symfony
diff --git a/‎UPGRADE-5.4.md
Lines changed: 5 additions & 2 deletions b/‎UPGRADE-5.4.md
Lines changed: 5 additions & 2 deletions
diff --git a/‎UPGRADE-6.0.md
Lines changed: 3 additions & 0 deletions b/‎UPGRADE-6.0.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Bridge/Monolog/Tests/Processor/SwitchUserTokenProcessorTest.php
Lines changed: 9 additions & 2 deletions b/‎src/Symfony/Bridge/Monolog/Tests/Processor/SwitchUserTokenProcessorTest.php
Lines changed: 9 additions & 2 deletions
diff --git a/‎src/Symfony/Bridge/Monolog/Tests/Processor/TokenProcessorTest.php
Lines changed: 5 additions & 1 deletion b/‎src/Symfony/Bridge/Monolog/Tests/Processor/TokenProcessorTest.php
Lines changed: 5 additions & 1 deletion
diff --git a/‎src/Symfony/Bridge/Twig/AppVariable.php
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bridge/Twig/AppVariable.php
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
Lines changed: 4 additions & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
Lines changed: 4 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/composer.json
Lines changed: 1 addition & 2 deletions b/‎src/Symfony/Bundle/FrameworkBundle/composer.json
Lines changed: 1 addition & 2 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
Lines changed: 4 additions & 3 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/MissingUserProviderTest.php
Lines changed: 3 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/MissingUserProviderTest.php
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Lines changed: 4 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
Lines changed: 4 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
Lines changed: 16 additions & 6 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
Lines changed: 16 additions & 6 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
Lines changed: 3 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
Lines changed: 3 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php
Lines changed: 20 additions & 4 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php
Lines changed: 20 additions & 4 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php
Lines changed: 5 additions & 6 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php
Lines changed: 5 additions & 6 deletions
@@ -59,8 +59,11 @@ SecurityBundle
 Security
 --------
 
- * Deprecate the `$authManager` argument of `AccessListener`
- * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor
+ * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
+ * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
+ * Deprecate not returning an `UserInterface` from `Token::getUser()`
+ * Deprecate the `$authManager` argument of `AccessListener`, the argument will be removed
+ * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor, the argument will be removed
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
    `$exceptionOnNoToken argument to `false` of `AuthorizationChecker` (this is the default
    behavior when using `enable_authenticator_manager: true`)
 
@@ -207,6 +207,9 @@ Routing
 Security
 --------
 
+ * Remove `AnonymousToken`
+ * Remove `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
+ * Restrict the return type of `Token::getUser()` to `UserInterface` (removing `string|\Stringable`)
  * Remove the 4th and 5th argument of `AuthorizationChecker`
  * Remove the 5th argument of `AccessListener`
  * Remove class `User`, use `InMemoryUser` or your own implementation instead.
 
@@ -16,6 +16,8 @@
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\User;
 
 /**
  * Tests the SwitchUserTokenProcessor.
@@ -26,8 +28,13 @@ class SwitchUserTokenProcessorTest extends TestCase
 {
     public function testProcessor()
     {
-        $originalToken = new UsernamePasswordToken('original_user', 'password', 'provider', ['ROLE_SUPER_ADMIN']);
-        $switchUserToken = new SwitchUserToken('user', 'passsword', 'provider', ['ROLE_USER'], $originalToken);
+        if (class_exists(InMemoryUser::class)) {
+            $originalToken = new UsernamePasswordToken(new InMemoryUser('original_user', 'password', ['ROLE_SUPER_ADMIN']), 'provider', ['ROLE_SUPER_ADMIN']);
+            $switchUserToken = new SwitchUserToken(new InMemoryUser('user', 'passsword', ['ROLE_USER']), 'provider', ['ROLE_USER'], $originalToken);
+        } else {
+            $originalToken = new UsernamePasswordToken(new User('original_user', 'password', ['ROLE_SUPER_ADMIN']), null, 'provider', ['ROLE_SUPER_ADMIN']);
+            $switchUserToken = new SwitchUserToken(new User('user', 'passsword', ['ROLE_USER']), null, 'provider', ['ROLE_USER'], $originalToken);
+        }
         $tokenStorage = $this->createMock(TokenStorageInterface::class);
         $tokenStorage->method('getToken')->willReturn($switchUserToken);
 
 
@@ -15,6 +15,7 @@
 use Symfony\Bridge\Monolog\Processor\TokenProcessor;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\User\InMemoryUser;
 
