Merge branch '6.4' into 7.0

* 6.4: [WebProfilerBundle][TwigBundle] Add conflicts with 7.0 Check whether secrets are empty and mark them all as sensitive [HttpKernel] Add `ControllerResolver::allowControllers()` to define which callables are legit controllers when the `_check_controller_is_allowed` request attribute is set
symfony · Nov 7, 2023 · dbd904a · dbd904a
2 parents e3d3b7b + 9e24a71
commit dbd904a
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/Authentication/Token/RememberMeToken.php b/Authentication/Token/RememberMeToken.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Token;
 
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
@@ -32,12 +33,12 @@ public function __construct(UserInterface $user, string $firewallName, #[\Sensit
     {
         parent::__construct($user->getRoles());
 
-        if (empty($secret)) {
-            throw new \InvalidArgumentException('$secret must not be empty.');
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
         }
 
-        if ('' === $firewallName) {
-            throw new \InvalidArgumentException('$firewallName must not be empty.');
+        if (!$firewallName) {
+            throw new InvalidArgumentException('$firewallName must not be empty.');
         }
 
         $this->firewallName = $firewallName;

diff --git a/Signature/SignatureHasher.php b/Signature/SignatureHasher.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Signature;
 
 use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\Signature\Exception\ExpiredSignatureException;
 use Symfony\Component\Security\Core\Signature\Exception\InvalidSignatureException;
 use Symfony\Component\Security\Core\User\UserInterface;
@@ -37,6 +38,10 @@ class SignatureHasher
      */
     public function __construct(PropertyAccessorInterface $propertyAccessor, array $signatureProperties, #[\SensitiveParameter] string $secret, ExpiredSignatureStorage $expiredSignaturesStorage = null, int $maxUses = null)
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $this->propertyAccessor = $propertyAccessor;
         $this->signatureProperties = $signatureProperties;
         $this->secret = $secret;