[Security] make TokenInterface::getUser() nullable to tell about unauthenticated tokens

nicolas-grekas · nicolas-grekas · commit bb06f61e5962 · 2021-08-19T18:41:48.000+02:00
diff --git a/src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php b/src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php
@@ -42,7 +42,7 @@ public function __invoke(array $record): array
 
         if (null !== $token = $this->getToken()) {
             $record['extra'][$this->getKey()] = [
-                'authenticated' => method_exists($token, 'isAuthenticated') ? $token->isAuthenticated(false) : true, // @deprecated since Symfony 5.4, always true in 6.0
+                'authenticated' => method_exists($token, 'isAuthenticated') ? $token->isAuthenticated(false) : (bool) $token->getUser(),
                 'roles' => $token->getRoleNames(),
             ];
 
diff --git a/src/Symfony/Bridge/Twig/AppVariable.php b/src/Symfony/Bridge/Twig/AppVariable.php
@@ -16,6 +16,7 @@
 use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
  * Exposes some Symfony parameters and services as an "app" global variable.
@@ -68,7 +69,7 @@ public function getToken()
     /**
      * Returns the current user.
      *
-     * @return object|null
+     * @return UserInterface|null
      *
      * @see TokenInterface::getUser()
      */
diff --git a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
@@ -127,7 +127,7 @@ public function collect(Request $request, Response $response, \Throwable $except
 
             $this->data = [
                 'enabled' => true,
-                'authenticated' => method_exists($token, 'isAuthenticated') ? $token->isAuthenticated(false) : true,
+                'authenticated' => method_exists($token, 'isAuthenticated') ? $token->isAuthenticated(false) : (bool) $token->getUser(),
                 'impersonated' => null !== $impersonatorUser,
                 'impersonator_user' => $impersonatorUser,
                 'impersonation_exit_path' => null,
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
@@ -111,7 +111,7 @@ public function authenticate(TokenInterface $token)
             }
 
             // @deprecated since Symfony 5.3
-            if ($user = $result->getUser() instanceof UserInterface && !method_exists($result->getUser(), 'getUserIdentifier')) {
+            if ($result->getUser() instanceof UserInterface && !method_exists($result->getUser(), 'getUserIdentifier')) {
                 trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "getUserIdentifier(): string" in user class "%s" is deprecated. This method will replace "getUsername()" in Symfony 6.0.', get_debug_type($result->getUser()));
             }
 
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php
@@ -12,7 +12,6 @@
 namespace Symfony\Component\Security\Core\Authentication;
 
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
-use Symfony\Component\Security\Core\Authentication\Token\NullToken;
 use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
@@ -25,9 +24,9 @@ class AuthenticationTrustResolver implements AuthenticationTrustResolverInterfac
 {
     public function isAuthenticated(TokenInterface $token = null): bool
     {
-        return null !== $token && !$token instanceof NullToken
+        return $token && $token->getUser()
             // @deprecated since Symfony 5.4, TokenInterface::isAuthenticated() and AnonymousToken no longer exists in 6.0
-            && !$token instanceof AnonymousToken && $token->isAuthenticated(false);
+            && !$token instanceof AnonymousToken && (!method_exists($token, 'isAuthenticated') || $token->isAuthenticated(false));
     }
 
     /**
@@ -39,11 +38,7 @@ public function isAnonymous(TokenInterface $token = null/*, $deprecation = true*
             trigger_deprecation('symfony/security-core', '5.4', 'The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.', __METHOD__);
         }
 
