Merge branch '5.4' into 6.3

* 5.4:
  Fix implicitly-required parameters
  List CS fix in .git-blame-ignore-revs
  Apply php-cs-fixer fix --rules nullable_type_declaration_for_default_null_value
  [Messenger][AmazonSqs] Allow async-aws/sqs version 2

Author: nicolas-grekas

Authentication/AuthenticationTrustResolver.php

@@ -21,17 +21,17 @@
  */
 class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface
 {
-    public function isAuthenticated(TokenInterface $token = null): bool
+    public function isAuthenticated(?TokenInterface $token = null): bool
     {
         return $token && $token->getUser();
     }
 
-    public function isRememberMe(TokenInterface $token = null): bool
+    public function isRememberMe(?TokenInterface $token = null): bool
     {
         return $token && $token instanceof RememberMeToken;
     }
 
-    public function isFullFledged(TokenInterface $token = null): bool
+    public function isFullFledged(?TokenInterface $token = null): bool
     {
         return $this->isAuthenticated($token) && !$this->isRememberMe($token);
     }

Authentication/AuthenticationTrustResolverInterface.php

@@ -23,16 +23,16 @@ interface AuthenticationTrustResolverInterface
     /**
      * Resolves whether the passed token implementation is authenticated.
      */
-    public function isAuthenticated(TokenInterface $token = null): bool;
+    public function isAuthenticated(?TokenInterface $token = null): bool;
 
     /**
      * Resolves whether the passed token implementation is authenticated
      * using remember-me capabilities.
      */
-    public function isRememberMe(TokenInterface $token = null): bool;
+    public function isRememberMe(?TokenInterface $token = null): bool;
 
     /**
      * Resolves whether the passed token implementation is fully authenticated.
      */
-    public function isFullFledged(TokenInterface $token = null): bool;
+    public function isFullFledged(?TokenInterface $token = null): bool;
 }

Authentication/Token/Storage/TokenStorage.php

@@ -40,7 +40,7 @@ public function getToken(): ?TokenInterface
     /**
      * @return void
      */
-    public function setToken(TokenInterface $token = null)
+    public function setToken(?TokenInterface $token = null)
     {
         if (1 > \func_num_args()) {
             trigger_deprecation('symfony/security-core', '6.2', 'Calling "%s()" without any arguments is deprecated, pass null explicitly instead.', __METHOD__);

Authentication/Token/Storage/UsageTrackingTokenStorage.php

@@ -44,7 +44,7 @@ public function getToken(): ?TokenInterface
         return $this->storage->getToken();
     }
 
-    public function setToken(TokenInterface $token = null): void
+    public function setToken(?TokenInterface $token = null): void
     {
         $this->storage->setToken($token);
 

Authentication/Token/SwitchUserToken.php

@@ -29,7 +29,7 @@ class SwitchUserToken extends UsernamePasswordToken
      *
      * @throws \InvalidArgumentException
      */
-    public function __construct(UserInterface $user, string $firewallName, array $roles, TokenInterface $originalToken, string $originatedFromUri = null)
+    public function __construct(UserInterface $user, string $firewallName, array $roles, TokenInterface $originalToken, ?string $originatedFromUri = null)
     {
         parent::__construct($user, $firewallName, $roles);
 

Authorization/AccessDecisionManager.php

@@ -40,7 +40,7 @@ final class AccessDecisionManager implements AccessDecisionManagerInterface
     /**
      * @param iterable<mixed, VoterInterface> $voters An array or an iterator of VoterInterface instances
      */
-    public function __construct(iterable $voters = [], AccessDecisionStrategyInterface $strategy = null)
+    public function __construct(iterable $voters = [], ?AccessDecisionStrategyInterface $strategy = null)
     {
         $this->voters = $voters;
         $this->strategy = $strategy ?? new AffirmativeStrategy();

Authorization/ExpressionLanguage.php

@@ -29,7 +29,7 @@ class_exists(ExpressionLanguageProvider::class);
      */
     class ExpressionLanguage extends BaseExpressionLanguage
     {
-        public function __construct(CacheItemPoolInterface $cache = null, array $providers = [])
+        public function __construct(?CacheItemPoolInterface $cache = null, array $providers = [])
         {
             // prepend the default provider to let users override it easily
             array_unshift($providers, new ExpressionLanguageProvider());

