Merge branch '5.4' into 6.3

* 5.4:
  Fix implicitly-required parameters
  List CS fix in .git-blame-ignore-revs
  Apply php-cs-fixer fix --rules nullable_type_declaration_for_default_null_value
  [Messenger][AmazonSqs] Allow async-aws/sqs version 2

Author: nicolas-grekas

Diff for: DataCollector/SecurityDataCollector.php

@@ -44,7 +44,7 @@ class SecurityDataCollector extends DataCollector implements LateDataCollectorIn
     private ?TraceableFirewallListener $firewall;
     private bool $hasVarDumper;
 
-    public function __construct(TokenStorageInterface $tokenStorage = null, RoleHierarchyInterface $roleHierarchy = null, LogoutUrlGenerator $logoutUrlGenerator = null, AccessDecisionManagerInterface $accessDecisionManager = null, FirewallMapInterface $firewallMap = null, TraceableFirewallListener $firewall = null)
+    public function __construct(?TokenStorageInterface $tokenStorage = null, ?RoleHierarchyInterface $roleHierarchy = null, ?LogoutUrlGenerator $logoutUrlGenerator = null, ?AccessDecisionManagerInterface $accessDecisionManager = null, ?FirewallMapInterface $firewallMap = null, ?TraceableFirewallListener $firewall = null)
     {
         $this->tokenStorage = $tokenStorage;
         $this->roleHierarchy = $roleHierarchy;
@@ -55,7 +55,7 @@ public function __construct(TokenStorageInterface $tokenStorage = null, RoleHier
         $this->hasVarDumper = class_exists(ClassStub::class);
     }
 
-    public function collect(Request $request, Response $response, \Throwable $exception = null): void
+    public function collect(Request $request, Response $response, ?\Throwable $exception = null): void
     {
         if (null === $this->tokenStorage) {
             $this->data = [

Diff for: DependencyInjection/SecurityExtension.php

@@ -937,7 +937,7 @@ private function createExpression(ContainerBuilder $container, string $expressio
         return $this->expressions[$id] = new Reference($id);
     }
 
-    private function createRequestMatcher(ContainerBuilder $container, string $path = null, string $host = null, int $port = null, array $methods = [], array $ips = null, array $attributes = []): Reference
+    private function createRequestMatcher(ContainerBuilder $container, ?string $path = null, ?string $host = null, ?int $port = null, array $methods = [], ?array $ips = null, array $attributes = []): Reference
     {
         if ($methods) {
             $methods = array_map('strtoupper', $methods);

Diff for: LoginLink/FirewallAwareLoginLinkHandler.php

@@ -38,7 +38,7 @@ public function __construct(FirewallMap $firewallMap, ContainerInterface $loginL
         $this->requestStack = $requestStack;
     }
 
-    public function createLoginLink(UserInterface $user, Request $request = null, int $lifetime = null): LoginLinkDetails
+    public function createLoginLink(UserInterface $user, ?Request $request = null, ?int $lifetime = null): LoginLinkDetails
     {
         return $this->getForFirewall()->createLoginLink($user, $request, $lifetime);
     }

Diff for: Security.php

@@ -59,7 +59,7 @@ public function getFirewallConfig(Request $request): ?FirewallConfig
      *
      * @return Response|null The authenticator success response if any
      */
-    public function login(UserInterface $user, string $authenticatorName = null, string $firewallName = null): ?Response
+    public function login(UserInterface $user, ?string $authenticatorName = null, ?string $firewallName = null): ?Response
     {
         $request = $this->container->get('request_stack')->getCurrentRequest();
         if (null === $request) {

Diff for: Security/FirewallContext.php

@@ -30,7 +30,7 @@ class FirewallContext
     /**
      * @param iterable<mixed, callable> $listeners
      */
-    public function __construct(iterable $listeners, ExceptionListener $exceptionListener = null, LogoutListener $logoutListener = null, FirewallConfig $config = null)
+    public function __construct(iterable $listeners, ?ExceptionListener $exceptionListener = null, ?LogoutListener $logoutListener = null, ?FirewallConfig $config = null)
     {
         $this->listeners = $listeners;
         $this->exceptionListener = $exceptionListener;

Diff for: Tests/DataCollector/SecurityDataCollectorTest.php

@@ -227,7 +227,7 @@ public function testCollectCollectsDecisionLogWhenStrategyIsAffirmative()
         $voter2 = new DummyVoter();
 
