Merge branch '6.0' into 6.1

* 6.0:
  [Serializer] Fix denormalizing union types
  [HttpFoundation] Remove obsolete override
  bug symfony#42637 [Security] Fixed TOCTOU in RememberMe cache token verifier
  Fix compatibility of ldap 6.0 with security 5.x
  Add missing upgrade note for ldap
  [Mailer] Preserve case of headers

Author: nicolas-grekas

Diff for: UPGRADE-6.0.md

@@ -146,6 +146,11 @@ Inflector
 
  * The component has been removed, use `EnglishInflector` from the String component instead.
 
+Ldap
+----
+
+ * Remove `LdapAuthenticator::createAuthenticatedToken()`, use `LdapAuthenticator::createToken()` instead
+
 Lock
 ----
 

Diff for: src/Symfony/Component/HttpFoundation/InputBag.php

@@ -40,14 +40,6 @@ public function get(string $key, mixed $default = null): string|int|float|bool|n
         return $this === $value ? $default : $value;
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function all(string $key = null): array
-    {
-        return parent::all($key);
-    }
-
     /**
      * Replaces the current input values by a new set.
      */

Diff for: src/Symfony/Component/Ldap/Security/LdapAuthenticator.php

@@ -18,6 +18,7 @@
 use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
 use Symfony\Component\Security\Http\Authenticator\InteractiveAuthenticatorInterface;
 use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Security\Http\EntryPoint\Exception\NotAnEntryPointException;
 
@@ -64,6 +65,14 @@ public function authenticate(Request $request): Passport
         return $passport;
     }
 
+    /**
+     * @internal
+     */
+    public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
+    {
+        throw new \BadMethodCallException(sprintf('The "%s()" method cannot be called.', __METHOD__));
+    }
+
     public function createToken(Passport $passport, string $firewallName): TokenInterface
     {
         return $this->authenticator->createToken($passport, $firewallName);

Diff for: src/Symfony/Component/Ldap/Tests/Security/LdapAuthenticatorTest.php

@@ -0,0 +1,45 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Ldap\Tests\Security;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Ldap\Security\LdapAuthenticator;
+use Symfony\Component\Ldap\Security\LdapBadge;
+use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+
+class LdapAuthenticatorTest extends TestCase
+{
+    public function testAuthenticate()
+    {
+        $decorated = $this->createMock(AuthenticatorInterface::class);
+        $passport = new Passport(new UserBadge('test'), new PasswordCredentials('s3cret'));
+        $decorated
+            ->expects($this->once())
+            ->method('authenticate')
+            ->willReturn($passport)
+        ;
+
+        $authenticator = new LdapAuthenticator($decorated, 'serviceId');
+        $request = new Request();
+
+        $authenticator->authenticate($request);
+
+        /** @var LdapBadge $badge */
+        $badge = $passport->getBadge(LdapBadge::class);
+        $this->assertNotNull($badge);
+        $this->assertSame('serviceId', $badge->getLdapServiceId());
+    }
+}

Diff for: src/Symfony/Component/Ldap/composer.json

@@ -21,7 +21,8 @@
         "symfony/options-resolver": "^5.4|^6.0"
     },
     "require-dev": {
-        "symfony/security-core": "^5.4|^6.0"
+        "symfony/security-core": "^5.4|^6.0",
+        "symfony/security-http": "^5.4|^6.0"
     },
     "conflict": {
         "symfony/options-resolver": "<5.4",

Diff for: src/Symfony/Component/Mailer/Bridge/Mailchimp/Transport/MandrillApiTransport.php

@@ -138,7 +138,7 @@ private function getPayload(Email $email, Envelope $envelope): array
                 continue;
             }
 
-            $payload['message']['headers'][$name] = $header->getBodyAsString();
+            $payload['message']['headers'][$header->getName()] = $header->getBodyAsString();
         }
 
         return $payload;

Diff for: src/Symfony/Component/Mailer/Bridge/Mailgun/Tests/Transport/MailgunApiTransportTest.php

@@ -75,8 +75,8 @@ public function testCustomHeader()
         $method = new \ReflectionMethod(MailgunApiTransport::class, 'getPayload');
         $payload = $method->invoke($transport, $email, $envelope);
 
-        $this->assertArrayHasKey('h:x-mailgun-variables', $payload);
-        $this->assertEquals($json, $payload['h:x-mailgun-variables']);
+        $this->assertArrayHasKey('h:X-Mailgun-Variables', $payload);
+        $this->assertEquals($json, $payload['h:X-Mailgun-Variables']);
 
