Merge branch '7.3' into 7.4

* 7.3:
  Fix inline var annotations
  fix expected stream to native value transformers
  [Console][Table] Don't split grapheme clusters
  [FrameworkBundle] Fix block type from `OK` to `ERROR` when local vault is disabled in `SecretsGenerateKeysCommand`
  [FrameworkBundle] Add tests for `secrets:decrypt-to-local`, `encrypt-from-local`, and `generate-keys` commands
  Reflection*::setAccessible() has no effect as of PHP 8.1

Author: nicolas-grekas

src/Symfony/Bundle/FrameworkBundle/Command/SecretsGenerateKeysCommand.php

@@ -63,7 +63,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         $vault = $input->getOption('local') ? $this->localVault : $this->vault;
 
         if (null === $vault) {
-            $io->success('The local vault is disabled.');
+            $io->error('The local vault is disabled.');
 
             return 1;
         }

src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsDecryptToLocalCommandTest.php

@@ -0,0 +1,94 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
+
+use PHPUnit\Framework\Attributes\RequiresPhpExtension;
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\FrameworkBundle\Command\SecretsDecryptToLocalCommand;
+use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
+use Symfony\Component\Console\Tester\CommandTester;
+use Symfony\Component\Filesystem\Filesystem;
+
+#[RequiresPhpExtension('sodium')]
+class SecretsDecryptToLocalCommandTest extends TestCase
+{
+    private string $mainDir;
+    private string $localDir;
+
+    protected function setUp(): void
+    {
+        $this->mainDir = sys_get_temp_dir().'/sf_secrets/main/';
+        $this->localDir = sys_get_temp_dir().'/sf_secrets/local/';
+
+        $fs = new Filesystem();
+        $fs->remove([$this->mainDir, $this->localDir]);
+
+        $mainVault = new SodiumVault($this->mainDir);
+        $mainVault->generateKeys();
+        $mainVault->seal('FOO_SECRET', 'super_secret_value');
+
+        $localVault = new SodiumVault($this->localDir);
+        $localVault->generateKeys();
+    }
+
+    protected function tearDown(): void
+    {
+        (new Filesystem())->remove([$this->mainDir, $this->localDir]);
+    }
+
+    public function testSecretsAreDecryptedAndStoredInLocalVault()
+    {
+        $mainVault = new SodiumVault($this->mainDir);
+        $localVault = new SodiumVault($this->localDir);
+        $tester = new CommandTester(new SecretsDecryptToLocalCommand($mainVault, $localVault));
+
+        $this->assertSame(0, $tester->execute([]));
+        $this->assertStringContainsString('1 secret found in the vault.', $tester->getDisplay());
+        $this->assertStringContainsString('Secret "FOO_SECRET" encrypted', $tester->getDisplay());
+
+        $this->assertArrayHasKey('FOO_SECRET', $localVault->list(true));
+        $this->assertSame('super_secret_value', $localVault->reveal('FOO_SECRET'));
+    }
+
+    public function testExistingLocalSecretsAreSkippedWithoutForce()
+    {
+        $mainVault = new SodiumVault($this->mainDir);
+        $localVault = new SodiumVault($this->localDir);
+        $localVault->seal('FOO_SECRET', 'old_value');
+        $tester = new CommandTester(new SecretsDecryptToLocalCommand($mainVault, $localVault));
+
+        $this->assertSame(0, $tester->execute([]));
+        $this->assertStringContainsString('1 secret is already overridden in the local vault and will be skipped.', $tester->getDisplay());
+        $this->assertSame('old_value', $localVault->reveal('FOO_SECRET'));
+    }
+
+    public function testForceOptionOverridesLocalSecrets()
+    {
+        $mainVault = new SodiumVault($this->mainDir);
+        $localVault = new SodiumVault($this->localDir);
+        $localVault->seal('FOO_SECRET', 'old_value');
+        $tester = new CommandTester(new SecretsDecryptToLocalCommand($mainVault, $localVault));
+
+        $this->assertSame(0, $tester->execute(['--force' => true]));
+        $this->assertStringContainsString('Secret "FOO_SECRET" encrypted', $tester->getDisplay());
+        $this->assertSame('super_secret_value', $localVault->reveal('FOO_SECRET'));
+    }
+
+    public function testFailsGracefullyWhenLocalVaultIsDisabled()
+    {
+        $mainVault = new SodiumVault($this->mainDir);
+        $tester = new CommandTester(new SecretsDecryptToLocalCommand($mainVault, null));
+
+        $this->assertSame(1, $tester->execute([]));
+        $this->assertStringContainsString('The local vault is disabled.', $tester->getDisplay());
+    }
+}

src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsEncryptFromLocalCommandTest.php

