feature #42510 [Security] Deprecate remaining anonymous checks (wouterj)

fabpot · fabpot · commit 016074cc53f8 · 2021-08-14T19:25:49.000+02:00
This PR was merged into the 5.4 branch. Discussion ---------- [Security] Deprecate remaining anonymous checks | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | yes | Deprecations? | yes | Tickets | Ref #41613 | License | MIT | Doc PR | tbd Deprecates the remaining checks for anonymous found in #41613. It's WIP because the tests are failing until #42423 is merged and this PR is rebased (didn't update one test to avoid merge conflicts). Besides this, it also introduced `IS_AUTHENTICATED` and `AuthenticationTrustResolver::isAutenticated()`. Previously, `IS_AUTHENTICATED_ANONYMOUSLY` was considered to be the "bottom type" for authenticated requests. As this is no longer true, `IS_AUTHENTICATED_REMEMBERME` is now the new "bottom type". I suggest we use an explicit bottom type (the ones introduced) instead to avoid another such update if we change something with remember me. It's also more clear on the exact intent of the check. Commits ------- e3aca7f [Security] Deprecate remaining anonymous checks
diff --git a/UPGRADE-5.4.md b/UPGRADE-5.4.md
@@ -62,6 +62,30 @@ Security
  * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
  * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
  * Deprecate not returning an `UserInterface` from `Token::getUser()`
+ * Deprecate `AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and `AuthenticatedVoter::IS_ANONYMOUS`,
+   use `AuthenticatedVoter::PUBLIC_ACCESS` instead.
+
+   Before:
+   ```yaml
+   # config/packages/security.yaml
+   security:
+       # ...
+       access_control:
+           - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+   ```
+
+   After:
+   ```yaml
+   # config/packages/security.yaml
+   security:
+       # ...
+       access_control:
+           - { path: ^/login, roles: PUBLIC_ACCESS }
+   ```
+
+ * Deprecate `AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression function
+   as anonymous no longer exists in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead
+   if you want to check if the request is (fully) authenticated.
  * Deprecate the `$authManager` argument of `AccessListener`, the argument will be removed
  * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor, the argument will be removed
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md
@@ -210,6 +210,30 @@ Security
  * Remove `AnonymousToken`
  * Remove `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
  * Restrict the return type of `Token::getUser()` to `UserInterface` (removing `string|\Stringable`)
+ * Remove `AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and `AuthenticatedVoter::IS_ANONYMOUS`,
+   use `AuthenticatedVoter::PUBLIC_ACCESS` instead.
+
+   Before:
+   ```yaml
+   # config/packages/security.yaml
+   security:
+       # ...
+       access_control:
+           - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+   ```
+
+   After:
+   ```yaml
+   # config/packages/security.yaml
+   security:
+       # ...
+       access_control:
+           - { path: ^/login, roles: PUBLIC_ACCESS }
+   ```
+
+ * Remove `AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression function
+   as anonymous no longer exists in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead
+   if you want to check if the request is (fully) authenticated.
  * Remove the 4th and 5th argument of `AuthorizationChecker`
  * Remove the 5th argument of `AccessListener`
  * Remove class `User`, use `InMemoryUser` or your own implementation instead.
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 5.4
 ---
 
+ * Deprecate `FirewallConfig::allowsAnonymous()` and the `allows_anonymous` from the data collector data, there will be no anonymous concept as of version 6.
  * Deprecate not setting `$authenticatorManagerEnabled` to `true` in `SecurityDataCollector` and `DebugFirewallCommand`
  * Deprecate `SecurityFactoryInterface` and `SecurityExtension::addSecurityListenerFactory()` in favor of
    `AuthenticatorFactoryInterface` and `SecurityExtension::addAuthenticatorFactory()`
diff --git a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
@@ -184,7 +184,7 @@ public function collect(Request $request, Response $response, \Throwable $except
             if (null !== $firewallConfig) {
                 $this->data['firewall'] = [
                     'name' => $firewallConfig->getName(),
-                    'allows_anonymous' => $firewallConfig->allowsAnonymous(),
+                    'allows_anonymous' => $this->authenticatorManagerEnabled ? false : $firewallConfig->allowsAnonymous(),
                     'request_matcher' => $firewallConfig->getRequestMatcher(),
                     'security_enabled' => $firewallConfig->isSecurityEnabled(),
                     'stateless' => $firewallConfig->isStateless(),
diff --git a/src/Symfony/Bundle/SecurityBundle/Security/FirewallConfig.php b/src/Symfony/Bundle/SecurityBundle/Security/FirewallConfig.php
@@ -64,8 +64,13 @@ public function isSecurityEnabled(): bool
         return $this->securityEnabled;
     }
 
