsNotInjectedOnContentDispositionAttachment()
      * @depends testToolbarIsInjected
      * @dataProvider provideRedirects
      */
-    public function testToolbarIsNotInjectedOnRedirection($statusCode, $hasSession)
+    public function testToolbarIsNotInjectedOnRedirection($statusCode)
     {
         $response = new Response('<html><head></head><body></body></html>', $statusCode);
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(false, 'html', $hasSession), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock());
         $listener->onKernelResponse($event);
@@ -153,10 +152,8 @@ public function testToolbarIsNotInjectedOnRedirection($statusCode, $hasSession)
     public function provideRedirects()
     {
         return [
-            [301, true],
-            [302, true],
-            [301, false],
-            [302, false],
+            [301],
+            [302],
         ];
     }
 
@@ -167,7 +164,7 @@ public function testToolbarIsNotInjectedWhenThereIsNoNoXDebugTokenResponseHeader
     {
         $response = new Response('<html><head></head><body></body></html>');
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock());
         $listener->onKernelResponse($event);
@@ -183,7 +180,7 @@ public function testToolbarIsNotInjectedWhenOnSubRequest()
         $response = new Response('<html><head></head><body></body></html>');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::SUB_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::SUB_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock());
         $listener->onKernelResponse($event);
@@ -199,7 +196,7 @@ public function testToolbarIsNotInjectedOnIncompleteHtmlResponses()
         $response = new Response('<div>Some content</div>');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock());
         $listener->onKernelResponse($event);
@@ -215,7 +212,10 @@ public function testToolbarIsNotInjectedOnXmlHttpRequests()
         $response = new Response('<html><head></head><body></body></html>');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(true), HttpKernelInterface::MAIN_REQUEST, $response);
+        $request = new Request();
+        $request->headers->set('X-Requested-With', 'XMLHttpRequest');
+
+        $event = new ResponseEvent($this->createMock(Kernel::class), $request, HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock());
         $listener->onKernelResponse($event);
@@ -231,7 +231,7 @@ public function testToolbarIsNotInjectedOnNonHtmlRequests()
         $response = new Response('<html><head></head><body></body></html>');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(false, 'json'), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request([], [], ['_format' => 'json']), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock());
         $listener->onKernelResponse($event);
@@ -252,7 +252,7 @@ public function testXDebugUrlHeader()
             ->willReturn('http://mydomain.com/_profiler/xxxxxxxx')
         ;
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, $urlGenerator);
         $listener->onKernelResponse($event);
@@ -273,7 +273,7 @@ public function testThrowingUrlGenerator()
             ->willThrowException(new \Exception('foo'))
         ;
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, $urlGenerator);
         $listener->onKernelResponse($event);
@@ -294,7 +294,7 @@ public function testThrowingErrorCleanup()
             ->willThrowException(new \Exception("This\nmultiline\r\ntabbed text should\tcome out\r on\n \ta single plain\r\nline"))
         ;
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, $urlGenerator);
         $listener->onKernelResponse($event);
@@ -307,7 +307,7 @@ public function testCspIsDisabledIfDumperWasUsed()
         $response = new Response('<html><head></head><body></body></html>');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $cspHandler = $this->createMock(ContentSecurityPolicyHandler::class);
         $cspHandler->expects($this->once())
@@ -328,7 +328,7 @@ public function testCspIsKeptEnabledIfDumperWasNotUsed()
         $response = new Response('<html><head></head><body></body></html>');
         $response->headers->set('X-Debug-Token', 'xxxxxxxx');
 
-        $event = new ResponseEvent($this->createMock(Kernel::class), $this->getRequestMock(), HttpKernelInterface::MAIN_REQUEST, $response);
+        $event = new ResponseEvent($this->createMock(Kernel::class), new Request(), HttpKernelInterface::MAIN_REQUEST, $response);
 
         $cspHandler = $this->createMock(ContentSecurityPolicyHandler::class);
         $cspHandler->expects($this->never())
@@ -344,28 +344,6 @@ public function testCspIsKeptEnabledIfDumperWasNotUsed()
         $this->assertEquals("<html><head></head><body>\nWDT\n</body></html>", $response->getContent());
     }
 
-    protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
-    {
-        $request = $this->getMockBuilder(Request::class)->setMethods(['getSession', 'isXmlHttpRequest', 'getRequestFormat'])->disableOriginalConstructor()->getMock();
-        $request->expects($this->any())
-            ->method('isXmlHttpRequest')
-            ->willReturn($isXmlHttpRequest);
-        $request->expects($this->any())
-            ->method('getRequestFormat')
-            ->willReturn($requestFormat);
-
-        $request->headers = new HeaderBag();
-
-        if ($hasSession) {
-            $session = $this->createMock(Session::class);
-            $request->expects($this->any())
-                ->method('getSession')
-                ->willReturn($session);
-        }
-
-        return $request;
-    }
-
     protected function getTwigMock($render = 'WDT')
     {
         $templating = $this->createMock(Environment::class);
 
@@ -9,6 +9,7 @@ CHANGELOG
 5.4
 ---
 
+ * Make `LockRegistry` use semaphores when possible
  * Deprecate `DoctrineProvider` because this class has been added to the `doctrine/cache` package
 
 5.3
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@`
`16`	`16`	`use Symfony\Component\Console\Command\Command;`
`17`	`17`	`use Symfony\Component\Console\Event\ConsoleEvent;`
`18`	`18`	`use Symfony\Component\Console\Input\InputInterface;`
	`19`	`+use Symfony\Component\Console\Output\OutputInterface;`
`19`	`20`
`20`	`21`	`class ConsoleCommandProcessorTest extends TestCase`
`21`	`22`	`{`
`@@ -66,10 +67,7 @@ private function getConsoleEvent(): ConsoleEvent`
`66`	`67`	`$input->method('getOptions')->willReturn(self::TEST_OPTIONS);`
`67`	`68`	`$command = $this->createMock(Command::class);`
`68`	`69`	`$command->method('getName')->willReturn(self::TEST_NAME);`
`69`		`- $consoleEvent = $this->createMock(ConsoleEvent::class);`
`70`		`- $consoleEvent->method('getCommand')->willReturn($command);`
`71`		`- $consoleEvent->method('getInput')->willReturn($input);`
`72`	`70`
`73`		`- return $consoleEvent;`
	`71`	`+ return new ConsoleEvent($command, $input, $this->createMock(OutputInterface::class));`
`74`	`72`	`}`
`75`	`73`	`}`
Original file line number	Diff line number	Diff line change
`@@ -635,6 +635,9 @@ public function provideEntryPointRequiredData()`
`635`	`635`	`];`
`636`	`636`	`}`
`637`	`637`
	`638`	`+ /**`
	`639`	`+ * @group legacy`
	`640`	`+ */`
`638`	`641`	`public function testAlwaysAuthenticateBeforeGrantingCannotBeTrueWithAuthenticatorManager()`
`639`	`642`	`{`
`640`	`643`	`$this->expectException(InvalidConfigurationException::class);`