Merge 2.7 onto main

src/Metadata/ApiResource.php

@@ -19,6 +19,7 @@
  * Resource metadata attribute.
  *
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  */
 #[\Attribute(\Attribute::TARGET_CLASS | \Attribute::IS_REPEATABLE)]

src/Metadata/Resource/Factory/AlternateUriResourceMetadataCollectionFactory.php

@@ -17,6 +17,7 @@
 
 /**
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  */
 final class AlternateUriResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/AttributesResourceMetadataCollectionFactory.php

@@ -41,6 +41,7 @@
  * Creates a resource metadata from {@see ApiResource} annotations.
  *
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  */
 final class AttributesResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/ExtractorResourceMetadataCollectionFactory.php

@@ -31,6 +31,7 @@
  * Creates a resource metadata from {@see Resource} extractors (XML, YAML).
  *
  * @author Vincent Chalamon <[email protected]>
+ *
  * @experimental
  */
 final class ExtractorResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/FiltersResourceMetadataCollectionFactory.php

@@ -21,6 +21,7 @@
  * Creates a resource metadata from {@see Resource} annotations.
  *
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  */
 final class FiltersResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/FormatsResourceMetadataCollectionFactory.php

@@ -30,6 +30,7 @@
  *       * operation input/output formats
  *
  * @author Kévin Dunglas <[email protected]>
+ *
  * @experimental
  */
 final class FormatsResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/InputOutputResourceMetadataCollectionFactory.php

@@ -22,6 +22,7 @@
  * Transforms the given input/output metadata to a normalized one.
  *
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  */
 final class InputOutputResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/NotExposedOperationResourceMetadataCollectionFactory.php

@@ -27,6 +27,7 @@
  * This operation helps to generate resource IRI for items.
  *
  * @author Vincent Chalamon <[email protected]>
+ *
  * @experimental
  */
 final class NotExposedOperationResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/OperationNameResourceMetadataCollectionFactory.php

@@ -21,6 +21,7 @@
  * Creates a resource metadata from {@see Resource} annotations.
  *
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  */
 final class OperationNameResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/PhpDocResourceMetadataCollectionFactory.php

@@ -23,6 +23,7 @@
  * Extracts descriptions from PHPDoc.
  *
  * @author Kévin Dunglas <[email protected]>
+ *
  * @experimental
  */
 final class PhpDocResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/ResourceMetadataCollectionFactoryInterface.php

@@ -20,6 +20,7 @@
  * Creates a resource metadata value object.
  *
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  */
 interface ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/Factory/UriTemplateResourceMetadataCollectionFactory.php

@@ -24,6 +24,7 @@
 
 /**
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  */
 final class UriTemplateResourceMetadataCollectionFactory implements ResourceMetadataCollectionFactoryInterface

src/Metadata/Resource/ResourceMetadataCollection.php

@@ -21,6 +21,7 @@
 
 /**
  * @experimental
+ *
  * @extends \ArrayObject<int, ApiResource>
  */
 final class ResourceMetadataCollection extends \ArrayObject

src/Serializer/JsonEncoder.php

@@ -35,7 +35,7 @@ public function __construct(private readonly string $format, private ?BaseJsonEn
 
         $this->jsonEncoder = new BaseJsonEncoder(
             // Encode <, >, ', &, and " characters in the JSON, making it also safe to be embedded into HTML.
-            new JsonEncode(['json_encode_options' => \JSON_HEX_TAG | \JSON_HEX_APOS | \JSON_HEX_AMP | \JSON_HEX_QUOT | \JSON_UNESCAPED_UNICODE]),
+            new JsonEncode(['json_encode_options' => \JSON_HEX_TAG | \JSON_HEX_APOS | \JSON_HEX_AMP | \JSON_HEX_QUOT | \JSON_UNESCAPED_UNICODE | \JSON_INVALID_UTF8_IGNORE]),
             new JsonDecode(['json_decode_associative' => true])
         );
     }

src/State/ProcessorInterface.php

@@ -19,6 +19,7 @@
  * Process data: send an email, persist to storage, add to queue etc.
  *
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  */
 interface ProcessorInterface

src/State/ProviderInterface.php

@@ -19,6 +19,7 @@
  * Retrieves data from a persistence layer.
  *
  * @author Antoine Bluchet <[email protected]>
+ *
  * @experimental
  *
  * @template T of object

src/Symfony/Security/ResourceAccessChecker.php

@@ -37,9 +37,7 @@ public function isGranted(string $resourceClass, string $expression, array $extr
         if (null === $this->tokenStorage || null === $this->authenticationTrustResolver) {
             throw new \LogicException('The "symfony/security" library must be installed to use the "security" attribute.');
         }
-        if (null === $token = $this->tokenStorage->getToken()) {
-            $token = new NullToken();
-        }
+
         if (null === $this->expressionLanguage) {
             throw new \LogicException('The "symfony/expression-language" library must be installed to use the "security" attribute.');
         }
@@ -49,10 +47,12 @@ public function isGranted(string $resourceClass, string $expression, array $extr
             'auth_checker' => $this->authorizationChecker, // needed for the is_granted expression function
         ]);
 
