minor #42732 [Security] Fix AuthenticationTrustResolver::isAnonymous() (chalasr)

nicolas-grekas · nicolas-grekas · commit 81c2007ecac7 · 2021-08-25T15:03:53.000+02:00
This PR was merged into the 5.4 branch. Discussion ---------- [Security] Fix AuthenticationTrustResolver::isAnonymous() | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | #42726 | License | MIT | Doc PR | - This method wasn't checking if a token is null nor `$token->isAuthenticated()` until #42650. Reverting that behavior change fixes tests on both 5.3 and 5.4 Commits ------- 83da786 [Security] Fix AuthenticationTrustResolver::isAnonymous()
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php
@@ -38,7 +38,7 @@ public function isAnonymous(TokenInterface $token = null/*, $deprecation = true*
             trigger_deprecation('symfony/security-core', '5.4', 'The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.', __METHOD__);
         }
 
-        return $token && !$this->isAuthenticated($token);
+        return $token instanceof AnonymousToken || ($token && !$token->getUser());
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public function isAnonymous(TokenInterface $token = null/, $deprecation = true`
`38`	`38`	`trigger_deprecation('symfony/security-core', '5.4', 'The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.', __METHOD__);`
`39`	`39`	`}`
`40`	`40`
`41`		`- return $token && !$this->isAuthenticated($token);`
	`41`	`+ return $token instanceof AnonymousToken \|\| ($token && !$token->getUser());`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`/**`