[Security] Deprecate TokenInterface::isAuthenticated() and setAuthenticated()

chalasr · chalasr · commit a3d092ff0f73 · 2021-07-14T14:24:30.000+02:00
diff --git a/Authentication/Token/AbstractToken.php b/Authentication/Token/AbstractToken.php
@@ -99,7 +99,12 @@ public function setUser($user)
             throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.');
         }
 
-        if (null === $this->user) {
+        // @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0
+        if (1 < \func_num_args() && !func_get_arg(1)) {
+            // ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,
+            // avoid doing the same checks twice
+            $changed = false;
+        } elseif (null === $this->user) {
             $changed = false;
         } elseif ($this->user instanceof UserInterface) {
             if (!$user instanceof UserInterface) {
@@ -113,18 +118,25 @@ public function setUser($user)
             $changed = (string) $this->user !== (string) $user;
         }
 
+        // @deprecated since Symfony 5.4
         if ($changed) {
-            $this->setAuthenticated(false);
+            $this->setAuthenticated(false, false);
         }
 
         $this->user = $user;
     }
 
     /**
      * {@inheritdoc}
+     *
+     * @deprecated since Symfony 5.4
      */
     public function isAuthenticated()
     {
+        if (1 > \func_num_args() || func_get_arg(0)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
+        }
+
         return $this->authenticated;
     }
 
@@ -133,6 +145,10 @@ public function isAuthenticated()
      */
     public function setAuthenticated(bool $authenticated)
     {
+        if (2 > \func_num_args() || func_get_arg(1)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" state anymore and will always be considered as authenticated.', __METHOD__);
+        }
+
         $this->authenticated = $authenticated;
     }
 
@@ -275,6 +291,9 @@ final public function unserialize($serialized)
         $this->__unserialize(\is_array($serialized) ? $serialized : unserialize($serialized));
     }
 
+    /**
+     * @deprecated since Symfony 5.4
+     */
     private function hasUserChanged(UserInterface $user): bool
     {
         if (!($this->user instanceof UserInterface)) {
diff --git a/Authentication/Token/AnonymousToken.php b/Authentication/Token/AnonymousToken.php
@@ -33,7 +33,8 @@ public function __construct(string $secret, $user, array $roles = [])
 
         $this->secret = $secret;
         $this->setUser($user);
-        $this->setAuthenticated(true);
+        // @deprecated since Symfony 5.4
+        $this->setAuthenticated(true, false);
     }
 
     /**
diff --git a/Authentication/Token/NullToken.php b/Authentication/Token/NullToken.php
@@ -53,11 +53,21 @@ public function getUserIdentifier(): string
         return '';
     }
 
+    /**
+     * @deprecated since Symfony 5.4
+     */
     public function isAuthenticated()
     {
+        if (0 === \func_num_args() || func_get_arg(0)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);
+        }
+
         return true;
     }
 
+    /**
+     * @deprecated since Symfony 5.4
+     */
     public function setAuthenticated(bool $isAuthenticated)
     {
         throw new \BadMethodCallException('Cannot change authentication state of NullToken.');
diff --git a/Authentication/Token/PreAuthenticatedToken.php b/Authentication/Token/PreAuthenticatedToken.php
@@ -41,7 +41,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro
         $this->firewallName = $firewallName;
 
         if ($roles) {
-            $this->setAuthenticated(true);
+            $this->setAuthenticated(true, false);
         }
     }
 
diff --git a/Authentication/Token/RememberMeToken.php b/Authentication/Token/RememberMeToken.php
@@ -44,7 +44,7 @@ public function __construct(UserInterface $user, string $firewallName, string $s
         $this->secret = $secret;
 
         $this->setUser($user);
-        parent::setAuthenticated(true);
+        parent::setAuthenticated(true, false);
     }
 
     /**
@@ -56,7 +56,7 @@ public function setAuthenticated(bool $authenticated)
             throw new \LogicException('You cannot set this token to authenticated after creation.');
         }
 
-        parent::setAuthenticated(false);
+        parent::setAuthenticated(false, false);
     }
 
     /**
diff --git a/Authentication/Token/TokenInterface.php b/Authentication/Token/TokenInterface.php
@@ -71,11 +71,15 @@ public function setUser($user);
      * Returns whether the user is authenticated or not.
      *
      * @return bool true if the token has been authenticated, false otherwise
+     *
+     * @deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated
      */
     public function isAuthenticated();
 
     /**
      * Sets the authenticated flag.
+     *
+     * @deprecated since Symfony 5.4. In 6.0, security tokens will always be considered authenticated
      */
     public function setAuthenticated(bool $isAuthenticated);
 
diff --git a/Authentication/Token/UsernamePasswordToken.php b/Authentication/Token/UsernamePasswordToken.php
@@ -42,7 +42,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro
         $this->credentials = $credentials;
         $this->firewallName = $firewallName;
 