+    /**
+     * @deprecated since Symfony 5.4
+     */
     public function allowsAnonymous(): bool
     {
+        trigger_deprecation('symfony/security-bundle', '5.4', 'The "%s()" method is deprecated.', __METHOD__);
+
         return \in_array('anonymous', $this->listeners, true);
     }
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
@@ -141,7 +141,6 @@ public function testGetFirewall()
         $collected = $collector->getFirewall();
 
         $this->assertSame($firewallConfig->getName(), $collected['name']);
-        $this->assertSame($firewallConfig->allowsAnonymous(), $collected['allows_anonymous']);
         $this->assertSame($firewallConfig->getRequestMatcher(), $collected['request_matcher']);
         $this->assertSame($firewallConfig->isSecurityEnabled(), $collected['security_enabled']);
         $this->assertSame($firewallConfig->isStateless(), $collected['stateless']);
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml
@@ -53,5 +53,5 @@ security:
         - { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/secured-by-one-env-placeholder-multiple-ips-and-one-real-ip$, ips: ['%env(APP_IPS)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/highly_protected_resource$, roles: IS_ADMIN }
-        - { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
+        - { path: ^/protected-via-expression$, allow_if: "(!is_authenticated() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
         - { path: .*, roles: IS_AUTHENTICATED_FULLY }
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallConfigTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallConfigTest.php
@@ -18,7 +18,7 @@ class FirewallConfigTest extends TestCase
 {
     public function testGetters()
     {
-        $listeners = ['logout', 'remember_me', 'anonymous'];
+        $listeners = ['logout', 'remember_me'];
         $options = [
             'request_matcher' => 'foo_request_matcher',
             'security' => false,
@@ -57,7 +57,6 @@ public function testGetters()
         $this->assertSame($options['access_denied_handler'], $config->getAccessDeniedHandler());
         $this->assertSame($options['access_denied_url'], $config->getAccessDeniedUrl());
         $this->assertSame($options['user_checker'], $config->getUserChecker());
-        $this->assertTrue($config->allowsAnonymous());
         $this->assertSame($listeners, $config->getListeners());
         $this->assertSame($options['switch_user'], $config->getSwitchUser());
     }
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php
@@ -23,11 +23,22 @@
  */
 class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface
 {
+    public function isAuthenticated(TokenInterface $token = null): bool
+    {
+        return null !== $token && !$token instanceof NullToken
+            // @deprecated since Symfony 5.4, TokenInterface::isAuthenticated() and AnonymousToken no longer exists in 6.0
+            && !$token instanceof AnonymousToken && $token->isAuthenticated(false);
+    }
+
     /**
      * {@inheritdoc}
      */
-    public function isAnonymous(TokenInterface $token = null)
+    public function isAnonymous(TokenInterface $token = null/*, $deprecation = true*/)
     {
+        if (1 === \func_num_args() || false !== func_get_arg(1)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.', __METHOD__);
+        }
+
         if (null === $token) {
             return false;
         }
@@ -56,6 +67,6 @@ public function isFullFledged(TokenInterface $token = null)
             return false;
         }
 
-        return !$this->isAnonymous($token) && !$this->isRememberMe($token);
+        return !$this->isAnonymous($token, false) && !$this->isRememberMe($token);
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolverInterface.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolverInterface.php
@@ -17,6 +17,8 @@
  * Interface for resolving the authentication status of a given token.
  *
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ *
+ * @method bool isAuthenticated(TokenInterface $token = null)
  */
 interface AuthenticationTrustResolverInterface
 {
@@ -27,6 +29,8 @@ interface AuthenticationTrustResolverInterface
      * If null is passed, the method must return false.
      *
      * @return bool
+     *
+     * @deprecated since Symfony 5.4, use !isAuthenticated() instead
      */
     public function isAnonymous(TokenInterface $token = null);
 
diff --git a/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php b/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php
@@ -13,6 +13,7 @@
 
 use Symfony\Component\ExpressionLanguage\ExpressionFunction;
 use Symfony\Component\ExpressionLanguage\ExpressionFunctionProviderInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
 
