Merge branch '4.4' into 5.2

* 4.4:
  [CI][Psalm] Install stable/released PHPUnit
  [Security] Add missing Finnish translations
  [Security][Guard] Prevent user enumeration via response content

Resources/config/guard.php

@@ -45,6 +45,7 @@
                 abstract_arg('Provider-shared Key'),
                 abstract_arg('Authenticators'),
                 service('logger')->nullOnInvalid(),
+                param('security.authentication.hide_user_not_found'),
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
     ;

Resources/config/security_authenticator.php

@@ -46,6 +46,7 @@
                 abstract_arg('provider key'),
                 service('logger')->nullOnInvalid(),
                 param('security.authentication.manager.erase_credentials'),
+                param('security.authentication.hide_user_not_found'),
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
 

Tests/Functional/AuthenticatorTest.php

@@ -40,7 +40,7 @@ public function testFirewallUserProvider($email, $withinFirewall)
         if ($withinFirewall) {
             $this->assertJsonStringEqualsJsonString('{"email":"'.$email.'"}', $client->getResponse()->getContent());
         } else {
-            $this->assertJsonStringEqualsJsonString('{"error":"Username could not be found."}', $client->getResponse()->getContent());
+            $this->assertJsonStringEqualsJsonString('{"error":"Invalid credentials."}', $client->getResponse()->getContent());
         }
     }
 

composer.json

@@ -54,6 +54,7 @@
         "symfony/console": "<4.4",
         "symfony/framework-bundle": "<4.4",
         "symfony/ldap": "<4.4",
+        "symfony/security-http": "<5.2.8",
         "symfony/twig-bundle": "<4.4"
     },
     "autoload": {