@@ -0,0 +1,110 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
+
+use PHPUnit\Framework\Attributes\RequiresPhpExtension;
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\FrameworkBundle\Command\SecretsEncryptFromLocalCommand;
+use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
+use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
+use Symfony\Component\Console\Tester\CommandTester;
+use Symfony\Component\Filesystem\Filesystem;
+
+#[RequiresPhpExtension('sodium')]
+class SecretsEncryptFromLocalCommandTest extends TestCase
+{
+    private string $vaultDir;
+    private string $localVaultDir;
+    private Filesystem $fs;
+
+    protected function setUp(): void
+    {
+        $this->vaultDir = sys_get_temp_dir().'/sf_secrets/vault_'.uniqid();
+        $this->localVaultDir = sys_get_temp_dir().'/sf_secrets/local_'.uniqid();
+        $this->fs = new Filesystem();
+        $this->fs->remove([$this->vaultDir, $this->localVaultDir]);
+    }
+
+    protected function tearDown(): void
+    {
+        $this->fs->remove([$this->vaultDir, $this->localVaultDir]);
+    }
+
+    public function testFailsWhenLocalVaultIsDisabled()
+    {
+        $vault = $this->createMock(AbstractVault::class);
+        $command = new SecretsEncryptFromLocalCommand($vault, null);
+        $tester = new CommandTester($command);
+
+        $this->assertSame(1, $tester->execute([]));
+        $this->assertStringContainsString('The local vault is disabled.', $tester->getDisplay());
+    }
+
+    public function testEncryptsLocalOverrides()
+    {
+        $vault = new SodiumVault($this->vaultDir);
+        $vault->generateKeys();
+
+        $localVault = new SodiumVault($this->localVaultDir);
+        $localVault->generateKeys();
+
+        $vault->seal('MY_SECRET', 'prod-value');
+        $localVault->seal('MY_SECRET', 'local-value');
+
+        $command = new SecretsEncryptFromLocalCommand($vault, $localVault);
+        $tester = new CommandTester($command);
+
+        $exitCode = $tester->execute([]);
+        $this->assertSame(0, $exitCode);
+
+        $revealed = $vault->reveal('MY_SECRET');
+        $this->assertSame('local-value', $revealed);
+    }
+
+    public function testDoesNotSealIfSameValue()
+    {
+        $vault = new SodiumVault($this->vaultDir);
+        $vault->generateKeys();
+
+        $localVault = new SodiumVault($this->localVaultDir);
+        $localVault->generateKeys();
+
+        $vault->seal('SHARED_SECRET', 'same-value');
+        $localVault->seal('SHARED_SECRET', 'same-value');
+
+        $command = new SecretsEncryptFromLocalCommand($vault, $localVault);
+        $tester = new CommandTester($command);
+
+        $exitCode = $tester->execute([]);
+        $this->assertSame(0, $exitCode);
+
+        $revealed = $vault->reveal('SHARED_SECRET');
+        $this->assertSame('same-value', $revealed);
+    }
+
+    public function testFailsIfLocalSecretIsMissing()
+    {
+        $vault = new SodiumVault($this->vaultDir);
+        $vault->generateKeys();
+
+        $localVault = new SodiumVault($this->localVaultDir);
+        $localVault->generateKeys();
+
+        $vault->seal('MISSING_IN_LOCAL', 'prod-only');
+
+        $command = new SecretsEncryptFromLocalCommand($vault, $localVault);
+        $tester = new CommandTester($command);
+
+        $this->assertSame(1, $tester->execute([]));
+        $this->assertStringContainsString('Secret "MISSING_IN_LOCAL" not found', $tester->getDisplay());
+    }
+}

src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsGenerateKeysCommandTest.php

@@ -0,0 +1,89 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
+
+use PHPUnit\Framework\Attributes\RequiresPhpExtension;
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\FrameworkBundle\Command\SecretsGenerateKeysCommand;
+use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
+use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
+use Symfony\Component\Console\Tester\CommandTester;
+use Symfony\Component\Filesystem\Filesystem;
+
+#[RequiresPhpExtension('sodium')]
+class SecretsGenerateKeysCommandTest extends TestCase
+{
+    private string $secretsDir;
+    private const ENC_KEY_FILE = 'test.encrypt.public.php';
+    private const DEC_KEY_FILE = 'test.decrypt.private.php';
+
+    protected function setUp(): void
+    {
+        $this->secretsDir = sys_get_temp_dir().'/sf_secrets/test/';
+        (new Filesystem())->remove($this->secretsDir);
+    }
+
+    protected function tearDown(): void
+    {
+        (new Filesystem())->remove($this->secretsDir);
+    }
+
+    public function testItGeneratesSodiumKeys()
+    {
+        $vault = new SodiumVault($this->secretsDir);
+        $tester = new CommandTester(new SecretsGenerateKeysCommand($vault));
+
+        $this->assertSame(0, $tester->execute([]));
+        $this->assertKeysExistAndReadable();
+    }
+
+    public function testItRotatesSodiumKeysWhenRequested()
+    {
+        $vault = new SodiumVault($this->secretsDir);
+        $tester = new CommandTester(new SecretsGenerateKeysCommand($vault));
+
+        $this->assertSame(0, $tester->execute(['--rotate' => true]));
+        $this->assertKeysExistAndReadable();
+    }
+
+    public function testItFailsGracefullyWhenLocalVaultIsDisabled()
+    {
+        $vault = $this->createMock(AbstractVault::class);
+        $tester = new CommandTester(new SecretsGenerateKeysCommand($vault));
+
+        $this->assertSame(1, $tester->execute(['--local' => true]));
+        $this->assertStringContainsString('The local vault is disabled.', $tester->getDisplay());
+    }
+
+    public function testFailsWhenKeysAlreadyExistAndRotateNotPassed()
+    {
+        $vault = new SodiumVault($this->secretsDir);
+        $vault->generateKeys();
+
+        $command = new SecretsGenerateKeysCommand($vault);
+        $tester = new CommandTester($command);
+
+        $this->assertSame(1, $tester->execute([]));
+        $this->assertStringContainsString('Sodium keys already exist at', $tester->getDisplay());
+    }
+
+    private function assertKeysExistAndReadable(): void
+    {
+        $encPath = $this->secretsDir.'/'.self::ENC_KEY_FILE;
+        $decPath = $this->secretsDir.'/'.self::DEC_KEY_FILE;
+
+        $this->assertFileExists($encPath, 'Encryption key file does not exist.');
+        $this->assertFileExists($decPath, 'Decryption key file does not exist.');
+        $this->assertNotFalse(@file_get_contents($encPath), 'Encryption key file is not readable.');
+        $this->assertNotFalse(@file_get_contents($decPath), 'Decryption key file is not readable.');
+    }
+}

src/Symfony/Component/AssetMapper/ImportMap/Resolver/JsDelivrEsmResolver.php

@@ -184,6 +184,7 @@ public function downloadPackages(array $importMapEntries, ?callable $progressCal
         $errors = [];
         $contents = [];
         $extraFileResponses = [];
+        /** @var ImportMapEntry $entry */
         foreach ($responses as $package => [$response, $entry]) {
             if (200 !== $response->getStatusCode()) {
                 $errors[] = [$package, $response];
@@ -196,7 +197,6 @@ public function downloadPackages(array $importMapEntries, ?callable $progressCal
 
             $dependencies = [];
             $extraFiles = [];
-            /** @var ImportMapEntry $entry */
             $contents[$package] = [
                 'content' => $this->makeImportsBare($response->getContent(), $dependencies, $extraFiles, $entry->type, $entry->getPackagePathString()),
                 'dependencies' => $dependencies,

src/Symfony/Component/Console/Formatter/OutputFormatter.php

@@ -275,6 +275,6 @@ private function addLineBreaks(string $text, int $width): string
     {
         $encoding = mb_detect_encoding($text, null, true) ?: 'UTF-8';
 