 /**
  * Tests the TokenProcessor.
@@ -23,6 +24,9 @@
  */
 class TokenProcessorTest extends TestCase
 {
+    /**
+     * @group legacy
+     */
     public function testLegacyProcessor()
     {
         if (method_exists(UsernamePasswordToken::class, 'getUserIdentifier')) {
@@ -48,7 +52,7 @@ public function testProcessor()
             $this->markTestSkipped('This test requires symfony/security-core 5.3+');
         }
 
-        $token = new UsernamePasswordToken('user', 'password', 'provider', ['ROLE_USER']);
+        $token = new UsernamePasswordToken(new InMemoryUser('user', 'password', ['ROLE_USER']), 'provider', ['ROLE_USER']);
         $tokenStorage = $this->createMock(TokenStorageInterface::class);
         $tokenStorage->method('getToken')->willReturn($token);
 
 
@@ -84,6 +84,7 @@ public function getUser()
 
         $user = $token->getUser();
 
+        // @deprecated since 5.4, $user will always be a UserInterface instance
         return \is_object($user) ? $user : null;
     }
 
 
@@ -395,7 +395,7 @@ protected function getDoctrine(): ManagerRegistry
     /**
      * Get a user from the Security Token Storage.
      *
-     * @return UserInterface|object|null
+     * @return UserInterface|null
      *
      * @throws \LogicException If SecurityBundle is not available
      *
@@ -411,6 +411,7 @@ protected function getUser()
             return null;
         }
 
+        // @deprecated since 5.4, $user will always be a UserInterface instance
         if (!\is_object($user = $token->getUser())) {
             // e.g. anonymous authentication
             return null;
 
@@ -138,14 +138,17 @@ public function testForward()
     public function testGetUser()
     {
         $user = new InMemoryUser('user', 'pass');
-        $token = new UsernamePasswordToken($user, 'pass', 'default', ['ROLE_USER']);
+        $token = new UsernamePasswordToken($user, 'default', ['ROLE_USER']);
 
         $controller = $this->createController();
         $controller->setContainer($this->getContainerWithTokenStorage($token));
 
         $this->assertSame($controller->getUser(), $user);
     }
 
+    /**
+     * @group legacy
+     */
     public function testGetUserAnonymousUserConvertedToNull()
     {
         $token = new AnonymousToken('default', 'anon.');
 
@@ -53,7 +53,7 @@
         "symfony/notifier": "^5.3|^6.0",
         "symfony/process": "^4.4|^5.0|^6.0",
         "symfony/rate-limiter": "^5.2|^6.0",
-        "symfony/security-bundle": "^5.3|^6.0",
+        "symfony/security-bundle": "^5.4|^6.0",
         "symfony/serializer": "^5.4|^6.0",
         "symfony/stopwatch": "^4.4|^5.0|^6.0",
         "symfony/string": "^5.0|^6.0",
@@ -89,7 +89,6 @@
         "symfony/property-access": "<5.3",
         "symfony/serializer": "<5.2",
         "symfony/security-csrf": "<5.3",
-        "symfony/security-core": "<5.3",
         "symfony/stopwatch": "<4.4",
         "symfony/translation": "<5.3",
         "symfony/twig-bridge": "<4.4",
 
@@ -29,6 +29,7 @@
 use Symfony\Component\Security\Core\Authorization\Voter\TraceableVoter;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Role\RoleHierarchy;
+use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Http\FirewallMapInterface;
 use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;
 use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
@@ -78,7 +79,7 @@ public function testCollectWhenAuthenticationTokenIsNull()
     public function testCollectAuthenticationTokenAndRoles(array $roles, array $normalizedRoles, array $inheritedRoles)
     {
         $tokenStorage = new TokenStorage();
-        $tokenStorage->setToken(new UsernamePasswordToken('hhamon', 'P4$$w0rD', 'provider', $roles));
+        $tokenStorage->setToken(new UsernamePasswordToken(new InMemoryUser('hhamon', 'P4$$w0rD', $roles), 'provider', $roles));
 
         $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null, true);
         $collector->collect(new Request(), new Response());
@@ -99,10 +100,10 @@ public function testCollectAuthenticationTokenAndRoles(array $roles, array $norm
 
     public function testCollectSwitchUserToken()
     {
-        $adminToken = new UsernamePasswordToken('yceruto', 'P4$$w0rD', 'provider', ['ROLE_ADMIN']);
+        $adminToken = new UsernamePasswordToken(new InMemoryUser('yceruto', 'P4$$w0rD', ['ROLE_ADMIN']), 'provider', ['ROLE_ADMIN']);
 
