symfony
diff --git a/‎UPGRADE-5.4.md
Lines changed: 3 additions & 0 deletions b/‎UPGRADE-5.4.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎UPGRADE-6.0.md
Lines changed: 3 additions & 0 deletions b/‎UPGRADE-6.0.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bridge/Monolog/Tests/Processor/TokenProcessorTest.php
Lines changed: 0 additions & 2 deletions b/‎src/Symfony/Bridge/Monolog/Tests/Processor/TokenProcessorTest.php
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Lines changed: 21 additions & 2 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Lines changed: 21 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php
Lines changed: 10 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php
Lines changed: 1 addition & 1 deletion
@@ -30,3 +30,6 @@ Security
    behavior when using `enable_authenticator_manager: true`)
  * Deprecate not setting the 5th argument (`$exceptionOnNoToken`) of `AccessListener` to `false`
    (this is the default behavior when using `enable_authenticator_manager: true`)
+ * Deprecate `TokenInterface:isAuthenticated()` and `setAuthenticated()` methods without replacement.
+   Security tokens won't have an "authenticated" flag anymore, so they will always be considered authenticated
+ * Deprecate `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead
@@ -316,6 +316,9 @@ Security
    `UsernamePasswordFormAuthenticationListener`, `UsernamePasswordJsonAuthenticationListener` and `X509AuthenticationListener`
    from security-http, use the new authenticator system instead
  * Remove the Guard component, use the new authenticator system instead
+ * Remove `TokenInterface:isAuthenticated()` and `setAuthenticated()` methods without replacement.
+   Security tokens won't have an "authenticated" flag anymore, so they will always be considered authenticated
+ * Remove `DeauthenticatedEvent`, use `TokenDeauthenticatedEvent` instead
 
 SecurityBundle
 --------------
 
@@ -42,7 +42,7 @@ public function __invoke(array $record): array
 
         if (null !== $token = $this->getToken()) {
             $record['extra'][$this->getKey()] = [
-                'authenticated' => $token->isAuthenticated(),
+                'authenticated' => $token->isAuthenticated(false), // @deprecated since Symfony 5.4, always true in 6.0
                 'roles' => $token->getRoleNames(),
             ];
 
 
@@ -39,7 +39,6 @@ public function testLegacyProcessor()
 
         $this->assertArrayHasKey('token', $record['extra']);
         $this->assertEquals($token->getUsername(), $record['extra']['token']['username']);
-        $this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);
         $this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);
     }
 
@@ -59,7 +58,6 @@ public function testProcessor()
 
         $this->assertArrayHasKey('token', $record['extra']);
         $this->assertEquals($token->getUserIdentifier(), $record['extra']['token']['user_identifier']);
-        $this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);
         $this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);
     }
 }
@@ -123,7 +123,7 @@ public function loginUser(object $user, string $firewallContext = 'main'): self
         }
 
         $token = new TestBrowserToken($user->getRoles(), $user, $firewallContext);
-        $token->setAuthenticated(true);
+        $token->setAuthenticated(true, false);
 
         $container = $this->getContainer();
         $container->get('security.untracked_token_storage')->setToken($token);
 
@@ -123,7 +123,7 @@ public function collect(Request $request, Response $response, \Throwable $except
 
             $this->data = [
                 'enabled' => true,
-                'authenticated' => $token->isAuthenticated(),
+                'authenticated' => $token->isAuthenticated(false),
                 'impersonated' => null !== $impersonatorUser,
                 'impersonator_user' => $impersonatorUser,
                 'impersonation_exit_path' => null,
 
@@ -99,7 +99,12 @@ public function setUser($user)
             throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.');
         }
 
-        if (null === $this->user) {
+        // @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0
+        if (1 < \func_num_args() && !func_get_arg(1)) {
+            // ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,
+            // avoid doing the same checks twice
+            $changed = false;
+        } elseif (null === $this->user) {
             $changed = false;
         } elseif ($this->user instanceof UserInterface) {
             if (!$user instanceof UserInterface) {
@@ -113,18 +118,25 @@ public function setUser($user)
             $changed = (string) $this->user !== (string) $user;
         }
 
