Merge branch '6.4' into 7.3

* 6.4:
  Fix inline var annotations
  [Console][Table] Don't split grapheme clusters
  [FrameworkBundle] Fix block type from `OK` to `ERROR` when local vault is disabled in `SecretsGenerateKeysCommand`
  [FrameworkBundle] Add tests for `secrets:decrypt-to-local`, `encrypt-from-local`, and `generate-keys` commands
  Reflection*::setAccessible() has no effect as of PHP 8.1

Author: nicolas-grekas

src/Symfony/Bridge/PhpUnit/CoverageListener.php

@@ -86,7 +86,9 @@ public function startTest(Test $test): void
     private function addCoversForClassToAnnotationCache(Test $test, array $covers): void
     {
         $r = new \ReflectionProperty(TestUtil::class, 'annotationCache');
-        $r->setAccessible(true);
+        if (\PHP_VERSION_ID < 80100) {
+            $r->setAccessible(true);
+        }
 
         $cache = $r->getValue();
         $cache = array_replace_recursive($cache, [
@@ -103,7 +105,9 @@ private function addCoversForDocBlockInsideRegistry(Test $test, array $covers):
         $docBlock = Registry::getInstance()->forClassName(\get_class($test));
 
         $symbolAnnotations = new \ReflectionProperty($docBlock, 'symbolAnnotations');
-        $symbolAnnotations->setAccessible(true);
+        if (\PHP_VERSION_ID < 80100) {
+            $symbolAnnotations->setAccessible(true);
+        }
 
         // Exclude internal classes; PHPUnit 9.1+ is picky about tests covering, say, a \RuntimeException
         $covers = array_filter($covers, function (string $class) {

src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler/Deprecation.php

@@ -389,7 +389,9 @@ public function toString(): string
     {
         $exception = new \Exception($this->message);
         $reflection = new \ReflectionProperty($exception, 'trace');
-        $reflection->setAccessible(true);
+        if (\PHP_VERSION_ID < 80100) {
+            $reflection->setAccessible(true);
+        }
         $reflection->setValue($exception, $this->trace);
 
         return ($this->originatesFromAnObject() ? 'deprecation triggered by '.$this->originatingClass().'::'.$this->originatingMethod().":\n" : '')

src/Symfony/Bridge/PhpUnit/Legacy/SymfonyTestsListenerTrait.php

@@ -357,7 +357,9 @@ private function willBeIsolated(TestCase $test): bool
         }
 
         $r = new \ReflectionProperty($test, 'runTestInSeparateProcess');
-        $r->setAccessible(true);
+        if (\PHP_VERSION_ID < 80100) {
+            $r->setAccessible(true);
+        }
 
         return $r->getValue($test) ?? false;
     }

src/Symfony/Bridge/PhpUnit/Tests/DeprecationErrorHandler/DeprecationTest.php

@@ -275,7 +275,9 @@ public static function setUpBeforeClass(): void
                     $loader = require $v.'/autoload.php';
                     $reflection = new \ReflectionClass($loader);
                     $prop = $reflection->getProperty('prefixDirsPsr4');
-                    $prop->setAccessible(true);
+                    if (\PHP_VERSION_ID < 80100) {
+                        $prop->setAccessible(true);
+                    }
                     $currentValue = $prop->getValue($loader);
                     self::$prefixDirsPsr4[] = [$prop, $loader, $currentValue];
                     $currentValue['Symfony\\Bridge\\PhpUnit\\'] = [realpath(__DIR__.'/../..')];

src/Symfony/Bundle/FrameworkBundle/Command/SecretsGenerateKeysCommand.php

@@ -63,7 +63,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         $vault = $input->getOption('local') ? $this->localVault : $this->vault;
 
         if (null === $vault) {
-            $io->success('The local vault is disabled.');
+            $io->error('The local vault is disabled.');
 
             return 1;
         }

src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsDecryptToLocalCommandTest.php

@@ -0,0 +1,95 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\FrameworkBundle\Command\SecretsDecryptToLocalCommand;
+use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
+use Symfony\Component\Console\Tester\CommandTester;
+use Symfony\Component\Filesystem\Filesystem;
+
+/**
+ * @requires extension sodium
+ */
+class SecretsDecryptToLocalCommandTest extends TestCase
+{
+    private string $mainDir;
+    private string $localDir;
+
+    protected function setUp(): void
+    {
+        $this->mainDir = sys_get_temp_dir().'/sf_secrets/main/';
+        $this->localDir = sys_get_temp_dir().'/sf_secrets/local/';
+
+        $fs = new Filesystem();
+        $fs->remove([$this->mainDir, $this->localDir]);
+
+        $mainVault = new SodiumVault($this->mainDir);
+        $mainVault->generateKeys();
+        $mainVault->seal('FOO_SECRET', 'super_secret_value');
+
+        $localVault = new SodiumVault($this->localDir);
+        $localVault->generateKeys();
+    }
+
+    protected function tearDown(): void
+    {
+        (new Filesystem())->remove([$this->mainDir, $this->localDir]);
+    }
+
+    public function testSecretsAreDecryptedAndStoredInLocalVault()
+    {
+        $mainVault = new SodiumVault($this->mainDir);
+        $localVault = new SodiumVault($this->localDir);
+        $tester = new CommandTester(new SecretsDecryptToLocalCommand($mainVault, $localVault));
+
+        $this->assertSame(0, $tester->execute([]));
+        $this->assertStringContainsString('1 secret found in the vault.', $tester->getDisplay());
+        $this->assertStringContainsString('Secret "FOO_SECRET" encrypted', $tester->getDisplay());
+
+        $this->assertArrayHasKey('FOO_SECRET', $localVault->list(true));
+        $this->assertSame('super_secret_value', $localVault->reveal('FOO_SECRET'));
+    }
+
+    public function testExistingLocalSecretsAreSkippedWithoutForce()
+    {
+        $mainVault = new SodiumVault($this->mainDir);
+        $localVault = new SodiumVault($this->localDir);
+        $localVault->seal('FOO_SECRET', 'old_value');
+        $tester = new CommandTester(new SecretsDecryptToLocalCommand($mainVault, $localVault));
+
+        $this->assertSame(0, $tester->execute([]));
+        $this->assertStringContainsString('1 secret is already overridden in the local vault and will be skipped.', $tester->getDisplay());
+        $this->assertSame('old_value', $localVault->reveal('FOO_SECRET'));
+    }
+
+    public function testForceOptionOverridesLocalSecrets()
+    {
+        $mainVault = new SodiumVault($this->mainDir);
+        $localVault = new SodiumVault($this->localDir);
+        $localVault->seal('FOO_SECRET', 'old_value');
+        $tester = new CommandTester(new SecretsDecryptToLocalCommand($mainVault, $localVault));
+
+        $this->assertSame(0, $tester->execute(['--force' => true]));
+        $this->assertStringContainsString('Secret "FOO_SECRET" encrypted', $tester->getDisplay());
+        $this->assertSame('super_secret_value', $localVault->reveal('FOO_SECRET'));
+    }
+
+    public function testFailsGracefullyWhenLocalVaultIsDisabled()
+    {
+        $mainVault = new SodiumVault($this->mainDir);
+        $tester = new CommandTester(new SecretsDecryptToLocalCommand($mainVault, null));
+
+        $this->assertSame(1, $tester->execute([]));
+        $this->assertStringContainsString('The local vault is disabled.', $tester->getDisplay());
+    }
+}

src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsEncryptFromLocalCommandTest.php

