Merge branch '7.3' into 7.4

* 7.3:
  fix test
  Restore Relay 8.5 test
  account for PHP_ZTS being a boolean value on PHP 8.4+
  [Intl] Update data to ICU 78.1
  [Notifier][Smsbox] Add tests for `Mode` enum
  [DependencyInjection] Remove unused variable
  [Console] Fix exception message when abbreviation matches multiple hidden commands
  [FrameworkBundle] Fix TypeError when traversing scalar values in debug:config
  [DependencyInjection] Fix loop corruption in CheckTypeDeclarationsPass
  [Security] Fix UserBadge validation bypass via identifier normalizer
  [DependencyInjection] Fix invalid PHP syntax for nullable TypedReference in PhpDumper
  Fix typo in comment
  [Translation][Routing] Fix typos
  [Config] Fix nullable EnumNode with BackedEnum
  [String] Fix normalization in trimPrefix/trimSuffix

Author: xabbuh

Authenticator/Passport/Badge/UserBadge.php

@@ -54,14 +54,8 @@ public function __construct(
         private ?array $attributes = null,
         ?\Closure $identifierNormalizer = null,
     ) {
-        if ('' === $userIdentifier) {
-            trigger_deprecation('symfony/security-http', '7.2', 'Using an empty string as user identifier is deprecated and will throw an exception in Symfony 8.0.');
-            // throw new BadCredentialsException('Empty user identifier.');
-        }
+        $this->validateUserIdentifier($userIdentifier);
 
-        if (\strlen($userIdentifier) > self::MAX_USERNAME_LENGTH) {
-            throw new BadCredentialsException('Username too long.');
-        }
         if ($identifierNormalizer) {
             $this->identifierNormalizer = static fn () => $identifierNormalizer($userIdentifier);
         }
@@ -74,6 +68,8 @@ public function getUserIdentifier(): string
         if (isset($this->identifierNormalizer)) {
             $this->userIdentifier = ($this->identifierNormalizer)();
             $this->identifierNormalizer = null;
+
+            $this->validateUserIdentifier($this->userIdentifier);
         }
 
         return $this->userIdentifier;
@@ -132,4 +128,16 @@ public function isResolved(): bool
     {
         return true;
     }
+
+    private function validateUserIdentifier(string $userIdentifier): void
+    {
+        if ('' === $userIdentifier) {
+            trigger_deprecation('symfony/security-http', '7.2', 'Using an empty string as user identifier is deprecated and will throw an exception in Symfony 8.0.');
+            // throw new BadCredentialsException('Empty user identifier.');
+        }
+
+        if (\strlen($userIdentifier) > self::MAX_USERNAME_LENGTH) {
+            throw new BadCredentialsException('Username too long.');
+        }
+    }
 }

Tests/Authenticator/Passport/Badge/UserBadgeTest.php

@@ -15,6 +15,7 @@
 use PHPUnit\Framework\Attributes\Group;
 use PHPUnit\Framework\Attributes\IgnoreDeprecations;
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 use Symfony\Component\Security\Core\Exception\UserNotFoundException;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
 use Symfony\Component\String\Slugger\AsciiSlugger;
@@ -66,4 +67,25 @@ public static function provideUserIdentifierNormalizationData(): iterable
         yield 'Greek to ASCII' => ['ΝιΚόΛΑος', 'NIKOLAOS', $upperAndAscii];
         yield 'Katakana to ASCII' => ['たなかそういち', 'TANAKASOUICHI', $upperAndAscii];
     }
+
+    #[IgnoreDeprecations]
+    #[Group('legacy')]
+    public function testUserIdentifierNormalizationTriggersDeprecationForEmptyString()
+    {
+        $badge = new UserBadge('valid_input', null, null, fn () => '');
+
+        $this->expectUserDeprecationMessage('Since symfony/security-http 7.2: Using an empty string as user identifier is deprecated and will throw an exception in Symfony 8.0.');
+
+        $this->assertSame('', $badge->getUserIdentifier());
+    }
+
+    public function testUserIdentifierNormalizationEnforcesMaxLength()
+    {
+        $badge = new UserBadge('valid_input', null, null, fn () => str_repeat('a', UserBadge::MAX_USERNAME_LENGTH + 1));
+
+        $this->expectException(BadCredentialsException::class);
+        $this->expectExceptionMessage('Username too long.');
+
+        $badge->getUserIdentifier();
+    }
 }