+        // @deprecated since Symfony 5.4
         if ($changed) {
-            $this->setAuthenticated(false);
+            $this->setAuthenticated(false, false);
         }
 
         $this->user = $user;
     }
 
     /**
      * {@inheritdoc}
+     *
+     * @deprecated since Symfony 5.4
      */
     public function isAuthenticated()
     {
+        if (1 > \func_num_args() || func_get_arg(0)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
+        }
+
         return $this->authenticated;
     }
 
@@ -133,6 +145,10 @@ public function isAuthenticated()
      */
     public function setAuthenticated(bool $authenticated)
     {
+        if (2 > \func_num_args() || func_get_arg(1)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" state anymore and will always be considered as authenticated.', __METHOD__);
+        }
+
         $this->authenticated = $authenticated;
     }
 
@@ -275,6 +291,9 @@ final public function unserialize($serialized)
         $this->__unserialize(\is_array($serialized) ? $serialized : unserialize($serialized));
     }
 
+    /**
+     * @deprecated since Symfony 5.4
+     */
     private function hasUserChanged(UserInterface $user): bool
     {
         if (!($this->user instanceof UserInterface)) {
 
@@ -33,7 +33,8 @@ public function __construct(string $secret, $user, array $roles = [])
 
         $this->secret = $secret;
         $this->setUser($user);
-        $this->setAuthenticated(true);
+        // @deprecated since Symfony 5.4
+        $this->setAuthenticated(true, false);
     }
 
     /**
 
@@ -53,11 +53,21 @@ public function getUserIdentifier(): string
         return '';
     }
 
+    /**
+     * @deprecated since Symfony 5.4
+     */
     public function isAuthenticated()
     {
+        if (0 === \func_num_args() || func_get_arg(0)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
+        }
+
         return true;
     }
 
+    /**
+     * @deprecated since Symfony 5.4
+     */
     public function setAuthenticated(bool $isAuthenticated)
     {
         throw new \BadMethodCallException('Cannot change authentication state of NullToken.');
 
@@ -41,7 +41,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro
         $this->firewallName = $firewallName;
 