@@ -0,0 +1,111 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\FrameworkBundle\Command\SecretsEncryptFromLocalCommand;
+use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
+use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
+use Symfony\Component\Console\Tester\CommandTester;
+use Symfony\Component\Filesystem\Filesystem;
+
+/**
+ * @requires extension sodium
+ */
+class SecretsEncryptFromLocalCommandTest extends TestCase
+{
+    private string $vaultDir;
+    private string $localVaultDir;
+    private Filesystem $fs;
+
+    protected function setUp(): void
+    {
+        $this->vaultDir = sys_get_temp_dir().'/sf_secrets/vault_'.uniqid();
+        $this->localVaultDir = sys_get_temp_dir().'/sf_secrets/local_'.uniqid();
+        $this->fs = new Filesystem();
+        $this->fs->remove([$this->vaultDir, $this->localVaultDir]);
+    }
+
+    protected function tearDown(): void
+    {
+        $this->fs->remove([$this->vaultDir, $this->localVaultDir]);
+    }
+
+    public function testFailsWhenLocalVaultIsDisabled()
+    {
+        $vault = $this->createMock(AbstractVault::class);
+        $command = new SecretsEncryptFromLocalCommand($vault, null);
+        $tester = new CommandTester($command);
+
+        $this->assertSame(1, $tester->execute([]));
+        $this->assertStringContainsString('The local vault is disabled.', $tester->getDisplay());
+    }
+
+    public function testEncryptsLocalOverrides()
+    {
+        $vault = new SodiumVault($this->vaultDir);
+        $vault->generateKeys();
+
+        $localVault = new SodiumVault($this->localVaultDir);
+        $localVault->generateKeys();
+
+        $vault->seal('MY_SECRET', 'prod-value');
+        $localVault->seal('MY_SECRET', 'local-value');
+
+        $command = new SecretsEncryptFromLocalCommand($vault, $localVault);
+        $tester = new CommandTester($command);
+
+        $exitCode = $tester->execute([]);
+        $this->assertSame(0, $exitCode);
+
+        $revealed = $vault->reveal('MY_SECRET');
+        $this->assertSame('local-value', $revealed);
+    }
+
+    public function testDoesNotSealIfSameValue()
+    {
+        $vault = new SodiumVault($this->vaultDir);
+        $vault->generateKeys();
+
+        $localVault = new SodiumVault($this->localVaultDir);
+        $localVault->generateKeys();
+
+        $vault->seal('SHARED_SECRET', 'same-value');
+        $localVault->seal('SHARED_SECRET', 'same-value');
+
+        $command = new SecretsEncryptFromLocalCommand($vault, $localVault);
+        $tester = new CommandTester($command);
+
+        $exitCode = $tester->execute([]);
+        $this->assertSame(0, $exitCode);
+
+        $revealed = $vault->reveal('SHARED_SECRET');
+        $this->assertSame('same-value', $revealed);
+    }
+
+    public function testFailsIfLocalSecretIsMissing()
+    {
+        $vault = new SodiumVault($this->vaultDir);
+        $vault->generateKeys();
+
+        $localVault = new SodiumVault($this->localVaultDir);
+        $localVault->generateKeys();
+
+        $vault->seal('MISSING_IN_LOCAL', 'prod-only');
+
+        $command = new SecretsEncryptFromLocalCommand($vault, $localVault);
+        $tester = new CommandTester($command);
+
+        $this->assertSame(1, $tester->execute([]));
+        $this->assertStringContainsString('Secret "MISSING_IN_LOCAL" not found', $tester->getDisplay());
+    }
+}

src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsGenerateKeysCommandTest.php

