symfony
diff --git a/‎UPGRADE-5.4.md‎
Lines changed: 5 additions & 2 deletions b/‎UPGRADE-5.4.md‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎UPGRADE-6.0.md‎
Lines changed: 3 additions & 0 deletions b/‎UPGRADE-6.0.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Bridge/Monolog/Tests/Processor/SwitchUserTokenProcessorTest.php‎
Lines changed: 9 additions & 2 deletions b/‎src/Symfony/Bridge/Monolog/Tests/Processor/SwitchUserTokenProcessorTest.php‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎src/Symfony/Bridge/Monolog/Tests/Processor/TokenProcessorTest.php‎
Lines changed: 5 additions & 1 deletion b/‎src/Symfony/Bridge/Monolog/Tests/Processor/TokenProcessorTest.php‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎src/Symfony/Bridge/Twig/AppVariable.php‎
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bridge/Twig/AppVariable.php‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php‎
Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php‎
Lines changed: 4 additions & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/composer.json‎
Lines changed: 1 addition & 2 deletions b/‎src/Symfony/Bundle/FrameworkBundle/composer.json‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php‎
Lines changed: 4 additions & 3 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/MissingUserProviderTest.php‎
Lines changed: 3 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/MissingUserProviderTest.php‎
Lines changed: 3 additions & 0 deletions
@@ -59,8 +59,11 @@ SecurityBundle
 Security
 --------
 
- * Deprecate the `$authManager` argument of `AccessListener`
- * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor
+ * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
+ * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
+ * Deprecate not returning an `UserInterface` from `Token::getUser()`
+ * Deprecate the `$authManager` argument of `AccessListener`, the argument will be removed
+ * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor, the argument will be removed
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
    `$exceptionOnNoToken argument to `false` of `AuthorizationChecker` (this is the default
    behavior when using `enable_authenticator_manager: true`)
 
@@ -207,6 +207,9 @@ Routing
 Security
 --------
 
+ * Remove `AnonymousToken`
+ * Remove `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
+ * Restrict the return type of `Token::getUser()` to `UserInterface` (removing `string|\Stringable`)
  * Remove the 4th and 5th argument of `AuthorizationChecker`
  * Remove the 5th argument of `AccessListener`
  * Remove class `User`, use `InMemoryUser` or your own implementation instead.
 
@@ -16,6 +16,8 @@
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\User;
 
 /**
  * Tests the SwitchUserTokenProcessor.
@@ -26,8 +28,13 @@ class SwitchUserTokenProcessorTest extends TestCase
 {
     public function testProcessor()
     {
-        $originalToken = new UsernamePasswordToken('original_user', 'password', 'provider', ['ROLE_SUPER_ADMIN']);
-        $switchUserToken = new SwitchUserToken('user', 'passsword', 'provider', ['ROLE_USER'], $originalToken);
+        if (class_exists(InMemoryUser::class)) {
+            $originalToken = new UsernamePasswordToken(new InMemoryUser('original_user', 'password', ['ROLE_SUPER_ADMIN']), 'provider', ['ROLE_SUPER_ADMIN']);
+            $switchUserToken = new SwitchUserToken(new InMemoryUser('user', 'passsword', ['ROLE_USER']), 'provider', ['ROLE_USER'], $originalToken);
+        } else {
+            $originalToken = new UsernamePasswordToken(new User('original_user', 'password', ['ROLE_SUPER_ADMIN']), null, 'provider', ['ROLE_SUPER_ADMIN']);
+            $switchUserToken = new SwitchUserToken(new User('user', 'passsword', ['ROLE_USER']), null, 'provider', ['ROLE_USER'], $originalToken);
+        }
         $tokenStorage = $this->createMock(TokenStorageInterface::class);
         $tokenStorage->method('getToken')->willReturn($switchUserToken);
 
 
@@ -15,6 +15,7 @@
 use Symfony\Bridge\Monolog\Processor\TokenProcessor;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\User\InMemoryUser;
 