         if ($roles) {
-            $this->setAuthenticated(true);
+            $this->setAuthenticated(true, false);
         }
     }
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,6 @@ public function testLegacyProcessor()`
`39`	`39`
`40`	`40`	`$this->assertArrayHasKey('token', $record['extra']);`
`41`	`41`	`$this->assertEquals($token->getUsername(), $record['extra']['token']['username']);`
`42`		`- $this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);`
`43`	`42`	`$this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);`
`44`	`43`	`}`
`45`	`44`
`@@ -59,7 +58,6 @@ public function testProcessor()`
`59`	`58`
`60`	`59`	`$this->assertArrayHasKey('token', $record['extra']);`
`61`	`60`	`$this->assertEquals($token->getUserIdentifier(), $record['extra']['token']['user_identifier']);`
`62`		`- $this->assertEquals($token->isAuthenticated(), $record['extra']['token']['authenticated']);`
`63`	`61`	`$this->assertEquals(['ROLE_USER'], $record['extra']['token']['roles']);`
`64`	`62`	`}`
`65`	`63`	`}`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ public function loginUser(object $user, string $firewallContext = 'main'): self`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`$token = new TestBrowserToken($user->getRoles(), $user, $firewallContext);`
`126`		`- $token->setAuthenticated(true);`
	`126`	`+ $token->setAuthenticated(true, false);`
`127`	`127`
`128`	`128`	`$container = $this->getContainer();`
`129`	`129`	`$container->get('security.untracked_token_storage')->setToken($token);`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,12 @@ public function setUser($user)`
`99`	`99`	`throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.');`
`100`	`100`	`}`
`101`	`101`
`102`		`- if (null === $this->user) {`
	`102`	`+ // @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0`
	`103`	`+ if (1 < \func_num_args() && !func_get_arg(1)) {`
	`104`	+ // ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,
	`105`	`+ // avoid doing the same checks twice`
	`106`	`+ $changed = false;`
	`107`	`+ } elseif (null === $this->user) {`
`103`	`108`	`$changed = false;`
`104`	`109`	`} elseif ($this->user instanceof UserInterface) {`
`105`	`110`	`if (!$user instanceof UserInterface) {`
`@@ -113,18 +118,25 @@ public function setUser($user)`
`113`	`118`	`$changed = (string) $this->user !== (string) $user;`
`114`	`119`	`}`
`115`	`120`
	`121`	`+ // @deprecated since Symfony 5.4`
`116`	`122`	`if ($changed) {`
`117`		`- $this->setAuthenticated(false);`
	`123`	`+ $this->setAuthenticated(false, false);`
`118`	`124`	`}`
`119`	`125`
`120`	`126`	`$this->user = $user;`
`121`	`127`	`}`
`122`	`128`
`123`	`129`	`/**`
`124`	`130`	`* {@inheritdoc}`
	`131`	`+ *`
	`132`	`+ * @deprecated since Symfony 5.4`
`125`	`133`	`*/`
`126`	`134`	`public function isAuthenticated()`
`127`	`135`	`{`
	`136`	`+ if (1 > \func_num_args() \|\| func_get_arg(0)) {`
	`137`	`+ trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);`
	`138`	`+ }`
	`139`	`+`
`128`	`140`	`return $this->authenticated;`
`129`	`141`	`}`
`130`	`142`
`@@ -133,6 +145,10 @@ public function isAuthenticated()`
`133`	`145`	`*/`
`134`	`146`	`public function setAuthenticated(bool $authenticated)`
`135`	`147`	`{`
	`148`	`+ if (2 > \func_num_args() \|\| func_get_arg(1)) {`
	`149`	`+ trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" state anymore and will always be considered as authenticated.', __METHOD__);`
	`150`	`+ }`
	`151`	`+`
`136`	`152`	`$this->authenticated = $authenticated;`
`137`	`153`	`}`
`138`	`154`
`@@ -275,6 +291,9 @@ final public function unserialize($serialized)`
`275`	`291`	`$this->__unserialize(\is_array($serialized) ? $serialized : unserialize($serialized));`
`276`	`292`	`}`
`277`	`293`
	`294`	`+ /**`
	`295`	`+ * @deprecated since Symfony 5.4`
	`296`	`+ */`
`278`	`297`	`private function hasUserChanged(UserInterface $user): bool`
`279`	`298`	`{`
`280`	`299`	`if (!($this->user instanceof UserInterface)) {`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,8 @@ public function __construct(string $secret, $user, array $roles = [])`
`33`	`33`
`34`	`34`	`$this->secret = $secret;`
`35`	`35`	`$this->setUser($user);`
`36`		`- $this->setAuthenticated(true);`
	`36`	`+ // @deprecated since Symfony 5.4`
	`37`	`+ $this->setAuthenticated(true, false);`
`37`	`38`	`}`
`38`	`39`
`39`	`40`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -53,11 +53,21 @@ public function getUserIdentifier(): string`
`53`	`53`	`return '';`
`54`	`54`	`}`
`55`	`55`
	`56`	`+ /**`
	`57`	`+ * @deprecated since Symfony 5.4`
	`58`	`+ */`
`56`	`59`	`public function isAuthenticated()`
`57`	`60`	`{`
	`61`	`+ if (0 === \func_num_args() \|\| func_get_arg(0)) {`
	`62`	`+ trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);`
	`63`	`+ }`
	`64`	`+`
`58`	`65`	`return true;`
`59`	`66`	`}`
`60`	`67`
	`68`	`+ /**`
	`69`	`+ * @deprecated since Symfony 5.4`
	`70`	`+ */`
`61`	`71`	`public function setAuthenticated(bool $isAuthenticated)`
`62`	`72`	`{`
`63`	`73`	`throw new \BadMethodCallException('Cannot change authentication state of NullToken.');`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro`
`41`	`41`	`$this->firewallName = $firewallName;`
`42`	`42`
`43`	`43`	`if ($roles) {`
`44`		`- $this->setAuthenticated(true);`
	`44`	`+ $this->setAuthenticated(true, false);`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`