Merge branch '5.4' into 6.0

* 5.4:
  [Security] Deprecate remaining anonymous checks
  [Security] Deprecate AnonymousToken, non-UserInterface users, and token credentials
  Fix deprecation messages
  Fix deprecation messages
  Do not use str_start_with
  Add the Path class
  Add Estonian (et) translations
  [SecurityBundle] Simplify LDAP factories

Author: wouterj

Authentication/AuthenticationProviderManager.php

@@ -110,7 +110,7 @@ public function authenticate(TokenInterface $token)
                 $this->eventDispatcher->dispatch(new AuthenticationSuccessEvent($result), AuthenticationEvents::AUTHENTICATION_SUCCESS);
             }
 
-            // @deprecated since 5.3
+            // @deprecated since Symfony 5.3
             if ($user = $result->getUser() instanceof UserInterface && !method_exists($result->getUser(), 'getUserIdentifier')) {
                 trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "getUserIdentifier(): string" in user class "%s" is deprecated. This method will replace "getUsername()" in Symfony 6.0.', get_debug_type($result->getUser()));
             }

Authentication/AuthenticationTrustResolver.php

@@ -23,11 +23,22 @@
  */
 class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface
 {
+    public function isAuthenticated(TokenInterface $token = null): bool
+    {
+        return null !== $token && !$token instanceof NullToken
+            // @deprecated since Symfony 5.4, TokenInterface::isAuthenticated() and AnonymousToken no longer exists in 6.0
+            && !$token instanceof AnonymousToken && $token->isAuthenticated(false);
+    }
+
     /**
      * {@inheritdoc}
      */
-    public function isAnonymous(TokenInterface $token = null)
+    public function isAnonymous(TokenInterface $token = null/*, $deprecation = true*/)
     {
+        if (1 === \func_num_args() || false !== func_get_arg(1)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.', __METHOD__);
+        }
+
         if (null === $token) {
             return false;
         }
@@ -56,6 +67,6 @@ public function isFullFledged(TokenInterface $token = null)
             return false;
         }
 
-        return !$this->isAnonymous($token) && !$this->isRememberMe($token);
+        return !$this->isAnonymous($token, false) && !$this->isRememberMe($token);
     }
 }

Authentication/AuthenticationTrustResolverInterface.php

@@ -17,6 +17,8 @@
  * Interface for resolving the authentication status of a given token.
  *
  * @author Johannes M. Schmitt <[email protected]>
+ *
+ * @method bool isAuthenticated(TokenInterface $token = null)
  */
 interface AuthenticationTrustResolverInterface
 {
@@ -27,6 +29,8 @@ interface AuthenticationTrustResolverInterface
      * If null is passed, the method must return false.
      *
      * @return bool
+     *
+     * @deprecated since Symfony 5.4, use !isAuthenticated() instead
      */
     public function isAnonymous(TokenInterface $token = null);
 

Authentication/Provider/DaoAuthenticationProvider.php

@@ -95,7 +95,7 @@ protected function retrieveUser(string $userIdentifier, UsernamePasswordToken $t
         }
 
         try {
-            // @deprecated since 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
+            // @deprecated since Symfony 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
             if (method_exists($this->userProvider, 'loadUserByIdentifier')) {
                 $user = $this->userProvider->loadUserByIdentifier($userIdentifier);
             } else {

Authentication/Provider/LdapBindAuthenticationProvider.php

@@ -70,7 +70,7 @@ protected function retrieveUser(string $userIdentifier, UsernamePasswordToken $t
             throw new UserNotFoundException('User identifier can not be null.');
         }
 
-        // @deprecated since 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
+        // @deprecated since Symfony 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
         if (method_exists($this->userProvider, 'loadUserByIdentifier')) {
             return $this->userProvider->loadUserByIdentifier($userIdentifier);
         } else {
@@ -85,7 +85,7 @@ protected function retrieveUser(string $userIdentifier, UsernamePasswordToken $t
      */
     protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
     {
-        // @deprecated since 5.3, change to $token->getUserIdentifier() in 6.0
+        // @deprecated since Symfony 5.3, change to $token->getUserIdentifier() in 6.0
         $userIdentifier = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();
         $password = $token->getCredentials();
 