 /**
  * Tests the TokenProcessor.
@@ -23,6 +24,9 @@
  */
 class TokenProcessorTest extends TestCase
 {
+    /**
+     * @group legacy
+     */
     public function testLegacyProcessor()
     {
         if (method_exists(UsernamePasswordToken::class, 'getUserIdentifier')) {
@@ -48,7 +52,7 @@ public function testProcessor()
             $this->markTestSkipped('This test requires symfony/security-core 5.3+');
         }
 
-        $token = new UsernamePasswordToken('user', 'password', 'provider', ['ROLE_USER']);
+        $token = new UsernamePasswordToken(new InMemoryUser('user', 'password', ['ROLE_USER']), 'provider', ['ROLE_USER']);
         $tokenStorage = $this->createMock(TokenStorageInterface::class);
         $tokenStorage->method('getToken')->willReturn($token);
 
 
@@ -84,6 +84,7 @@ public function getUser()
 
         $user = $token->getUser();
 
+        // @deprecated since 5.4, $user will always be a UserInterface instance
         return \is_object($user) ? $user : null;
     }
 
 
@@ -395,7 +395,7 @@ protected function getDoctrine(): ManagerRegistry
     /**
      * Get a user from the Security Token Storage.
      *
-     * @return UserInterface|object|null
+     * @return UserInterface|null
      *
      * @throws \LogicException If SecurityBundle is not available
      *
@@ -411,6 +411,7 @@ protected function getUser()
             return null;
         }
 
+        // @deprecated since 5.4, $user will always be a UserInterface instance
         if (!\is_object($user = $token->getUser())) {
             // e.g. anonymous authentication
             return null;
 
@@ -138,14 +138,17 @@ public function testForward()
     public function testGetUser()
     {
         $user = new InMemoryUser('user', 'pass');
-        $token = new UsernamePasswordToken($user, 'pass', 'default', ['ROLE_USER']);
+        $token = new UsernamePasswordToken($user, 'default', ['ROLE_USER']);
 
         $controller = $this->createController();
         $controller->setContainer($this->getContainerWithTokenStorage($token));
 
         $this->assertSame($controller->getUser(), $user);
     }
 
+    /**
+     * @group legacy
+     */
     public function testGetUserAnonymousUserConvertedToNull()
     {
         $token = new AnonymousToken('default', 'anon.');
 
@@ -53,7 +53,7 @@
         "symfony/notifier": "^5.3|^6.0",
         "symfony/process": "^4.4|^5.0|^6.0",
         "symfony/rate-limiter": "^5.2|^6.0",
-        "symfony/security-bundle": "^5.3|^6.0",
+        "symfony/security-bundle": "^5.4|^6.0",
         "symfony/serializer": "^5.4|^6.0",
         "symfony/stopwatch": "^4.4|^5.0|^6.0",
         "symfony/string": "^5.0|^6.0",
@@ -89,7 +89,6 @@
         "symfony/property-access": "<5.3",
         "symfony/serializer": "<5.2",
         "symfony/security-csrf": "<5.3",
-        "symfony/security-core": "<5.3",
         "symfony/stopwatch": "<4.4",
         "symfony/translation": "<5.3",
         "symfony/twig-bridge": "<4.4",
 
@@ -29,6 +29,7 @@
 use Symfony\Component\Security\Core\Authorization\Voter\TraceableVoter;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Role\RoleHierarchy;
+use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Http\FirewallMapInterface;
 use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;
 use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
@@ -78,7 +79,7 @@ public function testCollectWhenAuthenticationTokenIsNull()
     public function testCollectAuthenticationTokenAndRoles(array $roles, array $normalizedRoles, array $inheritedRoles)
     {
         $tokenStorage = new TokenStorage();
-        $tokenStorage->setToken(new UsernamePasswordToken('hhamon', 'P4$$w0rD', 'provider', $roles));
+        $tokenStorage->setToken(new UsernamePasswordToken(new InMemoryUser('hhamon', 'P4$$w0rD', $roles), 'provider', $roles));
 
