symfony
diff --git a/‎src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php
+2-2Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Authenticator/JsonLoginAuthenticator.php
+2-2Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Tests/Authenticator/JsonLoginAuthenticatorTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Authenticator/JsonLoginAuthenticatorTest.php
+19Lines changed: 19 additions & 0 deletions b/‎src/Symfony/Component/Security/Http/Tests/Authenticator/JsonLoginAuthenticatorTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Authenticator/JsonLoginAuthenticatorTest.php
+19Lines changed: 19 additions & 0 deletions
@@ -126,10 +126,10 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token,
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
     {
         if (null === $this->failureHandler) {
-            $errorMessage = $exception->getMessageKey();
-
             if (null !== $this->translator) {
                 $errorMessage = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
+            } else {
+                $errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());
             }
 
             return new JsonResponse(['error' => $errorMessage], JsonResponse::HTTP_UNAUTHORIZED);
 
@@ -147,6 +147,25 @@ public function testAuthenticationFailureWithTranslator()
         $this->assertSame(['error' => 'foo'], json_decode($response->getContent(), true));
     }
 
+    public function testOnFailureReplacesMessageDataWithoutTranslator()
+    {
+        $this->setUpAuthenticator();
+
+        $response = $this->authenticator->onAuthenticationFailure(new Request(), new class() extends AuthenticationException {
+            public function getMessageData(): array
+            {
+                return ['%failed_attempts%' => 3];
+            }
+
+            public function getMessageKey(): string
+            {
+                return 'Session locked after %failed_attempts% failed attempts.';
+            }
+        });
+
+        $this->assertSame(['error' => 'Session locked after 3 failed attempts.'], json_decode($response->getContent(), true));
+    }
+
     private function setUpAuthenticator(array $options = [])
     {
         $this->authenticator = new JsonLoginAuthenticator(new HttpUtils(), $this->userProvider, null, null, $options);
Original file line number	Diff line number	Diff line change
`@@ -126,10 +126,10 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token,`
`126`	`126`	`public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response`
`127`	`127`	`{`
`128`	`128`	`if (null === $this->failureHandler) {`
`129`		`- $errorMessage = $exception->getMessageKey();`
`130`		`-`
`131`	`129`	`if (null !== $this->translator) {`
`132`	`130`	`$errorMessage = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');`
	`131`	`+ } else {`
	`132`	`+ $errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());`
`133`	`133`	`}`
`134`	`134`
`135`	`135`	`return new JsonResponse(['error' => $errorMessage], JsonResponse::HTTP_UNAUTHORIZED);`