 /**
  * Define some ExpressionLanguage functions.
@@ -25,15 +26,18 @@ public function getFunctions()
     {
         return [
             new ExpressionFunction('is_anonymous', function () {
-                return '$token && $auth_checker->isGranted("IS_ANONYMOUS")';
+                return 'trigger_deprecation("symfony/security-core", "5.4", "The \"is_anonymous()\" expression function is deprecated.") || ($token && $auth_checker->isGranted("IS_ANONYMOUS"))';
             }, function (array $variables) {
+                trigger_deprecation('symfony/security-core', '5.4', 'The "is_anonymous()" expression function is deprecated.');
+
                 return $variables['token'] && $variables['auth_checker']->isGranted('IS_ANONYMOUS');
             }),
 
+            // @deprecated remove the ternary and always use IS_AUTHENTICATED in 6.0
             new ExpressionFunction('is_authenticated', function () {
-                return '$token && !$auth_checker->isGranted("IS_ANONYMOUS")';
+                return 'defined("'.AuthenticatedVoter::class.'::IS_AUTHENTICATED") ? $auth_checker->isGranted("IS_AUTHENTICATED") : ($token && !$auth_checker->isGranted("IS_ANONYMOUS"))';
             }, function (array $variables) {
-                return $variables['token'] && !$variables['auth_checker']->isGranted('IS_ANONYMOUS');
+                return \defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED') ? $variables['auth_checker']->isGranted('IS_AUTHENTICATED') : ($variables['token'] && !$variables['auth_checker']->isGranted('IS_ANONYMOUS'));
             }),
 
             new ExpressionFunction('is_fully_authenticated', function () {
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
@@ -12,12 +12,13 @@
 namespace Symfony\Component\Security\Core\Authorization\Voter;
 
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
+use Symfony\Component\Security\Core\Authentication\Token\NullToken;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 /**
  * AuthenticatedVoter votes if an attribute like IS_AUTHENTICATED_FULLY,
- * IS_AUTHENTICATED_REMEMBERED, or IS_AUTHENTICATED_ANONYMOUSLY is present.
+ * IS_AUTHENTICATED_REMEMBERED, IS_AUTHENTICATED is present.
  *
  * This list is most restrictive to least restrictive checking.
  *
@@ -28,8 +29,15 @@ class AuthenticatedVoter implements VoterInterface
 {
     public const IS_AUTHENTICATED_FULLY = 'IS_AUTHENTICATED_FULLY';
     public const IS_AUTHENTICATED_REMEMBERED = 'IS_AUTHENTICATED_REMEMBERED';
+    /**
+     * @deprecated since Symfony 5.4
+     */
     public const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY';
+    /**
+     * @deprecated since Symfony 5.4
+     */
     public const IS_ANONYMOUS = 'IS_ANONYMOUS';
+    public const IS_AUTHENTICATED = 'IS_AUTHENTICATED';
     public const IS_IMPERSONATOR = 'IS_IMPERSONATOR';
     public const IS_REMEMBERED = 'IS_REMEMBERED';
     public const PUBLIC_ACCESS = 'PUBLIC_ACCESS';
@@ -55,6 +63,7 @@ public function vote(TokenInterface $token, $subject, array $attributes)
             if (null === $attribute || (self::IS_AUTHENTICATED_FULLY !== $attribute
                     && self::IS_AUTHENTICATED_REMEMBERED !== $attribute
                     && self::IS_AUTHENTICATED_ANONYMOUSLY !== $attribute
+                    && self::IS_AUTHENTICATED !== $attribute
                     && self::IS_ANONYMOUS !== $attribute
                     && self::IS_IMPERSONATOR !== $attribute
                     && self::IS_REMEMBERED !== $attribute)) {
@@ -78,6 +87,16 @@ public function vote(TokenInterface $token, $subject, array $attributes)
                 && ($this->authenticationTrustResolver->isAnonymous($token)
                     || $this->authenticationTrustResolver->isRememberMe($token)
                     || $this->authenticationTrustResolver->isFullFledged($token))) {
+                trigger_deprecation('symfony/security-core', '5.4', 'The "IS_AUTHENTICATED_ANONYMOUSLY" security attribute is deprecated, use "IS_AUTHENTICATED" or "IS_AUTHENTICATED_FULLY" instead if you want to check if the request is (fully) authenticated.');
+
+                return VoterInterface::ACCESS_GRANTED;
+            }
+
+            // @deprecated $this->authenticationTrustResolver must implement isAuthenticated() in 6.0
+            if (self::IS_AUTHENTICATED === $attribute
+                && (method_exists($this->authenticationTrustResolver, 'isAuthenticated')
+                    ? $this->authenticationTrustResolver->isAuthenticated($token)
+                    : (null !== $token && !$token instanceof NullToken))) {
                 return VoterInterface::ACCESS_GRANTED;
             }
 
