Merge branch '4.4' into 5.2

* 4.4:
  [CI][Psalm] Install stable/released PHPUnit
  [Security] Add missing Finnish translations
  [Security][Guard] Prevent user enumeration via response content

Author: nicolas-grekas

Authentication/Provider/UserAuthenticationProvider.php

@@ -14,6 +14,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@@ -79,7 +80,7 @@ public function authenticate(TokenInterface $token)
             $this->userChecker->checkPreAuth($user);
             $this->checkAuthentication($user, $token);
             $this->userChecker->checkPostAuth($user);
-        } catch (BadCredentialsException $e) {
+        } catch (AccountStatusException $e) {
             if ($this->hideUserNotFoundExceptions) {
                 throw new BadCredentialsException('Bad credentials.', 0, $e);
             }

Resources/translations/security.fi.xlf

@@ -70,6 +70,14 @@
                 <source>Invalid or expired login link.</source>
                 <target>Virheellinen tai vanhentunut kirjautumislinkki.</target>
             </trans-unit>
+            <trans-unit id="19">
+                <source>Too many failed login attempts, please try again in %minutes% minute.</source>
+                <target>Liian monta epäonnistunutta kirjautumisyritystä, yritä uudelleen %minutes% minuutin kuluttua.</target>
+            </trans-unit>
+            <trans-unit id="20">
+                <source>Too many failed login attempts, please try again in %minutes% minutes.</source>
+                <target>Liian monta epäonnistunutta kirjautumisyritystä, yritä uudelleen %minutes% minuutin kuluttua.</target>
+            </trans-unit>
         </body>
     </file>
 </xliff>

Tests/Authentication/Provider/UserAuthenticationProviderTest.php

@@ -82,7 +82,7 @@ public function testAuthenticateWhenProviderDoesNotReturnAnUserInterface()
 
     public function testAuthenticateWhenPreChecksFails()
     {
-        $this->expectException(CredentialsExpiredException::class);
+        $this->expectException(BadCredentialsException::class);
         $userChecker = $this->createMock(UserCheckerInterface::class);
         $userChecker->expects($this->once())
                     ->method('checkPreAuth')
@@ -100,7 +100,7 @@ public function testAuthenticateWhenPreChecksFails()
 
     public function testAuthenticateWhenPostChecksFails()
     {
-        $this->expectException(AccountExpiredException::class);
+        $this->expectException(BadCredentialsException::class);
         $userChecker = $this->createMock(UserCheckerInterface::class);
         $userChecker->expects($this->once())
                     ->method('checkPostAuth')
@@ -127,7 +127,7 @@ public function testAuthenticateWhenPostCheckAuthenticationFails()
         ;
         $provider->expects($this->once())
                  ->method('checkAuthentication')
-                 ->willThrowException(new BadCredentialsException())
+                 ->willThrowException(new CredentialsExpiredException())
         ;
 
         $provider->authenticate($this->getSupportedToken());