         $this->assertArrayHasKey('h:foo', $payload);
         $this->assertEquals('foo-value', $payload['h:foo']);
@@ -254,10 +254,10 @@ public function testTagAndMetadataHeaders()
         $transport = new MailgunApiTransport('ACCESS_KEY', 'DOMAIN');
         $method = new \ReflectionMethod(MailgunApiTransport::class, 'getPayload');
         $payload = $method->invoke($transport, $email, $envelope);
-        $this->assertArrayHasKey('h:x-mailgun-variables', $payload);
-        $this->assertEquals($json, $payload['h:x-mailgun-variables']);
-        $this->assertArrayHasKey('h:custom-header', $payload);
-        $this->assertEquals('value', $payload['h:custom-header']);
+        $this->assertArrayHasKey('h:X-Mailgun-Variables', $payload);
+        $this->assertEquals($json, $payload['h:X-Mailgun-Variables']);
+        $this->assertArrayHasKey('h:Custom-Header', $payload);
+        $this->assertEquals('value', $payload['h:Custom-Header']);
         $this->assertArrayHasKey(0, $payload);
         $this->assertArrayHasKey(1, $payload);
         $this->assertSame('password-reset', $payload[0]['o:tag']);

Diff for: src/Symfony/Component/Mailer/Bridge/Mailgun/Transport/MailgunApiTransport.php

@@ -137,9 +137,9 @@ private function getPayload(Email $email, Envelope $envelope): array
             // Check if it is a valid prefix or header name according to Mailgun API
             $prefix = substr($name, 0, 2);
             if (\in_array($prefix, ['h:', 't:', 'o:', 'v:']) || \in_array($name, ['recipient-variables', 'template', 'amp-html'])) {
-                $headerName = $name;
+                $headerName = $header->getName();
             } else {
-                $headerName = 'h:'.$name;
+                $headerName = 'h:'.$header->getName();
             }
 
             $payload[$headerName] = $header->getBodyAsString();

Diff for: src/Symfony/Component/Mailer/Bridge/OhMySmtp/Transport/OhMySmtpApiTransport.php

@@ -103,7 +103,7 @@ private function getPayload(Email $email, Envelope $envelope): array
             }
 
             $payload['Headers'][] = [
-                'Name' => $name,
+                'Name' => $header->getName(),
                 'Value' => $header->getBodyAsString(),
             ];
         }

Diff for: src/Symfony/Component/Mailer/Bridge/Postmark/Transport/PostmarkApiTransport.php

@@ -120,7 +120,7 @@ private function getPayload(Email $email, Envelope $envelope): array
             }
 
             $payload['Headers'][] = [
-                'Name' => $name,
+                'Name' => $header->getName(),
                 'Value' => $header->getBodyAsString(),
             ];
         }

Diff for: src/Symfony/Component/Mailer/Bridge/Sendgrid/Transport/SendgridApiTransport.php

@@ -133,7 +133,7 @@ private function getPayload(Email $email, Envelope $envelope): array
             } elseif ($header instanceof MetadataHeader) {
                 $customArguments[$header->getKey()] = $header->getValue();
             } else {
-                $payload['headers'][$name] = $header->getBodyAsString();
+                $payload['headers'][$header->getName()] = $header->getBodyAsString();
             }
         }
 

Diff for: src/Symfony/Component/Mailer/Bridge/Sendinblue/Transport/SendinblueApiTransport.php

@@ -161,7 +161,7 @@ private function prepareHeadersAndTags(Headers $headers): array
 
                 continue;
             }
-            $headersAndTags['headers'][$name] = $header->getBodyAsString();
+            $headersAndTags['headers'][$header->getName()] = $header->getBodyAsString();
         }
 
         return $headersAndTags;

Diff for: src/Symfony/Component/Mailer/CHANGELOG.md

@@ -4,7 +4,7 @@ CHANGELOG
 6.1
 ---
 
-* Make `start()` and `stop()` methods public on `SmtpTransport`
+ * Make `start()` and `stop()` methods public on `SmtpTransport`
 
 6.0
 ---

Diff for: src/Symfony/Component/Security/Core/Authentication/RememberMe/CacheTokenVerifier.php

@@ -45,11 +45,11 @@ public function verifyToken(PersistentTokenInterface $token, string $tokenValue)
         }
 
         $cacheKey = $this->getCacheKey($token);
-        if (!$this->cache->hasItem($cacheKey)) {
+        $item = $this->cache->getItem($cacheKey);
+        if (!$item->isHit()) {
             return false;
         }
 
-        $item = $this->cache->getItem($cacheKey);
         $outdatedToken = $item->get();
 
         return hash_equals($outdatedToken, $tokenValue);