         $tokenStorage = new TokenStorage();
-        $tokenStorage->setToken(new SwitchUserToken('hhamon', 'P4$$w0rD', 'provider', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $adminToken));
+        $tokenStorage->setToken(new SwitchUserToken(new InMemoryUser('hhamon', 'P4$$w0rD', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN']), 'provider', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $adminToken));
 
         $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null, true);
         $collector->collect(new Request(), new Response());
 
@@ -28,6 +28,9 @@ public function testUserProviderIsNeeded()
         ]);
     }
 
+    /**
+     * @group legacy
+     */
     public function testLegacyUserProviderIsNeeded()
     {
         $client = $this->createClient(['test_case' => 'MissingUserProvider', 'root_config' => 'config.yml', 'debug' => true]);
 
@@ -27,7 +27,7 @@ public function testServiceIsFunctional()
 
         // put a token into the storage so the final calls can function
         $user = new InMemoryUser('foo', 'pass');
-        $token = new UsernamePasswordToken($user, '', 'provider', ['ROLE_USER']);
+        $token = new UsernamePasswordToken($user, 'provider', ['ROLE_USER']);
         $container->get('functional.test.security.token_storage')->setToken($token);
 
         $security = $container->get('functional_test.security.helper');
@@ -105,7 +105,7 @@ public function testLegacyServiceIsFunctional()
 
         // put a token into the storage so the final calls can function
         $user = new InMemoryUser('foo', 'pass');
-        $token = new UsernamePasswordToken($user, '', 'provider', ['ROLE_USER']);
+        $token = new UsernamePasswordToken($user, 'provider', ['ROLE_USER']);
         $container->get('functional.test.security.token_storage')->setToken($token);
 
         $security = $container->get('functional_test.security.helper');
 
@@ -99,6 +99,10 @@ public function setUser($user)
             throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.');
         }
 
+        if (!$user instanceof UserInterface) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Using an object that is not an instance of "%s" as $user in "%s" is deprecated.', UserInterface::class, static::class);
+        }
+
         // @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0
         if (1 < \func_num_args() && !func_get_arg(1)) {
             // ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,
 
@@ -17,6 +17,8 @@
  * AnonymousToken represents an anonymous token.
  *
  * @author Fabien Potencier <[email protected]>
+ *
+ * @deprecated since 5.4, anonymous is now represented by the absence of a token
  */
 class AnonymousToken extends AbstractToken
 {
@@ -29,6 +31,8 @@ class AnonymousToken extends AbstractToken
      */
     public function __construct(string $secret, $user, array $roles = [])
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'The "%s" class is deprecated.', __CLASS__);
+
         parent::__construct($roles);
 
         $this->secret = $secret;
 
@@ -24,20 +24,28 @@ class PreAuthenticatedToken extends AbstractToken
     private $firewallName;
 
     /**
-     * @param string|\Stringable|UserInterface $user
-     * @param mixed                            $credentials
-     * @param string[]                         $roles
+     * @param UserInterface $user
+     * @param string        $firewallName
+     * @param string[]      $roles
      */
-    public function __construct($user, $credentials, string $firewallName, array $roles = [])
+    public function __construct($user, /*string*/ $firewallName, /*array*/ $roles = [])
     {
+        if (\is_string($roles)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Argument $credentials of "%s()" is deprecated.', __METHOD__);
+
+            $credentials = $firewallName;
+            $firewallName = $roles;
+            $roles = \func_num_args() > 3 ? func_get_arg(3) : [];
+        }
+
         parent::__construct($roles);
 
         if ('' === $firewallName) {
             throw new \InvalidArgumentException('$firewallName must not be empty.');
         }
 
         $this->setUser($user);
-        $this->credentials = $credentials;
+        $this->credentials = $credentials ?? null;
         $this->firewallName = $firewallName;
 
         if ($roles) {
@@ -55,7 +63,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro
     public function getProviderKey()
     {
         if (1 !== \func_num_args() || true !== func_get_arg(0)) {
-            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);
+            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s()" is deprecated, use "getFirewallName()" instead.', __METHOD__);
         }
 
         return $this->firewallName;
@@ -71,6 +79,8 @@ public function getFirewallName(): string
      */
     public function getCredentials()
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated.', __METHOD__);
+
         return $this->credentials;
     }
 