@@ -86,6 +105,8 @@ public function vote(TokenInterface $token, $subject, array $attributes)
             }
 
             if (self::IS_ANONYMOUS === $attribute && $this->authenticationTrustResolver->isAnonymous($token)) {
+                trigger_deprecation('symfony/security-core', '5.4', 'The "IS_ANONYMOUSLY" security attribute is deprecated, anonymous no longer exists in version 6.');
+
                 return VoterInterface::ACCESS_GRANTED;
             }
 
diff --git a/src/Symfony/Component/Security/Core/CHANGELOG.md b/src/Symfony/Component/Security/Core/CHANGELOG.md
@@ -7,6 +7,11 @@ CHANGELOG
  * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
  * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
  * Deprecate returning `string|\Stringable` from `Token::getUser()` (it must return a `UserInterface`)
+ * Deprecate `AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and `AuthenticatedVoter::IS_ANONYMOUS`,
+   use `AuthenticatedVoter::IS_AUTHENTICATED_FULLY` or `AuthenticatedVoter::IS_AUTHENTICATED` instead.
+ * Deprecate `AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression
+   function as anonymous no longer exists in version 6, use the `isFullFledged()` or the new
+   `isAuthenticated()` instead if you want to check if the request is (fully) authenticated.
  * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
    `$exceptionOnNoToken` argument to `false` of `AuthorizationChecker`
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationTrustResolverTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationTrustResolverTest.php
@@ -16,9 +16,14 @@
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
 use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\User;
 
 class AuthenticationTrustResolverTest extends TestCase
 {
+    /**
+     * @group legacy
+     */
     public function testIsAnonymous()
     {
         $resolver = new AuthenticationTrustResolver();
@@ -50,6 +55,17 @@ public function testisFullFledged()
         $this->assertTrue($resolver->isFullFledged(new FakeCustomToken()));
     }
 
+    public function testIsAuthenticated()
+    {
+        $resolver = new AuthenticationTrustResolver();
+        $this->assertFalse($resolver->isAuthenticated(null));
+        $this->assertTrue($resolver->isAuthenticated($this->getRememberMeToken()));
+        $this->assertTrue($resolver->isAuthenticated(new FakeCustomToken()));
+    }
+
+    /**
+     * @group legacy
+     */
     public function testIsAnonymousWithClassAsConstructorButStillExtending()
     {
         $resolver = $this->getResolver();
@@ -102,7 +118,7 @@ protected function getToken()
 
     protected function getAnonymousToken()
     {
-        return $this->getMockBuilder(AnonymousToken::class)->setConstructorArgs(['', ''])->getMock();
+        return new AnonymousToken('secret', 'anon.');
     }
 
     private function getRealCustomAnonymousToken()
@@ -116,7 +132,9 @@ public function __construct()
 
     protected function getRememberMeToken()
     {
-        return $this->getMockBuilder(RememberMeToken::class)->setMethods(['setPersistent'])->disableOriginalConstructor()->getMock();
+        $user = class_exists(InMemoryUser::class) ? new InMemoryUser('wouter', '', ['ROLE_USER']) : new User('wouter', '', ['ROLE_USER']);
+
+        return new RememberMeToken($user, 'main', 'secret');
     }
 
     protected function getResolver()
@@ -176,6 +194,7 @@ public function getUserIdentifier(): string
 
     public function isAuthenticated(): bool
     {
+        return true;
     }
 
     public function setAuthenticated(bool $isAuthenticated)
diff --git a/src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php b/src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php
diff --git a/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php b/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php