-        if (null === $token) {
-            return false;
-        }
-
-        return $token instanceof AnonymousToken || $token instanceof NullToken;
+        return !$this->isAuthenticated($token);
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
@@ -141,7 +141,7 @@ public function setUser($user)
     public function isAuthenticated()
     {
         if (1 > \func_num_args() || func_get_arg(0)) {
-            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
+            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated when they hold a user.', __METHOD__);
         }
 
         return $this->authenticated;
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php
@@ -59,7 +59,7 @@ public function getUserIdentifier(): string
     public function isAuthenticated()
     {
         if (0 === \func_num_args() || func_get_arg(0)) {
-            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
+            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated when they hold a user.', __METHOD__);
         }
 
         return true;
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php b/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php
@@ -51,7 +51,7 @@ public function getCredentials();
     /**
      * Returns a user representation.
      *
-     * @return UserInterface
+     * @return UserInterface|null
      *
      * @see AbstractToken::setUser()
      */
@@ -71,7 +71,7 @@ public function setUser($user);
      *
      * @return bool true if the token has been authenticated, false otherwise
      *
-     * @deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated
+     * @deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated when they hold a user
      */
     public function isAuthenticated();
 
diff --git a/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php b/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
@@ -67,7 +67,9 @@ public function __construct(TokenStorageInterface $tokenStorage, /*AccessDecisio
      */
     final public function isGranted($attribute, $subject = null): bool
     {
-        if (null === ($token = $this->tokenStorage->getToken())) {
+        $token = $this->tokenStorage->getToken();
+
+        if (!$token || !$token->getUser()) {
             if ($this->exceptionOnNoToken) {
                 throw new AuthenticationCredentialsNotFoundException('The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.');
             }
@@ -78,7 +80,7 @@ final public function isGranted($attribute, $subject = null): bool
             // @deprecated since Symfony 5.4
             if ($this->alwaysAuthenticate || !$authenticated = $token->isAuthenticated(false)) {
                 if (!($authenticated ?? true)) {
-                    trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated.');
+                    trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated when they hold a user.');
                 }
                 $this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));
             }
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
@@ -96,7 +96,7 @@ public function vote(TokenInterface $token, $subject, array $attributes)
             if (self::IS_AUTHENTICATED === $attribute
                 && (method_exists($this->authenticationTrustResolver, 'isAuthenticated')
                     ? $this->authenticationTrustResolver->isAuthenticated($token)
-                    : (null !== $token && !$token instanceof NullToken))) {
+                    : ($token && $token->getUser()))) {
                 return VoterInterface::ACCESS_GRANTED;
             }
 
diff --git a/src/Symfony/Component/Security/Core/CHANGELOG.md b/src/Symfony/Component/Security/Core/CHANGELOG.md
@@ -17,7 +17,7 @@ CHANGELOG
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
    `$exceptionOnNoToken` argument to `false` of `AuthorizationChecker`
  * Deprecate methods `TokenInterface::isAuthenticated()` and `setAuthenticated`,
-   tokens will always be considered authenticated in 6.0
+   tokens will always be considered authenticated in 6.0 when they hold a user
 
 5.3
 ---
diff --git a/src/Symfony/Component/Security/Core/Security.php b/src/Symfony/Component/Security/Core/Security.php
@@ -42,10 +42,6 @@ public function getUser(): ?UserInterface
         }
 
         $user = $token->getUser();
-        // @deprecated since 5.4, $user will always be a UserInterface instance
-        if (!\is_object($user)) {
-            return null;
-        }
 
         // @deprecated since 5.4, $user will always be a UserInterface instance
         if (!$user instanceof UserInterface) {
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationTrustResolverTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationTrustResolverTest.php
@@ -17,7 +17,6 @@
 use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\User\InMemoryUser;
-use Symfony\Component\Security\Core\User\User;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 class AuthenticationTrustResolverTest extends TestCase
@@ -28,8 +27,7 @@ class AuthenticationTrustResolverTest extends TestCase
     public function testIsAnonymous()
     {
         $resolver = new AuthenticationTrustResolver();
-        $this->assertFalse($resolver->isAnonymous(null));
-        $this->assertFalse($resolver->isAnonymous($this->getToken()));
+        $this->assertTrue($resolver->isAnonymous(null));
         $this->assertFalse($resolver->isAnonymous($this->getRememberMeToken()));
         $this->assertFalse($resolver->isAnonymous(new FakeCustomToken()));
     }
@@ -39,7 +37,6 @@ public function testIsRememberMe()
         $resolver = new AuthenticationTrustResolver();
 
