Merge branch '7.4' into 8.0

* 7.4: (40 commits)
  [PropertyInfo] treat mixed[] the same as array when getting types from docblocks
  treat `mixed[]` the same as `array` when getting types from docblocks
  install ext-zstd on PHP 8.5 as well
  fix merge
  [Console] Fix profile invokable command
  sync ControllerHelper docblock with latest AbstractController changes
  fix: Typehint for `createForm` in abstractController
  [Notifier][Mercure] Add support for Mercure 0.7
  register attribute loader arguments in a forward-compatible way
  ensure compatibility with RelayCluster 0.20.0
  mark test using a Redis connection as an integration test
  ensure compatibility with Relay extension 0.20.0
  [FrameworkBundle] Allow backed enum to be used in initial_marking workflow configuration
  [DependencyInjection] Fix `query_string` env processor for URLs without query string
  [HttpFoundation] Fix Expires response header for EventStream
  Bump Symfony version to 7.4.1
  Update VERSION for 7.4.0
  Update CHANGELOG for 7.4.0
  -
  [DependencyInjection] Fix state corruption in PhpFileLoader during recursive imports
  ...

Author: xabbuh

Authenticator/Passport/Badge/UserBadge.php

@@ -54,13 +54,8 @@ public function __construct(
         private ?array $attributes = null,
         ?\Closure $identifierNormalizer = null,
     ) {
-        if ('' === $userIdentifier) {
-            throw new BadCredentialsException('Empty user identifier.');
-        }
+        $this->validateUserIdentifier($userIdentifier);
 
-        if (\strlen($userIdentifier) > self::MAX_USERNAME_LENGTH) {
-            throw new BadCredentialsException('Username too long.');
-        }
         if ($identifierNormalizer) {
             $this->identifierNormalizer = static fn () => $identifierNormalizer($userIdentifier);
         }
@@ -73,6 +68,8 @@ public function getUserIdentifier(): string
         if (isset($this->identifierNormalizer)) {
             $this->userIdentifier = ($this->identifierNormalizer)();
             $this->identifierNormalizer = null;
+
+            $this->validateUserIdentifier($this->userIdentifier);
         }
 
         return $this->userIdentifier;
@@ -131,4 +128,15 @@ public function isResolved(): bool
     {
         return true;
     }
+
+    private function validateUserIdentifier(string $userIdentifier): void
+    {
+        if ('' === $userIdentifier) {
+            throw new BadCredentialsException('Empty user identifier.');
+        }
+
+        if (\strlen($userIdentifier) > self::MAX_USERNAME_LENGTH) {
+            throw new BadCredentialsException('Username too long.');
+        }
+    }
 }

Tests/Authenticator/Passport/Badge/UserBadgeTest.php

@@ -62,4 +62,14 @@ public static function provideUserIdentifierNormalizationData(): iterable
         yield 'Greek to ASCII' => ['ΝιΚόΛΑος', 'NIKOLAOS', $upperAndAscii];
         yield 'Katakana to ASCII' => ['たなかそういち', 'TANAKASOUICHI', $upperAndAscii];
     }
+
+    public function testUserIdentifierNormalizationEnforcesMaxLength()
+    {
+        $badge = new UserBadge('valid_input', null, null, fn () => str_repeat('a', UserBadge::MAX_USERNAME_LENGTH + 1));
+
+        $this->expectException(BadCredentialsException::class);
+        $this->expectExceptionMessage('Username too long.');
+
+        $badge->getUserIdentifier();
+    }
 }