[7.0] Cleanup legacy code paths

Author: nicolas-grekas

CHANGELOG.md

@@ -6,6 +6,7 @@ CHANGELOG
 
  * Add argument `$badgeFqcn` to `Passport::addBadge()`
  * Add argument `$lifetime` to `LoginLinkHandlerInterface::createLoginLink()`
+ * Throw when calling the constructor of `DefaultLoginRateLimiter` with an empty secret
 
 6.4
 ---

RateLimiter/DefaultLoginRateLimiter.php

@@ -14,6 +14,7 @@
 use Symfony\Component\HttpFoundation\RateLimiter\AbstractRequestRateLimiter;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\RateLimiter\RateLimiterFactory;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Http\SecurityRequestAttributes;
 
 /**
@@ -36,8 +37,7 @@ final class DefaultLoginRateLimiter extends AbstractRequestRateLimiter
     public function __construct(RateLimiterFactory $globalFactory, RateLimiterFactory $localFactory, #[\SensitiveParameter] string $secret = '')
     {
         if ('' === $secret) {
-            trigger_deprecation('symfony/security-http', '6.4', 'Calling "%s()" with an empty secret is deprecated. A non-empty secret will be mandatory in version 7.0.', __METHOD__);
-            // throw new \Symfony\Component\Security\Core\Exception\InvalidArgumentException('A non-empty secret is required.');
+            throw new InvalidArgumentException('A non-empty secret is required.');
         }
         $this->globalFactory = $globalFactory;
         $this->localFactory = $localFactory;