         $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null, true);
         $collector->collect(new Request(), new Response());
@@ -99,10 +100,10 @@ public function testCollectAuthenticationTokenAndRoles(array $roles, array $norm
 
     public function testCollectSwitchUserToken()
     {
-        $adminToken = new UsernamePasswordToken('yceruto', 'P4$$w0rD', 'provider', ['ROLE_ADMIN']);
+        $adminToken = new UsernamePasswordToken(new InMemoryUser('yceruto', 'P4$$w0rD', ['ROLE_ADMIN']), 'provider', ['ROLE_ADMIN']);
 
         $tokenStorage = new TokenStorage();
-        $tokenStorage->setToken(new SwitchUserToken('hhamon', 'P4$$w0rD', 'provider', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $adminToken));
+        $tokenStorage->setToken(new SwitchUserToken(new InMemoryUser('hhamon', 'P4$$w0rD', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN']), 'provider', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $adminToken));
 
         $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null, true);
         $collector->collect(new Request(), new Response());
 
@@ -28,6 +28,9 @@ public function testUserProviderIsNeeded()
         ]);
     }
 
+    /**
+     * @group legacy
+     */
     public function testLegacyUserProviderIsNeeded()
     {
         $client = $this->createClient(['test_case' => 'MissingUserProvider', 'root_config' => 'config.yml', 'debug' => true]);
Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ public function getUser()`
`84`	`84`
`85`	`85`	`$user = $token->getUser();`
`86`	`86`
	`87`	`+ // @deprecated since 5.4, $user will always be a UserInterface instance`
`87`	`88`	`return \is_object($user) ? $user : null;`
`88`	`89`	`}`
`89`	`90`
Original file line number	Diff line number	Diff line change
`@@ -395,7 +395,7 @@ protected function getDoctrine(): ManagerRegistry`
`395`	`395`	`/**`
`396`	`396`	`* Get a user from the Security Token Storage.`
`397`	`397`	`*`
`398`		`- * @return UserInterface\|object\|null`
	`398`	`+ * @return UserInterface\|null`
`399`	`399`	`*`
`400`	`400`	`* @throws \LogicException If SecurityBundle is not available`
`401`	`401`	`*`
`@@ -411,6 +411,7 @@ protected function getUser()`
`411`	`411`	`return null;`
`412`	`412`	`}`
`413`	`413`
	`414`	`+ // @deprecated since 5.4, $user will always be a UserInterface instance`
`414`	`415`	`if (!\is_object($user = $token->getUser())) {`
`415`	`416`	`// e.g. anonymous authentication`
`416`	`417`	`return null;`
Original file line number	Diff line number	Diff line change
`@@ -138,14 +138,17 @@ public function testForward()`
`138`	`138`	`public function testGetUser()`
`139`	`139`	`{`
`140`	`140`	`$user = new InMemoryUser('user', 'pass');`
`141`		`- $token = new UsernamePasswordToken($user, 'pass', 'default', ['ROLE_USER']);`
	`141`	`+ $token = new UsernamePasswordToken($user, 'default', ['ROLE_USER']);`
`142`	`142`
`143`	`143`	`$controller = $this->createController();`
`144`	`144`	`$controller->setContainer($this->getContainerWithTokenStorage($token));`
`145`	`145`
`146`	`146`	`$this->assertSame($controller->getUser(), $user);`
`147`	`147`	`}`
`148`	`148`
	`149`	`+ /**`
	`150`	`+ * @group legacy`
	`151`	`+ */`
`149`	`152`	`public function testGetUserAnonymousUserConvertedToNull()`
`150`	`153`	`{`
`151`	`154`	`$token = new AnonymousToken('default', 'anon.');`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,9 @@ public function testUserProviderIsNeeded()`
`28`	`28`	`]);`
`29`	`29`	`}`
`30`	`30`
	`31`	`+ /**`
	`32`	`+ * @group legacy`
	`33`	`+ */`
`31`	`34`	`public function testLegacyUserProviderIsNeeded()`
`32`	`35`	`{`
`33`	`36`	`$client = $this->createClient(['test_case' => 'MissingUserProvider', 'root_config' => 'config.yml', 'debug' => true]);`