TypeError on using getUserIdentifier of UserNotFoundException Exception #41697
Description
Symfony version(s) affected: 5.3.1
Description
My exact case:
Upgraded to 5.3.1 from earlier version of Symfony, on a production app that has a very long session time and so some users are coming back after not visiting for a while. I forget, I may have changed some session settings too :-( sorry to be vague, but when user returns the firewall is trying to refresh the user (/vendor/symfony/security-http/Firewall/ContextListener.php:135) after checking the token (/vendor/symfony/security-http/Firewall/ContextListener.php:133), and throwing a UserNotFoundException ... that's ok... Im happy with that exception being thrown, so please ignore my app side of things here.
On code review:
But the bug is, in symfony, in trying to log a warning (/vendor/symfony/security-http/Firewall/ContextListener.php:263) in the catch of UserNotFoundException is then trying to use $e->getUserIdentifier() which has a : string return type which tried to return null (as there is no user!) which causes the TypeError
How to reproduce
On code review you can understand this issue, because in the catch of the UserNotFoundException exception, there is no User obviously, and then you are trying to use $e->getUserIdentifier() which has a : string return type which tried to return null (as there is no user!) which causes the TypeError
Symfony\Component\Security\Core\Exception\UserNotFoundException::getUserIdentifier(): Return value must be of type string, null returned
Possible Solution
public function getUserIdentifier(): ?string maybe ?
Additional context
Raw trace provided by Sentry.io
TypeError: Symfony\Component\Security\Core\Exception\UserNotFoundException::getUserIdentifier(): Return value must be of type string, null returned
#15 /vendor/symfony/security-core/Exception/UserNotFoundException.php(37): Symfony\Component\Security\Core\Exception\UserNotFoundException::getUserIdentifier
#14 /vendor/symfony/security-http/Firewall/ContextListener.php(263): Symfony\Component\Security\Http\Firewall\ContextListener::refreshUser
#13 /vendor/symfony/security-http/Firewall/ContextListener.php(135): Symfony\Component\Security\Http\Firewall\ContextListener::authenticate
#12 /vendor/symfony/security-http/Firewall/AbstractListener.php(26): Symfony\Component\Security\Http\Firewall\AbstractListener::__invoke
#11 /vendor/symfony/security-bundle/Security/LazyFirewallContext.php(60): Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext::__invoke
#10 /vendor/symfony/security-http/Firewall.php(113): Symfony\Component\Security\Http\Firewall::callListeners
#9 /vendor/symfony/security-http/Firewall.php(86): Symfony\Component\Security\Http\Firewall::onKernelRequest
#8 /vendor/symfony/event-dispatcher/EventDispatcher.php(270): Symfony\Component\EventDispatcher\EventDispatcher::Symfony\Component\EventDispatcher\{closure}
#7 /vendor/symfony/event-dispatcher/EventDispatcher.php(230): Symfony\Component\EventDispatcher\EventDispatcher::callListeners
#6 /vendor/symfony/event-dispatcher/EventDispatcher.php(59): Symfony\Component\EventDispatcher\EventDispatcher::dispatch
#5 /vendor/symfony/http-kernel/HttpKernel.php(133): Symfony\Component\HttpKernel\HttpKernel::handleRaw
#4 /vendor/symfony/http-kernel/HttpKernel.php(79): Symfony\Component\HttpKernel\HttpKernel::handle
#3 /vendor/symfony/http-kernel/Kernel.php(199): Symfony\Component\HttpKernel\Kernel::handle
#2 /vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php(37): Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner::run
#1 /vendor/autoload_runtime.php(35): require_once
#0 /public/index.php(15): null