-        return b($text)->toCodePointString($encoding)->wordwrap($width, "\n", true)->toByteString($encoding);
+        return b($text)->toUnicodeString($encoding)->wordwrap($width, "\n", true)->toByteString($encoding);
     }
 }

src/Symfony/Component/Console/Tests/Formatter/OutputFormatterTest.php

@@ -368,6 +368,7 @@ public function testFormatAndWrap()
         $this->assertSame("foobar\e[37;41mbaz\e[39;49m\n\e[37;41mnewline\e[39;49m", $formatter->formatAndWrap("foobar<error>baz\nnewline</error>", 11));
         $this->assertSame("foobar\e[37;41mbazne\e[39;49m\n\e[37;41mwline\e[39;49m", $formatter->formatAndWrap("foobar<error>bazne\nwline</error>", 11));
         $this->assertSame("foobar\e[37;41mbazne\e[39;49m\n\e[37;41mw\e[39;49m\n\e[37;41mline\e[39;49m", $formatter->formatAndWrap("foobar<error>baznew\nline</error>", 11));
+        $this->assertSame("\e[37;41m👩‍🌾\e[39;49m", $formatter->formatAndWrap('<error>👩‍🌾</error>', 1));
 
         $formatter = new OutputFormatter();
 
@@ -387,6 +388,7 @@ public function testFormatAndWrap()
         $this->assertSame("foobarbaz\nnewline", $formatter->formatAndWrap("foobar<error>baz\nnewline</error>", 11));
         $this->assertSame("foobarbazne\nwline", $formatter->formatAndWrap("foobar<error>bazne\nwline</error>", 11));
         $this->assertSame("foobarbazne\nw\nline", $formatter->formatAndWrap("foobar<error>baznew\nline</error>", 11));
+        $this->assertSame('👩‍🌾', $formatter->formatAndWrap('👩‍🌾', 1));
     }
 }
 

src/Symfony/Component/Form/Extension/Validator/ValidatorExtension.php

@@ -33,14 +33,14 @@ public function __construct(
         private ?FormRendererInterface $formRenderer = null,
         private ?TranslatorInterface $translator = null,
     ) {
+        /** @var ClassMetadata $metadata */
         $metadata = $validator->getMetadataFor(\Symfony\Component\Form\Form::class);
 
         // Register the form constraints in the validator programmatically.
         // This functionality is required when using the Form component without
         // the DIC, where the XML file is loaded automatically. Thus the following
         // code must be kept synchronized with validation.xml
 
-        /** @var ClassMetadata $metadata */
         $metadata->addConstraint(new Form());
         $metadata->addConstraint(new Traverse(false));
     }

src/Symfony/Component/Form/ResolvedFormType.php

@@ -117,8 +117,8 @@ public function finishView(FormView $view, FormInterface $form, array $options):
 
         $this->innerType->finishView($view, $form, $options);
 
+        /** @var FormTypeExtensionInterface $extension */
         foreach ($this->typeExtensions as $extension) {
-            /** @var FormTypeExtensionInterface $extension */
             $extension->finishView($view, $form, $options);
         }
     }

src/Symfony/Component/Mailer/Tests/EventListener/MessengerTransportListenerTest.php

@@ -41,7 +41,6 @@ public function testMessengerTransportStampViaHeader()
         $event = new MessageEvent($message, $envelope, 'smtp', true);
         $l->onMessage($event);
         $this->assertCount(1, $event->getStamps());
-        /** @var TransportNamesStamp $stamp */
         $this->assertInstanceOf(TransportNamesStamp::class, $stamp = $event->getStamps()[0]);
         $this->assertSame(['async'], $stamp->getTransportNames());
         $this->assertFalse($message->getHeaders()->has('X-Bus-Transport'));
@@ -57,7 +56,6 @@ public function testMessengerTransportStampsViaHeader()
         $event = new MessageEvent($message, $envelope, 'smtp', true);
         $l->onMessage($event);
         $this->assertCount(1, $event->getStamps());
-        /** @var TransportNamesStamp $stamp */
         $this->assertInstanceOf(TransportNamesStamp::class, $stamp = $event->getStamps()[0]);
         $this->assertSame(['async', 'async1', $name], $stamp->getTransportNames());
         $this->assertFalse($message->getHeaders()->has('X-Bus-Transport'));