bug symfony#59640 [Security] Return null instead of empty username to fix deprecation notice (phasdev)

This PR was merged into the 6.4 branch.

Discussion
----------

[Security] Return null instead of empty username to fix deprecation notice

| Q             | A
| ------------- | ---
| Branch?       | 6.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Issues        | Fix symfony#59584
| License       | MIT

`RemoteUserAuthenticator` may return an empty string when extracting a username from the configured `$_SERVER` parameter (e.g. `REMOTE_USER`).

An empty username triggers the `User Deprecated: Since symfony/security-http 7.2: Using an empty string as user identifier is deprecated and will throw an exception in Symfony 8.0.`

Return `null` instead of empty username to skip authenticator when username is empty and fix Symfony 8 deprecation notice.

Commits
-------

a8516b7 [Security] Return null instead of empty username to fix deprecation notice

Author: nicolas-grekas

src/Symfony/Component/Security/Http/Authenticator/RemoteUserAuthenticator.php

@@ -45,6 +45,6 @@ protected function extractUsername(Request $request): ?string
             throw new BadCredentialsException(sprintf('User key was not found: "%s".', $this->userKey));
         }
 
-        return $request->server->get($this->userKey);
+        return $request->server->get($this->userKey) ?: null;
     }
 }

src/Symfony/Component/Security/Http/Tests/Authenticator/RemoteUserAuthenticatorTest.php

@@ -36,6 +36,7 @@ public function testSupportNoUser()
         $authenticator = new RemoteUserAuthenticator(new InMemoryUserProvider(), new TokenStorage(), 'main');
 
         $this->assertFalse($authenticator->supports($this->createRequest([])));
+        $this->assertFalse($authenticator->supports($this->createRequest(['REMOTE_USER' => ''])));
     }
 
     public function testSupportTokenStorageWithToken()