 
@@ -69,7 +69,7 @@ public function setAuthenticated(bool $authenticated)
     public function getProviderKey()
     {
         if (1 !== \func_num_args() || true !== func_get_arg(0)) {
-            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);
+            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s()" is deprecated, use "getFirewallName()" instead.', __METHOD__);
         }
 
         return $this->firewallName;
@@ -95,6 +95,8 @@ public function getSecret()
      */
     public function getCredentials()
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated.', __METHOD__);
+
         return '';
     }
 
 
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Token;
 
+use Symfony\Component\Security\Core\User\UserInterface;
+
 /**
  * Token representing a user who temporarily impersonates another one.
  *
@@ -22,15 +24,29 @@ class SwitchUserToken extends UsernamePasswordToken
     private $originatedFromUri;
 
     /**
-     * @param string|object $user              The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method
-     * @param mixed         $credentials       This usually is the password of the user
+     * @param UserInterface $user
      * @param string|null   $originatedFromUri The URI where was the user at the switch
      *
      * @throws \InvalidArgumentException
      */
-    public function __construct($user, $credentials, string $firewallName, array $roles, TokenInterface $originalToken, string $originatedFromUri = null)
+    public function __construct($user, /*string*/ $firewallName, /*array*/ $roles, /*TokenInterface*/ $originalToken, /*string*/ $originatedFromUri = null)
     {
-        parent::__construct($user, $credentials, $firewallName, $roles);
+        if (\is_string($roles)) {
+            // @deprecated since 5.4, deprecation is triggered by UsernamePasswordToken::__construct()
+            $credentials = $firewallName;
+            $firewallName = $roles;
+            $roles = $originalToken;
+            $originalToken = $originatedFromUri;
+            $originatedFromUri = \func_num_args() > 5 ? func_get_arg(5) : null;
+
+            parent::__construct($user, $credentials, $firewallName, $roles);
+        } else {
+            parent::__construct($user, $firewallName, $roles);
+        }
+
+        if (!$originalToken instanceof TokenInterface) {
+            throw new \TypeError(sprintf('Argument $originalToken of "%s" must be an instance of "%s", "%s" given.', __METHOD__, TokenInterface::class, get_debug_type($originalToken)));
+        }
 
         $this->originalToken = $originalToken;
         $this->originatedFromUri = $originatedFromUri;
 
@@ -43,25 +43,24 @@ public function getRoleNames(): array;
      * Returns the user credentials.
      *
      * @return mixed The user credentials
+     *
+     * @deprecated since 5.4
      */
     public function getCredentials();
 
     /**
      * Returns a user representation.
      *
-     * @return string|\Stringable|UserInterface
+     * @return UserInterface
      *
      * @see AbstractToken::setUser()
      */
     public function getUser();
 
