Merge branch '5.0'

* 5.0:
  [VarDumper] fix for change in PHP 7.4.6
  Added regression test for AccountStatusException behavior (ref #36822)
  [HttpClient] fix PHP warning + accept status code >= 600
  [Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
  embed resource name in error message
  [FrameworkBundle] fix stringable annotation
  Change priority of KernelEvents::RESPONSE subscriber
  Fix register event listeners compiler pass
  Missing description in `messenger:setup-transports` command
  [Serializer] fix issue with PHP 8
  [WebProfiler] Remove 'none' when appending CSP tokens
  [TwigBundle] FormExtension does not have a constructor anymore since sf 4.0
  [Yaml] Fix escaped quotes in quoted multi-line string

Author: nicolas-grekas

Encoder/NativePasswordEncoder.php

@@ -24,7 +24,7 @@ final class NativePasswordEncoder implements PasswordEncoderInterface, SelfSalti
 {
     private const MAX_PASSWORD_LENGTH = 4096;
 
-    private $algo;
+    private $algo = PASSWORD_BCRYPT;
     private $options;
 
     /**
@@ -48,7 +48,20 @@ public function __construct(int $opsLimit = null, int $memLimit = null, int $cos
             throw new \InvalidArgumentException('$cost must be in the range of 4-31.');
         }
 
-        $this->algo = (string) ($algo ?? (\defined('PASSWORD_ARGON2ID') ? PASSWORD_ARGON2ID : (\defined('PASSWORD_ARGON2I') ? PASSWORD_ARGON2I : PASSWORD_BCRYPT)));
+        $algos = [1 => PASSWORD_BCRYPT, '2y' => PASSWORD_BCRYPT];
+
+        if (\defined('PASSWORD_ARGON2I')) {
+            $this->algo = $algos[2] = $algos['argon2i'] = (string) PASSWORD_ARGON2I;
+        }
+
+        if (\defined('PASSWORD_ARGON2ID')) {
+            $this->algo = $algos[3] = $algos['argon2id'] = (string) PASSWORD_ARGON2ID;
+        }
+
+        if (null !== $algo) {
+            $this->algo = $algos[$algo] ?? $algo;
+        }
+
         $this->options = [
             'cost' => $cost,
             'time_cost' => $opsLimit,

Tests/Authentication/AuthenticationProviderManagerTest.php

@@ -54,10 +54,16 @@ public function testAuthenticateWhenNoProviderSupportsToken()
 
     public function testAuthenticateWhenProviderReturnsAccountStatusException()
     {
+        $secondAuthenticationProvider = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface')->getMock();
+
         $manager = new AuthenticationProviderManager([
             $this->getAuthenticationProvider(true, null, 'Symfony\Component\Security\Core\Exception\AccountStatusException'),
+            $secondAuthenticationProvider,
         ]);
 
+        // AccountStatusException stops authentication
+        $secondAuthenticationProvider->expects($this->never())->method('supports');
+
         try {
             $manager->authenticate($token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock());
             $this->fail();

Tests/Encoder/NativePasswordEncoderTest.php

@@ -73,6 +73,14 @@ public function testConfiguredAlgorithm()
         $this->assertStringStartsWith('$2', $result);
     }
 
+    public function testConfiguredAlgorithmWithLegacyConstValue()
+    {
+        $encoder = new NativePasswordEncoder(null, null, null, '1');
+        $result = $encoder->encodePassword('password', null);
+        $this->assertTrue($encoder->isPasswordValid($result, 'password', null));
+        $this->assertStringStartsWith('$2', $result);
+    }
+
     public function testCheckPasswordLength()
     {
         $encoder = new NativePasswordEncoder(null, null, 4);