Authentication/Provider/PreAuthenticatedAuthenticationProvider.php

@@ -59,7 +59,7 @@ public function authenticate(TokenInterface $token)
         }
 
         $userIdentifier = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();
-        // @deprecated since 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
+        // @deprecated since Symfony 5.3, change to $this->userProvider->loadUserByIdentifier() in 6.0
         if (method_exists($this->userProvider, 'loadUserByIdentifier')) {
             $user = $this->userProvider->loadUserByIdentifier($userIdentifier);
         } else {

Authentication/Token/AbstractToken.php

@@ -76,7 +76,7 @@ public function getUserIdentifier(): string
         }
 
         if ($this->user instanceof UserInterface) {
-            // @deprecated since 5.3, change to $user->getUserIdentifier() in 6.0
+            // @deprecated since Symfony 5.3, change to $user->getUserIdentifier() in 6.0
             return method_exists($this->user, 'getUserIdentifier') ? $this->user->getUserIdentifier() : $this->user->getUsername();
         }
 
@@ -96,6 +96,10 @@ public function getUser()
      */
     public function setUser(string|\Stringable|UserInterface $user)
     {
+        if (!$user instanceof UserInterface) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Using an object that is not an instance of "%s" as $user in "%s" is deprecated.', UserInterface::class, static::class);
+        }
+
         // @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0
         if (1 < \func_num_args() && !func_get_arg(1)) {
             // ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,

Authentication/Token/AnonymousToken.php

@@ -17,6 +17,8 @@
  * AnonymousToken represents an anonymous token.
  *
  * @author Fabien Potencier <[email protected]>
+ *
+ * @deprecated since 5.4, anonymous is now represented by the absence of a token
  */
 class AnonymousToken extends AbstractToken
 {
@@ -28,6 +30,8 @@ class AnonymousToken extends AbstractToken
      */
     public function __construct(string $secret, string|\Stringable|UserInterface $user, array $roles = [])
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'The "%s" class is deprecated.', __CLASS__);
+
         parent::__construct($roles);
 
         $this->secret = $secret;

Authentication/Token/PreAuthenticatedToken.php

@@ -26,16 +26,24 @@ class PreAuthenticatedToken extends AbstractToken
     /**
      * @param string[] $roles
      */
-    public function __construct(string|\Stringable|UserInterface $user, mixed $credentials, string $firewallName, array $roles = [])
+    public function __construct(string|\Stringable|UserInterface $user, /*string*/ $firewallName, /*array*/ $roles = [])
     {
+        if (\is_string($roles)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Argument $credentials of "%s()" is deprecated.', __METHOD__);
+
+            $credentials = $firewallName;
+            $firewallName = $roles;
+            $roles = \func_num_args() > 3 ? func_get_arg(3) : [];
+        }
+
         parent::__construct($roles);
 
         if ('' === $firewallName) {
             throw new \InvalidArgumentException('$firewallName must not be empty.');
         }
 
         $this->setUser($user);
-        $this->credentials = $credentials;
+        $this->credentials = $credentials ?? null;
         $this->firewallName = $firewallName;
 
         if ($roles) {
@@ -48,12 +56,12 @@ public function __construct(string|\Stringable|UserInterface $user, mixed $crede
      *
      * @return string The provider key
      *
-     * @deprecated since 5.2, use getFirewallName() instead
+     * @deprecated since Symfony 5.2, use getFirewallName() instead
      */
     public function getProviderKey()
     {
         if (1 !== \func_num_args() || true !== func_get_arg(0)) {
-            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);
+            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s()" is deprecated, use "getFirewallName()" instead.', __METHOD__);
         }
 
         return $this->firewallName;
@@ -69,6 +77,8 @@ public function getFirewallName(): string
      */
     public function getCredentials()
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated.', __METHOD__);
+
         return $this->credentials;
     }
 

Authentication/Token/RememberMeToken.php

@@ -64,12 +64,12 @@ public function setAuthenticated(bool $authenticated)
      *
      * @return string The provider secret
      *
-     * @deprecated since 5.2, use getFirewallName() instead
+     * @deprecated since Symfony 5.2, use getFirewallName() instead
      */
     public function getProviderKey()
     {
         if (1 !== \func_num_args() || true !== func_get_arg(0)) {
-            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);
+            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s()" is deprecated, use "getFirewallName()" instead.', __METHOD__);
         }
 
         return $this->firewallName;
@@ -95,6 +95,8 @@ public function getSecret()
      */
     public function getCredentials()
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated.', __METHOD__);
+
         return '';
     }