Merge remote-tracking branch 'symfony-se/maker-bundle-userenum' into main

chalasr · chalasr · commit 4f57a44cef0b · 2021-05-12T16:01:20.000+02:00
* symfony-se/maker-bundle-userenum:
  [MakerBundle] Prevent user enumeration
diff --git a/src/Resources/skeleton/authenticator/LoginFormAuthenticator.tpl.php b/src/Resources/skeleton/authenticator/LoginFormAuthenticator.tpl.php
@@ -9,8 +9,8 @@
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 <?= $user_needs_encoder ? "use Symfony\\Component\\Security\\Core\\Encoder\\UserPasswordEncoderInterface;\n" : null ?>
-use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
 use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
+use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -73,8 +73,7 @@ public function getUser($credentials, UserProviderInterface $userProvider)
         \$user = \$userProvider->loadUserByUsername(\$credentials['$username_field']);\n"; ?>
 
         if (!$user) {
-            // fail authentication with a custom error
-            throw new CustomUserMessageAuthenticationException('<?= ucfirst($username_field_label) ?> could not be found.');
+            throw new UsernameNotFoundException('<?= ucfirst($username_field_label) ?> could not be found.');
         }
 
         return $user;
diff --git a/tests/fixtures/MakeRegistrationFormVerifyEmailFunctionalTest/src/Security/LoginFormAuthenticator.php b/tests/fixtures/MakeRegistrationFormVerifyEmailFunctionalTest/src/Security/LoginFormAuthenticator.php
@@ -9,8 +9,8 @@
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
-use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
 use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
+use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -70,7 +70,7 @@ public function getUser($credentials, UserProviderInterface $userProvider)
         $user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]);
 
         if (!$user) {
-            throw new CustomUserMessageAuthenticationException('Email could not be found.');
+            throw new UsernameNotFoundException('Email could not be found.');
         }
 
         return $user;