@@ -0,0 +1,90 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\FrameworkBundle\Command\SecretsGenerateKeysCommand;
+use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
+use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
+use Symfony\Component\Console\Tester\CommandTester;
+use Symfony\Component\Filesystem\Filesystem;
+
+/**
+ * @requires extension sodium
+ */
+class SecretsGenerateKeysCommandTest extends TestCase
+{
+    private string $secretsDir;
+    private const ENC_KEY_FILE = 'test.encrypt.public.php';
+    private const DEC_KEY_FILE = 'test.decrypt.private.php';
+
+    protected function setUp(): void
+    {
+        $this->secretsDir = sys_get_temp_dir().'/sf_secrets/test/';
+        (new Filesystem())->remove($this->secretsDir);
+    }
+
+    protected function tearDown(): void
+    {
+        (new Filesystem())->remove($this->secretsDir);
+    }
+
+    public function testItGeneratesSodiumKeys()
+    {
+        $vault = new SodiumVault($this->secretsDir);
+        $tester = new CommandTester(new SecretsGenerateKeysCommand($vault));
+
+        $this->assertSame(0, $tester->execute([]));
+        $this->assertKeysExistAndReadable();
+    }
+
+    public function testItRotatesSodiumKeysWhenRequested()
+    {
+        $vault = new SodiumVault($this->secretsDir);
+        $tester = new CommandTester(new SecretsGenerateKeysCommand($vault));
+
+        $this->assertSame(0, $tester->execute(['--rotate' => true]));
+        $this->assertKeysExistAndReadable();
+    }
+
+    public function testItFailsGracefullyWhenLocalVaultIsDisabled()
+    {
+        $vault = $this->createMock(AbstractVault::class);
+        $tester = new CommandTester(new SecretsGenerateKeysCommand($vault));
+
+        $this->assertSame(1, $tester->execute(['--local' => true]));
+        $this->assertStringContainsString('The local vault is disabled.', $tester->getDisplay());
+    }
+
+    public function testFailsWhenKeysAlreadyExistAndRotateNotPassed()
+    {
+        $vault = new SodiumVault($this->secretsDir);
+        $vault->generateKeys();
+
+        $command = new SecretsGenerateKeysCommand($vault);
+        $tester = new CommandTester($command);
+
+        $this->assertSame(1, $tester->execute([]));
+        $this->assertStringContainsString('Sodium keys already exist at', $tester->getDisplay());
+    }
+
+    private function assertKeysExistAndReadable(): void
+    {
+        $encPath = $this->secretsDir.'/'.self::ENC_KEY_FILE;
+        $decPath = $this->secretsDir.'/'.self::DEC_KEY_FILE;
+
+        $this->assertFileExists($encPath, 'Encryption key file does not exist.');
+        $this->assertFileExists($decPath, 'Decryption key file does not exist.');
+        $this->assertNotFalse(@file_get_contents($encPath), 'Encryption key file is not readable.');
+        $this->assertNotFalse(@file_get_contents($decPath), 'Decryption key file is not readable.');
+    }
+}

src/Symfony/Component/AssetMapper/ImportMap/Resolver/JsDelivrEsmResolver.php

@@ -184,6 +184,7 @@ public function downloadPackages(array $importMapEntries, ?callable $progressCal
         $errors = [];
         $contents = [];
         $extraFileResponses = [];
+        /** @var ImportMapEntry $entry */
         foreach ($responses as $package => [$response, $entry]) {
             if (200 !== $response->getStatusCode()) {
                 $errors[] = [$package, $response];
@@ -196,7 +197,6 @@ public function downloadPackages(array $importMapEntries, ?callable $progressCal
 
             $dependencies = [];
             $extraFiles = [];
-            /** @var ImportMapEntry $entry */
             $contents[$package] = [
                 'content' => $this->makeImportsBare($response->getContent(), $dependencies, $extraFiles, $entry->type, $entry->getPackagePathString()),
                 'dependencies' => $dependencies,

src/Symfony/Component/Console/Formatter/OutputFormatter.php

@@ -275,6 +275,6 @@ private function addLineBreaks(string $text, int $width): string
     {
         $encoding = mb_detect_encoding($text, null, true) ?: 'UTF-8';
 
-        return b($text)->toCodePointString($encoding)->wordwrap($width, "\n", true)->toByteString($encoding);
+        return b($text)->toUnicodeString($encoding)->wordwrap($width, "\n", true)->toByteString($encoding);
     }
 }