Authorization/Voter/ExpressionVoter.php

@@ -31,7 +31,7 @@ class ExpressionVoter implements CacheableVoterInterface
     private AuthorizationCheckerInterface $authChecker;
     private ?RoleHierarchyInterface $roleHierarchy;
 
-    public function __construct(ExpressionLanguage $expressionLanguage, AuthenticationTrustResolverInterface $trustResolver, AuthorizationCheckerInterface $authChecker, RoleHierarchyInterface $roleHierarchy = null)
+    public function __construct(ExpressionLanguage $expressionLanguage, AuthenticationTrustResolverInterface $trustResolver, AuthorizationCheckerInterface $authChecker, ?RoleHierarchyInterface $roleHierarchy = null)
     {
         $this->expressionLanguage = $expressionLanguage;
         $this->trustResolver = $trustResolver;

Encoder/NativePasswordEncoder.php

@@ -0,0 +1,38 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Encoder;
+
+use Symfony\Component\PasswordHasher\Hasher\NativePasswordHasher;
+
+trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use "%s" instead.', NativePasswordEncoder::class, NativePasswordHasher::class);
+
+/**
+ * Hashes passwords using password_hash().
+ *
+ * @author Elnur Abdurrakhimov <elnur@elnur.pro>
+ * @author Terje Bråten <terje@braten.be>
+ * @author Nicolas Grekas <p@tchwork.com>
+ *
+ * @deprecated since Symfony 5.3, use {@link NativePasswordHasher} instead
+ */
+final class NativePasswordEncoder implements PasswordEncoderInterface, SelfSaltingEncoderInterface
+{
+    use LegacyEncoderTrait;
+
+    /**
+     * @param string|null $algo An algorithm supported by password_hash() or null to use the stronger available algorithm
+     */
+    public function __construct(?int $opsLimit = null, ?int $memLimit = null, ?int $cost = null, ?string $algo = null)
+    {
+        $this->hasher = new NativePasswordHasher($opsLimit, $memLimit, $cost, $algo);
+    }
+}

Encoder/PasswordHasherAdapter.php

@@ -0,0 +1,46 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Encoder;
+
+use Symfony\Component\PasswordHasher\LegacyPasswordHasherInterface;
+
+/**
+ * Forward compatibility for new new PasswordHasher component.
+ *
+ * @author Alexander M. Turek <me@derrabus.de>
+ *
+ * @internal To be removed in Symfony 6
+ */
+final class PasswordHasherAdapter implements LegacyPasswordHasherInterface
+{
+    private $passwordEncoder;
+
+    public function __construct(PasswordEncoderInterface $passwordEncoder)
+    {
+        $this->passwordEncoder = $passwordEncoder;
+    }
+
+    public function hash(string $plainPassword, ?string $salt = null): string
+    {
+        return $this->passwordEncoder->encodePassword($plainPassword, $salt);
+    }
+
+    public function verify(string $hashedPassword, string $plainPassword, ?string $salt = null): bool
+    {
+        return $this->passwordEncoder->isPasswordValid($hashedPassword, $plainPassword, $salt);
+    }
+
+    public function needsRehash(string $hashedPassword): bool
+    {
+        return $this->passwordEncoder->needsRehash($hashedPassword);
+    }
+}

Encoder/SodiumPasswordEncoder.php

@@ -0,0 +1,40 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Encoder;
+
+use Symfony\Component\PasswordHasher\Hasher\SodiumPasswordHasher;
+
+trigger_deprecation('symfony/security-core', '5.3', 'The "%s" class is deprecated, use "%s" instead.', SodiumPasswordEncoder::class, SodiumPasswordHasher::class);
+
+/**
+ * Hashes passwords using libsodium.
+ *
+ * @author Robin Chalas <robin.chalas@gmail.com>
+ * @author Zan Baldwin <hello@zanbaldwin.com>
+ * @author Dominik Müller <dominik.mueller@jkweb.ch>
+ *
+ * @deprecated since Symfony 5.3, use {@link SodiumPasswordHasher} instead
+ */
+final class SodiumPasswordEncoder implements PasswordEncoderInterface, SelfSaltingEncoderInterface
+{
+    use LegacyEncoderTrait;
+
+    public function __construct(?int $opsLimit = null, ?int $memLimit = null)
+    {
+        $this->hasher = new SodiumPasswordHasher($opsLimit, $memLimit);
+    }
+
+    public static function isSupported(): bool
+    {
+        return SodiumPasswordHasher::isSupported();
+    }
+}