         $this->assertFalse($resolver->isRememberMe(null));
-        $this->assertFalse($resolver->isRememberMe($this->getToken()));
         $this->assertFalse($resolver->isRememberMe(new FakeCustomToken()));
         $this->assertTrue($resolver->isRememberMe(new RealCustomRememberMeToken()));
         $this->assertTrue($resolver->isRememberMe($this->getRememberMeToken()));
@@ -52,7 +49,6 @@ public function testisFullFledged()
         $this->assertFalse($resolver->isFullFledged(null));
         $this->assertFalse($resolver->isFullFledged($this->getRememberMeToken()));
         $this->assertFalse($resolver->isFullFledged(new RealCustomRememberMeToken()));
-        $this->assertTrue($resolver->isFullFledged($this->getToken()));
         $this->assertTrue($resolver->isFullFledged(new FakeCustomToken()));
     }
 
@@ -71,8 +67,8 @@ public function testIsAnonymousWithClassAsConstructorButStillExtending()
     {
         $resolver = $this->getResolver();
 
-        $this->assertFalse($resolver->isAnonymous(null));
-        $this->assertFalse($resolver->isAnonymous($this->getToken()));
+        $this->assertTrue($resolver->isAnonymous(null));
+        $this->assertFalse($resolver->isAnonymous(new FakeCustomToken()));
         $this->assertFalse($resolver->isAnonymous($this->getRememberMeToken()));
     }
 
@@ -81,7 +77,7 @@ public function testIsRememberMeWithClassAsConstructorButStillExtending()
         $resolver = $this->getResolver();
 
         $this->assertFalse($resolver->isRememberMe(null));
-        $this->assertFalse($resolver->isRememberMe($this->getToken()));
+        $this->assertFalse($resolver->isRememberMe(new FakeCustomToken()));
         $this->assertTrue($resolver->isRememberMe($this->getRememberMeToken()));
         $this->assertTrue($resolver->isRememberMe(new RealCustomRememberMeToken()));
     }
@@ -93,7 +89,7 @@ public function testisFullFledgedWithClassAsConstructorButStillExtending()
         $this->assertFalse($resolver->isFullFledged(null));
         $this->assertFalse($resolver->isFullFledged($this->getRememberMeToken()));
         $this->assertFalse($resolver->isFullFledged(new RealCustomRememberMeToken()));
-        $this->assertTrue($resolver->isFullFledged($this->getToken()));
+        $this->assertTrue($resolver->isFullFledged(new FakeCustomToken()));
     }
 
     /**
@@ -112,11 +108,6 @@ public function testLegacy()
         $this->assertFalse($resolver->isFullFledged($this->getRealCustomAnonymousToken()));
     }
 
-    protected function getToken()
-    {
-        return $this->createMock(TokenInterface::class);
-    }
-
     protected function getAnonymousToken()
     {
         return new AnonymousToken('secret', 'anon.');
@@ -133,7 +124,7 @@ public function __construct()
 
     protected function getRememberMeToken()
     {
-        $user = class_exists(InMemoryUser::class) ? new InMemoryUser('wouter', '', ['ROLE_USER']) : new User('wouter', '', ['ROLE_USER']);
+        $user = new InMemoryUser('wouter', '', ['ROLE_USER']);
 
         return new RememberMeToken($user, 'main', 'secret');
     }
@@ -179,6 +170,7 @@ public function getCredentials()
 
     public function getUser(): UserInterface
     {
+        return new InMemoryUser('wouter', '', ['ROLE_USER']);
     }
 
     public function setUser($user)
diff --git a/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php b/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php
@@ -13,12 +13,14 @@
 