     /**
-     * Sets the user in the token.
-     *
-     * The user can be a UserInterface instance, or an object implementing
-     * a __toString method or the username as a regular string.
+     * Sets the authenticated user in the token.
      *
-     * @param string|\Stringable|UserInterface $user
+     * @param UserInterface $user
      *
      * @throws \InvalidArgumentException
      */
Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ public function getUser()`
`84`	`84`
`85`	`85`	`$user = $token->getUser();`
`86`	`86`
	`87`	`+ // @deprecated since 5.4, $user will always be a UserInterface instance`
`87`	`88`	`return \is_object($user) ? $user : null;`
`88`	`89`	`}`
`89`	`90`
Original file line number	Diff line number	Diff line change
`@@ -395,7 +395,7 @@ protected function getDoctrine(): ManagerRegistry`
`395`	`395`	`/**`
`396`	`396`	`* Get a user from the Security Token Storage.`
`397`	`397`	`*`
`398`		`- * @return UserInterface\|object\|null`
	`398`	`+ * @return UserInterface\|null`
`399`	`399`	`*`
`400`	`400`	`* @throws \LogicException If SecurityBundle is not available`
`401`	`401`	`*`
`@@ -411,6 +411,7 @@ protected function getUser()`
`411`	`411`	`return null;`
`412`	`412`	`}`
`413`	`413`
	`414`	`+ // @deprecated since 5.4, $user will always be a UserInterface instance`
`414`	`415`	`if (!\is_object($user = $token->getUser())) {`
`415`	`416`	`// e.g. anonymous authentication`
`416`	`417`	`return null;`
Original file line number	Diff line number	Diff line change
`@@ -138,14 +138,17 @@ public function testForward()`
`138`	`138`	`public function testGetUser()`
`139`	`139`	`{`
`140`	`140`	`$user = new InMemoryUser('user', 'pass');`
`141`		`- $token = new UsernamePasswordToken($user, 'pass', 'default', ['ROLE_USER']);`
	`141`	`+ $token = new UsernamePasswordToken($user, 'default', ['ROLE_USER']);`
`142`	`142`
`143`	`143`	`$controller = $this->createController();`
`144`	`144`	`$controller->setContainer($this->getContainerWithTokenStorage($token));`
`145`	`145`
`146`	`146`	`$this->assertSame($controller->getUser(), $user);`
`147`	`147`	`}`
`148`	`148`
	`149`	`+ /**`
	`150`	`+ * @group legacy`
	`151`	`+ */`
`149`	`152`	`public function testGetUserAnonymousUserConvertedToNull()`
`150`	`153`	`{`
`151`	`154`	`$token = new AnonymousToken('default', 'anon.');`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,9 @@ public function testUserProviderIsNeeded()`
`28`	`28`	`]);`
`29`	`29`	`}`
`30`	`30`
	`31`	`+ /**`
	`32`	`+ * @group legacy`
	`33`	`+ */`
`31`	`34`	`public function testLegacyUserProviderIsNeeded()`
`32`	`35`	`{`
`33`	`36`	`$client = $this->createClient(['test_case' => 'MissingUserProvider', 'root_config' => 'config.yml', 'debug' => true]);`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@`
`17`	`17`	`* AnonymousToken represents an anonymous token.`
`18`	`18`	`*`
`19`	`19`	`* @author Fabien Potencier <[email protected]>`
	`20`	`+ *`
	`21`	`+ * @deprecated since 5.4, anonymous is now represented by the absence of a token`
`20`	`22`	`*/`
`21`	`23`	`class AnonymousToken extends AbstractToken`
`22`	`24`	`{`
`@@ -29,6 +31,8 @@ class AnonymousToken extends AbstractToken`
`29`	`31`	`*/`
`30`	`32`	`public function __construct(string $secret, $user, array $roles = [])`
`31`	`33`	`{`
	`34`	`+ trigger_deprecation('symfony/security-core', '5.4', 'The "%s" class is deprecated.', __CLASS__);`
	`35`	`+`
`32`	`36`	`parent::__construct($roles);`
`33`	`37`
`34`	`38`	`$this->secret = $secret;`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ public function setAuthenticated(bool $authenticated)`
`69`	`69`	`public function getProviderKey()`
`70`	`70`	`{`
`71`	`71`	`if (1 !== \func_num_args() \|\| true !== func_get_arg(0)) {`
`72`		`- trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);`
	`72`	`+ trigger_deprecation('symfony/security-core', '5.2', 'Method "%s()" is deprecated, use "getFirewallName()" instead.', __METHOD__);`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`return $this->firewallName;`
`@@ -95,6 +95,8 @@ public function getSecret()`
`95`	`95`	`*/`
`96`	`96`	`public function getCredentials()`
`97`	`97`	`{`
	`98`	`+ trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated.', __METHOD__);`
	`99`	`+`
`98`	`100`	`return '';`
`99`	`101`	`}`
`100`	`102`
Original file line number	Diff line number	Diff line change
`@@ -43,25 +43,24 @@ public function getRoleNames(): array;`
`43`	`43`	`* Returns the user credentials.`
`44`	`44`	`*`
`45`	`45`	`* @return mixed The user credentials`
	`46`	`+ *`
	`47`	`+ * @deprecated since 5.4`
`46`	`48`	`*/`
`47`	`49`	`public function getCredentials();`
`48`	`50`
`49`	`51`	`/**`
`50`	`52`	`* Returns a user representation.`
`51`	`53`	`*`
`52`		`- * @return string\|\Stringable\|UserInterface`
	`54`	`+ * @return UserInterface`
`53`	`55`	`*`
`54`	`56`	`* @see AbstractToken::setUser()`
`55`	`57`	`*/`
`56`	`58`	`public function getUser();`
`57`	`59`
`58`	`60`	`/**`
`59`		`- * Sets the user in the token.`
`60`		`- *`
`61`		`- * The user can be a UserInterface instance, or an object implementing`
`62`		`- * a __toString method or the username as a regular string.`
	`61`	`+ * Sets the authenticated user in the token.`
`63`	`62`	`*`
`64`		`- * @param string\|\Stringable\|UserInterface $user`
	`63`	`+ * @param UserInterface $user`
`65`	`64`	`*`
`66`	`65`	`* @throws \InvalidArgumentException`
`67`	`66`	`*/`