-        if ($token) {
-            $variables = array_merge($variables, $this->getVariables($token));
+        if (null === $token = $this->tokenStorage->getToken()) {
+            $token = new NullToken();
         }
 
+        $variables = array_merge($variables, $this->getVariables($token));
+
         return (bool) $this->expressionLanguage->evaluate($expression, $variables);
     }
 

tests/Fixtures/DummyIgnoreProperty.php

@@ -27,6 +27,7 @@ class DummyIgnoreProperty
 
     /**
      * @Groups({"dummy"})
+     *
      * @Ignore
      */
     public $ignored;

tests/Serializer/JsonEncoderTest.php

@@ -51,4 +51,18 @@ public function testDecode(): void
     {
         $this->assertEquals(['foo' => 'bar'], $this->encoder->decode('{"foo":"bar"}', 'json'));
     }
+
+    public function testUTF8EncodedString(): void
+    {
+        $data = ['foo' => 'Über'];
+
+        $this->assertEquals('{"foo":"Über"}', $this->encoder->encode($data, 'json'));
+    }
+
+    public function testUTF8MalformedHandlingEncoding(): void
+    {
+        $data = ['foo' => pack('H*', 'B11111')];
+
+        $this->assertEquals('{"foo":"\u0011\u0011"}', $this->encoder->encode($data, 'json'));
+    }
 }

tests/Symfony/Bundle/DataCollector/RequestDataCollectorTest.php

@@ -205,7 +205,7 @@ private function apiResourceClassWillReturn(?string $data, array $context = []):
         $this->request->attributes = $this->attributes->reveal();
 
         if (!$data) {
-            $this->metadataFactory // @phpstan-ignore-line
+            $this->metadataFactory
                 ->create()
                 ->shouldNotBeCalled();
         } else {

tests/Symfony/Security/ResourceAccessCheckerTest.php

@@ -83,19 +83,7 @@ public function testExpressionLanguageNotInstalled(): void
         $checker->isGranted(Dummy::class, 'is_granted("ROLE_ADMIN")');
     }
 
-    public function testNotBehindAFirewall(): void
-    {
-        $this->expectException(\LogicException::class);
-        $this->expectExceptionMessage('The current token must be set to use the "security" attribute (is the URL behind a firewall?).');
-
-        $authenticationTrustResolverProphecy = $this->prophesize(AuthenticationTrustResolverInterface::class);
-        $tokenStorageProphecy = $this->prophesize(TokenStorageInterface::class);
-
-        $checker = new ResourceAccessChecker(null, $authenticationTrustResolverProphecy->reveal(), null, $tokenStorageProphecy->reveal());
-        $checker->isGranted(Dummy::class, 'is_granted("ROLE_ADMIN")');
-    }
-
-    public function testWithoutAuthenticationTokenAndExceptionOnNoTokenIsFalse(): void
+    public function testWithoutAuthenticationToken(): void
     {
         $expressionLanguageProphecy = $this->prophesize(ExpressionLanguage::class);
         $expressionLanguageProphecy->evaluate('is_granted("ROLE_ADMIN")', Argument::type('array'))->willReturn(true)->shouldBeCalled();
@@ -106,7 +94,7 @@ public function testWithoutAuthenticationTokenAndExceptionOnNoTokenIsFalse(): vo
 
         $tokenStorageProphecy->getToken()->willReturn(null);
 
-        $checker = new ResourceAccessChecker($expressionLanguageProphecy->reveal(), $authenticationTrustResolverProphecy->reveal(), null, $tokenStorageProphecy->reveal(), $authorizationCheckerProphecy->reveal(), false);
+        $checker = new ResourceAccessChecker($expressionLanguageProphecy->reveal(), $authenticationTrustResolverProphecy->reveal(), null, $tokenStorageProphecy->reveal(), $authorizationCheckerProphecy->reveal());
         self::assertTrue($checker->isGranted(Dummy::class, 'is_granted("ROLE_ADMIN")'));
     }
 }