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
-use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
+use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
+use Symfony\Component\Security\Core\Authentication\Token\NullToken;
 use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+use Symfony\Component\Security\Core\User\InMemoryUser;
 
 class AuthenticatedVoterTest extends TestCase
 {
@@ -84,14 +86,28 @@ public function getLegacyVoteTests()
 
     protected function getToken($authenticated)
     {
+        $user = new InMemoryUser('wouter', '', ['ROLE_USER']);
+
         if ('fully' === $authenticated) {
-            return $this->createMock(TokenInterface::class);
-        } elseif ('remembered' === $authenticated) {
-            return $this->getMockBuilder(RememberMeToken::class)->setMethods(['setPersistent'])->disableOriginalConstructor()->getMock();
-        } elseif ('impersonated' === $authenticated) {
+            $token = new class() extends AbstractToken {
+                public function getCredentials()
+                {
+                }
+            };
+            $token->setUser($user);
+            $token->setAuthenticated(true, false);
+
+            return $token;
+        }
+
+        if ('remembered' === $authenticated) {
+            return new RememberMeToken($user, 'foo', 'bar');
+        }
+
+        if ('impersonated' === $authenticated) {
             return $this->getMockBuilder(SwitchUserToken::class)->disableOriginalConstructor()->getMock();
-        } else {
-            return $this->getMockBuilder(AnonymousToken::class)->setConstructorArgs(['', ''])->getMock();
         }
+
+        return new NullToken();
     }
 }
diff --git a/src/Symfony/Component/Security/Http/EventListener/UserCheckerListener.php b/src/Symfony/Component/Security/Http/EventListener/UserCheckerListener.php
@@ -46,7 +46,6 @@ public function preCheckCredentials(CheckPassportEvent $event): void
     public function postCheckCredentials(AuthenticationSuccessEvent $event): void
     {
         $user = $event->getAuthenticationToken()->getUser();
-        // @deprecated since 5.4, $user will always be an UserInterface instance
         if (!$user instanceof UserInterface) {
             return;
         }
diff --git a/src/Symfony/Component/Security/Http/Firewall/AccessListener.php b/src/Symfony/Component/Security/Http/Firewall/AccessListener.php
@@ -114,7 +114,7 @@ public function authenticate(RequestEvent $event)
 
         // @deprecated since Symfony 5.4
         if (method_exists($token, 'isAuthenticated') && !$token->isAuthenticated(false)) {
-            trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated.');
+            trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated when they hold a user.');
 
             if ($this->authManager) {
                 $token = $this->authManager->authenticate($token);

Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ public function authenticate(TokenInterface $token)`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`// @deprecated since Symfony 5.3`
`114`		`- if ($user = $result->getUser() instanceof UserInterface && !method_exists($result->getUser(), 'getUserIdentifier')) {`
	`114`	`+ if ($result->getUser() instanceof UserInterface && !method_exists($result->getUser(), 'getUserIdentifier')) {`
`115`	`115`	`trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "getUserIdentifier(): string" in user class "%s" is deprecated. This method will replace "getUsername()" in Symfony 6.0.', get_debug_type($result->getUser()));`
`116`	`116`	`}`
`117`	`117`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,6 @@`
`12`	`12`	`namespace Symfony\Component\Security\Core\Authentication;`
`13`	`13`
`14`	`14`	`use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;`
`15`		`-use Symfony\Component\Security\Core\Authentication\Token\NullToken;`
`16`	`15`	`use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;`
`17`	`16`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`18`	`17`
`@@ -25,9 +24,9 @@ class AuthenticationTrustResolver implements AuthenticationTrustResolverInterfac`
`25`	`24`	`{`
`26`	`25`	`public function isAuthenticated(TokenInterface $token = null): bool`
`27`	`26`	`{`
`28`		`- return null !== $token && !$token instanceof NullToken`
	`27`	`+ return $token && $token->getUser()`
`29`	`28`	`// @deprecated since Symfony 5.4, TokenInterface::isAuthenticated() and AnonymousToken no longer exists in 6.0`
`30`		`- && !$token instanceof AnonymousToken && $token->isAuthenticated(false);`
	`29`	`+ && !$token instanceof AnonymousToken && (!method_exists($token, 'isAuthenticated') \|\| $token->isAuthenticated(false));`
`31`	`30`	`}`
`32`	`31`
`33`	`32`	`/**`
`@@ -39,11 +38,7 @@ public function isAnonymous(TokenInterface $token = null/, $deprecation = true`
`39`	`38`	`trigger_deprecation('symfony/security-core', '5.4', 'The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.', __METHOD__);`
`40`	`39`	`}`
`41`	`40`
`42`		`- if (null === $token) {`
`43`		`- return false;`
`44`		`- }`
`45`		`-`
`46`		`- return $token instanceof AnonymousToken \|\| $token instanceof NullToken;`
	`41`	`+ return !$this->isAuthenticated($token);`
`47`	`42`	`}`
`48`	`43`
`49`	`44`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -141,7 +141,7 @@ public function setUser($user)`
`141`	`141`	`public function isAuthenticated()`
`142`	`142`	`{`
`143`	`143`	`if (1 > \func_num_args() \|\| func_get_arg(0)) {`
`144`		`- trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);`
	`144`	`+ trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated when they hold a user.', __METHOD__);`
`145`	`145`	`}`
`146`	`146`
`147`	`147`	`return $this->authenticated;`
Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ public function getUserIdentifier(): string`
`59`	`59`	`public function isAuthenticated()`
`60`	`60`	`{`
`61`	`61`	`if (0 === \func_num_args() \|\| func_get_arg(0)) {`
`62`		`- trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);`
	`62`	`+ trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated when they hold a user.', __METHOD__);`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`return true;`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ public function getCredentials();`
`51`	`51`	`/**`
`52`	`52`	`* Returns a user representation.`
`53`	`53`	`*`
`54`		`- * @return UserInterface`
	`54`	`+ * @return UserInterface\|null`
`55`	`55`	`*`
`56`	`56`	`* @see AbstractToken::setUser()`
`57`	`57`	`*/`
`@@ -71,7 +71,7 @@ public function setUser($user);`
`71`	`71`	`*`
`72`	`72`	`* @return bool true if the token has been authenticated, false otherwise`
`73`	`73`	`*`
`74`		`- * @deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated`
	`74`	`+ * @deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated when they hold a user`
`75`	`75`	`*/`
`76`	`76`	`public function isAuthenticated();`
`77`	`77`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,9 @@ public function __construct(TokenStorageInterface $tokenStorage, /*AccessDecisio`
`67`	`67`	`*/`
`68`	`68`	`final public function isGranted($attribute, $subject = null): bool`
`69`	`69`	`{`
`70`		`- if (null === ($token = $this->tokenStorage->getToken())) {`
	`70`	`+ $token = $this->tokenStorage->getToken();`
	`71`	`+`
	`72`	`+ if (!$token \|\| !$token->getUser()) {`
`71`	`73`	`if ($this->exceptionOnNoToken) {`
`72`	`74`	`throw new AuthenticationCredentialsNotFoundException('The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.');`
`73`	`75`	`}`
`@@ -78,7 +80,7 @@ final public function isGranted($attribute, $subject = null): bool`
`78`	`80`	`// @deprecated since Symfony 5.4`
`79`	`81`	`if ($this->alwaysAuthenticate \|\| !$authenticated = $token->isAuthenticated(false)) {`
`80`	`82`	`if (!($authenticated ?? true)) {`
`81`		`- trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated.');`
	`83`	`+ trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated when they hold a user.');`
`82`	`84`	`}`
`83`	`85`	`$this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));`
`84`	`86`	`}`
Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ public function vote(TokenInterface $token, $subject, array $attributes)`
`96`	`96`	`if (self::IS_AUTHENTICATED === $attribute`
`97`	`97`	`&& (method_exists($this->authenticationTrustResolver, 'isAuthenticated')`
`98`	`98`	`? $this->authenticationTrustResolver->isAuthenticated($token)`
`99`		`- : (null !== $token && !$token instanceof NullToken))) {`
	`99`	`+ : ($token && $token->getUser()))) {`
`100`	`100`	`return VoterInterface::ACCESS_GRANTED;`
`101`	`101`	`}`
`102`	`102`