         $decoratedVoter1 = new TraceableVoter($voter1, new class() implements EventDispatcherInterface {
-            public function dispatch(object $event, string $eventName = null): object
+            public function dispatch(object $event, ?string $eventName = null): object
             {
                 return new \stdClass();
             }
@@ -302,7 +302,7 @@ public function testCollectCollectsDecisionLogWhenStrategyIsUnanimous()
         $voter2 = new DummyVoter();
 
         $decoratedVoter1 = new TraceableVoter($voter1, new class() implements EventDispatcherInterface {
-            public function dispatch(object $event, string $eventName = null): object
+            public function dispatch(object $event, ?string $eventName = null): object
             {
                 return new \stdClass();
             }

Diff for: Tests/DependencyInjection/Compiler/RegisterEntryPointsPassTest.php

@@ -93,7 +93,7 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio
         ], JsonResponse::HTTP_FORBIDDEN);
     }
 
-    public function start(Request $request, AuthenticationException $authException = null): Response
+    public function start(Request $request, ?AuthenticationException $authException = null): Response
     {
     }
 }

Diff for: Tests/Functional/Bundle/AnonymousBundle/AppCustomAuthenticator.php

@@ -0,0 +1,57 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AnonymousBundle;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
+
+class AppCustomAuthenticator extends AbstractGuardAuthenticator
+{
+    public function supports(Request $request): bool
+    {
+        return false;
+    }
+
+    public function getCredentials(Request $request)
+    {
+    }
+
+    public function getUser($credentials, UserProviderInterface $userProvider): ?UserInterface
+    {
+    }
+
+    public function checkCredentials($credentials, UserInterface $user): bool
+    {
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): ?Response
+    {
+    }
+
+    public function start(Request $request, ?AuthenticationException $authException = null): Response
+    {
+        return new Response($authException->getMessage(), Response::HTTP_UNAUTHORIZED);
+    }
+
+    public function supportsRememberMe(): bool
+    {
+    }
+}

Diff for: Tests/Functional/Bundle/FirewallEntryPointBundle/Security/EntryPointStub.php

@@ -20,7 +20,7 @@ class EntryPointStub implements AuthenticationEntryPointInterface
 {
     public const RESPONSE_TEXT = '2be8e651259189d841a19eecdf37e771e2431741';
 
-    public function start(Request $request, AuthenticationException $authException = null): Response
+    public function start(Request $request, ?AuthenticationException $authException = null): Response
     {
         return new Response(self::RESPONSE_TEXT);
     }

Diff for: Tests/Functional/Bundle/FormLoginBundle/Controller/LoginController.php

@@ -29,7 +29,7 @@ public function __construct(ContainerInterface $container)
         $this->container = $container;
     }
 
-    public function loginAction(Request $request, UserInterface $user = null)
+    public function loginAction(Request $request, ?UserInterface $user = null)
     {
         // get the login error if there is one
         if ($request->attributes->has(SecurityRequestAttributes::AUTHENTICATION_ERROR)) {

Diff for: Tests/Functional/Bundle/GuardedBundle/AppCustomAuthenticator.php

@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
+
+class AppCustomAuthenticator extends AbstractGuardAuthenticator
+{
+    public function supports(Request $request): bool
+    {
+        return '/manual_login' !== $request->getPathInfo() && '/profile' !== $request->getPathInfo();
+    }
+
+    public function getCredentials(Request $request)
+    {
+        throw new AuthenticationException('This should be hit');
+    }
+
+    public function getUser($credentials, UserProviderInterface $userProvider): ?UserInterface
+    {
+    }
+
+    public function checkCredentials($credentials, UserInterface $user): bool
+    {
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+        return new Response('', 418);
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): ?Response
+    {
+    }
+
+    public function start(Request $request, ?AuthenticationException $authException = null): Response
+    {
+        return new Response($authException->getMessage(), Response::HTTP_UNAUTHORIZED);
+    }
+
+    public function supportsRememberMe(): bool
+    {
+    }
+}

Diff for: Tests/Functional/Bundle/GuardedBundle/AuthenticationController.php

@@ -0,0 +1,38 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
+use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken;
+
+class AuthenticationController
+{
+    public function manualLoginAction(GuardAuthenticatorHandler $guardAuthenticatorHandler, Request $request)
+    {
+        $guardAuthenticatorHandler->authenticateWithToken(new PostAuthenticationGuardToken(new InMemoryUser('Jane', 'test', ['ROLE_USER']), 'secure', ['ROLE_USER']), $request, 'secure');
+
+        return new Response('Logged in.');
+    }
+
+    public function profileAction(?UserInterface $user = null)
+    {
+        if (null === $user) {
+            return new Response('Not logged in.');
+        }
+
+        return new Response('Username: '.$user->getUserIdentifier());
+    }
+}