Original file line number	Diff line number	Diff line change
`@@ -64,8 +64,13 @@ public function isSecurityEnabled(): bool`
`64`	`64`	`return $this->securityEnabled;`
`65`	`65`	`}`
`66`	`66`
	`67`	`+ /**`
	`68`	`+ * @deprecated since Symfony 5.4`
	`69`	`+ */`
`67`	`70`	`public function allowsAnonymous(): bool`
`68`	`71`	`{`
	`72`	`+ trigger_deprecation('symfony/security-bundle', '5.4', 'The "%s()" method is deprecated.', __METHOD__);`
	`73`	`+`
`69`	`74`	`return \in_array('anonymous', $this->listeners, true);`
`70`	`75`	`}`
`71`	`76`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ class FirewallConfigTest extends TestCase`
`18`	`18`	`{`
`19`	`19`	`public function testGetters()`
`20`	`20`	`{`
`21`		`- $listeners = ['logout', 'remember_me', 'anonymous'];`
	`21`	`+ $listeners = ['logout', 'remember_me'];`
`22`	`22`	`$options = [`
`23`	`23`	`'request_matcher' => 'foo_request_matcher',`
`24`	`24`	`'security' => false,`
`@@ -57,7 +57,6 @@ public function testGetters()`
`57`	`57`	`$this->assertSame($options['access_denied_handler'], $config->getAccessDeniedHandler());`
`58`	`58`	`$this->assertSame($options['access_denied_url'], $config->getAccessDeniedUrl());`
`59`	`59`	`$this->assertSame($options['user_checker'], $config->getUserChecker());`
`60`		`- $this->assertTrue($config->allowsAnonymous());`
`61`	`60`	`$this->assertSame($listeners, $config->getListeners());`
`62`	`61`	`$this->assertSame($options['switch_user'], $config->getSwitchUser());`
`63`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,11 +23,22 @@`
`23`	`23`	`*/`
`24`	`24`	`class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface`
`25`	`25`	`{`
	`26`	`+ public function isAuthenticated(TokenInterface $token = null): bool`
	`27`	`+ {`
	`28`	`+ return null !== $token && !$token instanceof NullToken`
	`29`	`+ // @deprecated since Symfony 5.4, TokenInterface::isAuthenticated() and AnonymousToken no longer exists in 6.0`
	`30`	`+ && !$token instanceof AnonymousToken && $token->isAuthenticated(false);`
	`31`	`+ }`
	`32`	`+`
`26`	`33`	`/**`
`27`	`34`	`* {@inheritdoc}`
`28`	`35`	`*/`
`29`		`- public function isAnonymous(TokenInterface $token = null)`
	`36`	`+ public function isAnonymous(TokenInterface $token = null/, $deprecation = true/)`
`30`	`37`	`{`
	`38`	`+ if (1 === \func_num_args() \|\| false !== func_get_arg(1)) {`
	`39`	`+ trigger_deprecation('symfony/security-core', '5.4', 'The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.', __METHOD__);`
	`40`	`+ }`
	`41`	`+`
`31`	`42`	`if (null === $token) {`
`32`	`43`	`return false;`
`33`	`44`	`}`
`@@ -56,6 +67,6 @@ public function isFullFledged(TokenInterface $token = null)`
`56`	`67`	`return false;`
`57`	`68`	`}`
`58`	`69`
`59`		`- return !$this->isAnonymous($token) && !$this->isRememberMe($token);`
	`70`	`+ return !$this->isAnonymous($token, false) && !$this->isRememberMe($token);`
`60`	`71`	`}`
`61`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@`
`17`	`17`	`* Interface for resolving the authentication status of a given token.`
`18`	`18`	`*`
`19`	`19`	`* @author Johannes M. Schmitt <[email protected]>`
	`20`	`+ *`
