* Remove`AbstractListener::__invoke`

* Remove`LazyFirewallContext::__invoke()`

SecurityBundle

* Remove the deprecated`hide_user_not_found` configuration option, use`expose_security_errors` instead

*Before*

security:

hide_user_not_found:false

security:

expose_security_errors:true

----------

8.0

* Remove the deprecated`hide_user_not_found` configuration option, use`expose_security_errors` instead

*[BC BREAK] Remove the deprecated`algorithm` and`key` options from the OIDC token handler configuration, use`algorithms` and`keyset` instead

*[BC BREAK] Remove deprecated rate limiter factory autowiring aliases

* Remove`LazyFirewallContext::__invoke()`

7.4

->docUrl('https://symfony.com/doc/{version:major}.{version:minor}/reference/configuration/security.html','symfony/security-bundle')

->beforeNormalization()

->always()

->then(function ($v) {

if (isset($v['hide_user_not_found']) &&isset($v['expose_security_errors'])) {

thrownewInvalidConfigurationException('You cannot use both "hide_user_not_found" and "expose_security_errors" at the same time.');

}

if (isset($v['hide_user_not_found']) && !isset($v['expose_security_errors'])) {

$v['expose_security_errors'] =$v['hide_user_not_found'] ? ExposeSecurityLevel::None : ExposeSecurityLevel::All;

}

return$v;

})

->end()

->children()

->scalarNode('access_denied_url')->defaultNull()->example('/foo/error403')->end()

->enumNode('session_fixation_strategy')

->values([SessionAuthenticationStrategy::NONE, SessionAuthenticationStrategy::MIGRATE, SessionAuthenticationStrategy::INVALIDATE])

->defaultValue(SessionAuthenticationStrategy::MIGRATE)

->end()

->booleanNode('hide_user_not_found')

->setDeprecated('symfony/security-bundle','7.3','The "%node%" option is deprecated and will be removed in 8.0. Use the "expose_security_errors" option instead.')

->end()

->enumNode('expose_security_errors')

->beforeNormalization()->ifString()->then(fn ($v) => ExposeSecurityLevel::tryFrom($v))->end()

->values(ExposeSecurityLevel::cases())

yield [['expose_security_errors' =>'all'], ExposeSecurityLevel::All];

}

publicfunctiontestExposeSecurityErrorsWithLegacyConfig(array$config,ExposeSecurityLevel$expectedExposeSecurityErrors, ?bool$expectedHideUserNotFound)

{

$this->expectUserDeprecationMessage('Since symfony/security-bundle 7.3: The "hide_user_not_found" option is deprecated and will be removed in 8.0. Use the "expose_security_errors" option instead.');

$config =array_merge(static::$minimalConfig,$config);

$processor =newProcessor();

$configuration =newMainConfiguration([], []);

$processedConfig =$processor->processConfiguration($configuration, [$config]);

$this->assertEquals($expectedExposeSecurityErrors,$processedConfig['expose_security_errors']);

$this->assertEquals($expectedHideUserNotFound,$processedConfig['hide_user_not_found']);

}

publicstaticfunctionprovideHideUserNotFoundLegacyData():iterable

{

yield [['hide_user_not_found' =>true], ExposeSecurityLevel::None,true];

yield [['hide_user_not_found' =>false], ExposeSecurityLevel::All,false];

}

publicfunctiontestCannotUseHideUserNotFoundAndExposeSecurityErrorsAtTheSameTime()

{

$processor =newProcessor();

$configuration =newMainConfiguration([], []);

$this->expectException(InvalidConfigurationException::class);

$this->expectExceptionMessage('You cannot use both "hide_user_not_found" and "expose_security_errors" at the same time.');

$processor->processConfiguration($configuration, [static::$minimalConfig + [

'hide_user_not_found' =>true,

'expose_security_errors' => ExposeSecurityLevel::None,

]]);

}

}