Exception/AccessDeniedException.php

@@ -24,7 +24,7 @@ class AccessDeniedException extends RuntimeException
     private array $attributes = [];
     private mixed $subject = null;
 
-    public function __construct(string $message = 'Access Denied.', \Throwable $previous = null, int $code = 403)
+    public function __construct(string $message = 'Access Denied.', ?\Throwable $previous = null, int $code = 403)
     {
         parent::__construct($message, $code, $previous);
     }

Exception/AuthenticationException.php

@@ -28,7 +28,7 @@ class AuthenticationException extends RuntimeException
 
     private ?TokenInterface $token = null;
 
-    public function __construct(string $message = '', int $code = 0, \Throwable $previous = null)
+    public function __construct(string $message = '', int $code = 0, ?\Throwable $previous = null)
     {
         unset($this->serialized);
         parent::__construct($message, $code, $previous);

Exception/CustomUserMessageAccountStatusException.php

@@ -26,7 +26,7 @@ class CustomUserMessageAccountStatusException extends AccountStatusException
     private string $messageKey;
     private array $messageData = [];
 
-    public function __construct(string $message = '', array $messageData = [], int $code = 0, \Throwable $previous = null)
+    public function __construct(string $message = '', array $messageData = [], int $code = 0, ?\Throwable $previous = null)
     {
         parent::__construct($message, $code, $previous);
 

Exception/CustomUserMessageAuthenticationException.php

@@ -25,7 +25,7 @@ class CustomUserMessageAuthenticationException extends AuthenticationException
     private string $messageKey;
     private array $messageData = [];
 
-    public function __construct(string $message = '', array $messageData = [], int $code = 0, \Throwable $previous = null)
+    public function __construct(string $message = '', array $messageData = [], int $code = 0, ?\Throwable $previous = null)
     {
         parent::__construct($message, $code, $previous);
 

Exception/LogoutException.php

@@ -18,7 +18,7 @@
  */
 class LogoutException extends RuntimeException
 {
-    public function __construct(string $message = 'Logout Exception', \Throwable $previous = null)
+    public function __construct(string $message = 'Logout Exception', ?\Throwable $previous = null)
     {
         parent::__construct($message, 403, $previous);
     }

Exception/TooManyLoginAttemptsAuthenticationException.php

@@ -21,7 +21,7 @@ class TooManyLoginAttemptsAuthenticationException extends AuthenticationExceptio
 {
     private ?int $threshold;
 
-    public function __construct(int $threshold = null)
+    public function __construct(?int $threshold = null)
     {
         $this->threshold = $threshold;
     }

Signature/SignatureHasher.php

@@ -35,7 +35,7 @@ class SignatureHasher
      * @param ExpiredSignatureStorage|null $expiredSignaturesStorage If provided, secures a sequence of hashes that are expired
      * @param int|null                     $maxUses                  Used together with $expiredSignatureStorage to allow a maximum usage of a hash
      */
-    public function __construct(PropertyAccessorInterface $propertyAccessor, array $signatureProperties, #[\SensitiveParameter] string $secret, ExpiredSignatureStorage $expiredSignaturesStorage = null, int $maxUses = null)
+    public function __construct(PropertyAccessorInterface $propertyAccessor, array $signatureProperties, #[\SensitiveParameter] string $secret, ?ExpiredSignatureStorage $expiredSignaturesStorage = null, ?int $maxUses = null)
     {
         $this->propertyAccessor = $propertyAccessor;
         $this->signatureProperties = $signatureProperties;

Tests/Authentication/Token/AbstractTokenTest.php

@@ -98,7 +98,7 @@ class ConcreteToken extends AbstractToken
 {
     private $credentials = 'credentials_value';
 
-    public function __construct(array $roles = [], UserInterface $user = null)
+    public function __construct(array $roles = [], ?UserInterface $user = null)
     {
         parent::__construct($roles);
 

Validator/Constraints/UserPassword.php

@@ -29,7 +29,7 @@ class UserPassword extends Constraint
     public $message = 'This value should be the user\'s current password.';
     public $service = 'security.validator.user_password';
 
-    public function __construct(array $options = null, string $message = null, string $service = null, array $groups = null, mixed $payload = null)
+    public function __construct(?array $options = null, ?string $message = null, ?string $service = null, ?array $groups = null, mixed $payload = null)
     {
         parent::__construct($options, $groups, $payload);