	`21`	`+ * @method bool isAuthenticated(TokenInterface $token = null)`
`20`	`22`	`*/`
`21`	`23`	`interface AuthenticationTrustResolverInterface`
`22`	`24`	`{`
`@@ -27,6 +29,8 @@ interface AuthenticationTrustResolverInterface`
`27`	`29`	`* If null is passed, the method must return false.`
`28`	`30`	`*`
`29`	`31`	`* @return bool`
	`32`	`+ *`
	`33`	`+ * @deprecated since Symfony 5.4, use !isAuthenticated() instead`
`30`	`34`	`*/`
`31`	`35`	`public function isAnonymous(TokenInterface $token = null);`
`32`	`36`
Original file line number	Diff line number	Diff line change
`@@ -16,9 +16,14 @@`
`16`	`16`	`use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;`
`17`	`17`	`use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;`
`18`	`18`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
	`19`	`+use Symfony\Component\Security\Core\User\InMemoryUser;`
	`20`	`+use Symfony\Component\Security\Core\User\User;`
`19`	`21`
`20`	`22`	`class AuthenticationTrustResolverTest extends TestCase`
`21`	`23`	`{`
	`24`	`+ /**`
	`25`	`+ * @group legacy`
	`26`	`+ */`
`22`	`27`	`public function testIsAnonymous()`
`23`	`28`	`{`
`24`	`29`	`$resolver = new AuthenticationTrustResolver();`
`@@ -50,6 +55,17 @@ public function testisFullFledged()`
`50`	`55`	`$this->assertTrue($resolver->isFullFledged(new FakeCustomToken()));`
`51`	`56`	`}`
`52`	`57`
	`58`	`+ public function testIsAuthenticated()`
	`59`	`+ {`
	`60`	`+ $resolver = new AuthenticationTrustResolver();`
	`61`	`+ $this->assertFalse($resolver->isAuthenticated(null));`
	`62`	`+ $this->assertTrue($resolver->isAuthenticated($this->getRememberMeToken()));`
	`63`	`+ $this->assertTrue($resolver->isAuthenticated(new FakeCustomToken()));`
	`64`	`+ }`
	`65`	`+`
	`66`	`+ /**`
	`67`	`+ * @group legacy`
	`68`	`+ */`
`53`	`69`	`public function testIsAnonymousWithClassAsConstructorButStillExtending()`
`54`	`70`	`{`
`55`	`71`	`$resolver = $this->getResolver();`
`@@ -102,7 +118,7 @@ protected function getToken()`
`102`	`118`
`103`	`119`	`protected function getAnonymousToken()`
`104`	`120`	`{`
`105`		`- return $this->getMockBuilder(AnonymousToken::class)->setConstructorArgs(['', ''])->getMock();`
	`121`	`+ return new AnonymousToken('secret', 'anon.');`
`106`	`122`	`}`
`107`	`123`
`108`	`124`	`private function getRealCustomAnonymousToken()`
`@@ -116,7 +132,9 @@ public function __construct()`
`116`	`132`
`117`	`133`	`protected function getRememberMeToken()`
`118`	`134`	`{`
`119`		`- return $this->getMockBuilder(RememberMeToken::class)->setMethods(['setPersistent'])->disableOriginalConstructor()->getMock();`
	`135`	`+ $user = class_exists(InMemoryUser::class) ? new InMemoryUser('wouter', '', ['ROLE_USER']) : new User('wouter', '', ['ROLE_USER']);`
	`136`	`+`
	`137`	`+ return new RememberMeToken($user, 'main', 'secret');`
`120`	`138`	`}`
`121`	`139`
`122`	`140`	`protected function getResolver()`
`@@ -176,6 +194,7 @@ public function getUserIdentifier(): string`
`176`	`194`
`177`	`195`	`public function isAuthenticated(): bool`
`178`	`196`	`{`
	`197`	`+ return true;`
`179`	`198`	`}`
`180`	`199`
`181`	`200`	`public function setAuthenticated(bool $isAuthenticated)`