-        parent::setAuthenticated(\count($roles) > 0);
+        parent::setAuthenticated(\count($roles) > 0, false);
     }
 
     /**
@@ -54,7 +54,7 @@ public function setAuthenticated(bool $isAuthenticated)
             throw new \LogicException('Cannot set this token to trusted after instantiation.');
         }
 
-        parent::setAuthenticated(false);
+        parent::setAuthenticated(false, false);
     }
 
     /**
diff --git a/Authorization/AuthorizationChecker.php b/Authorization/AuthorizationChecker.php
@@ -62,7 +62,12 @@ final public function isGranted($attribute, $subject = null): bool
 
             $token = new NullToken();
         } else {
-            if ($this->alwaysAuthenticate || !$token->isAuthenticated()) {
+            $authenticated = true;
+            // @deprecated since Symfony 5.4
+            if ($this->alwaysAuthenticate || !$authenticated = $token->isAuthenticated(false)) {
+                if (!($authenticated ?? true)) {
+                    trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated.');
+                }
                 $this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));
             }
         }
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,8 @@ CHANGELOG
 
  * Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
    5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker`
+ * Deprecate methods `TokenInterface::isAuthenticated()` and `setAuthenticated`,
+   tokens will always be considered authenticated in 6.0
 
 5.3
 ---
diff --git a/Tests/Authentication/Token/AbstractTokenTest.php b/Tests/Authentication/Token/AbstractTokenTest.php
@@ -41,6 +41,7 @@ public function getUsername()
 
             public function getRoles()
             {
+                return [];
             }
 
             public function getPassword()
@@ -104,6 +105,9 @@ public function testConstructor()
         $this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
     }
 
+    /**
+     * @group legacy
+     */
     public function testAuthenticatedFlag()
     {
         $token = new ConcreteToken();
@@ -158,6 +162,7 @@ public function getUsers()
     }
 
     /**
+     * @group legacy
      * @dataProvider getUserChanges
      */
     public function testSetUserSetsAuthenticatedToFalseWhenUserChanges($firstUser, $secondUser)
@@ -190,6 +195,7 @@ public function getUserChanges()
     }
 
     /**
+     * @group legacy
      * @dataProvider getUsers
      */
     public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
@@ -205,6 +211,9 @@ public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($
         $this->assertTrue($token->isAuthenticated());
     }
 
+    /**
+     * @group legacy
+     */
     public function testIsUserChangedWhenSerializing()
     {
         $token = new ConcreteToken(['ROLE_ADMIN']);
diff --git a/Tests/Authentication/Token/AnonymousTokenTest.php b/Tests/Authentication/Token/AnonymousTokenTest.php
@@ -18,13 +18,19 @@ class AnonymousTokenTest extends TestCase
 {
     public function testConstructor()
     {
-        $token = new AnonymousToken('foo', 'bar');
-        $this->assertTrue($token->isAuthenticated());
-
         $token = new AnonymousToken('foo', 'bar', ['ROLE_FOO']);
         $this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
     }
 
+    /**
+     * @group legacy
+     */
+    public function testIsAuthenticated()
+    {
+        $token = new AnonymousToken('foo', 'bar');
+        $this->assertTrue($token->isAuthenticated());
+    }
+
     public function testGetKey()
     {
         $token = new AnonymousToken('foo', 'bar');
diff --git a/Tests/Authentication/Token/PreAuthenticatedTokenTest.php b/Tests/Authentication/Token/PreAuthenticatedTokenTest.php
@@ -18,11 +18,7 @@ class PreAuthenticatedTokenTest extends TestCase
 {
     public function testConstructor()
     {
-        $token = new PreAuthenticatedToken('foo', 'bar', 'key');
-        $this->assertFalse($token->isAuthenticated());
-
         $token = new PreAuthenticatedToken('foo', 'bar', 'key', ['ROLE_FOO']);
-        $this->assertTrue($token->isAuthenticated());
         $this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
         $this->assertEquals('key', $token->getFirewallName());
     }
@@ -45,4 +41,13 @@ public function testEraseCredentials()
         $token->eraseCredentials();
         $this->assertEquals('', $token->getCredentials());
     }
+
+    /**
+     * @group legacy
+     */
+    public function testIsAuthenticated()
+    {
+        $token = new PreAuthenticatedToken('foo', 'bar', 'key');
+        $this->assertFalse($token->isAuthenticated());
+    }
 }
diff --git a/Tests/Authentication/Token/RememberMeTokenTest.php b/Tests/Authentication/Token/RememberMeTokenTest.php
@@ -26,6 +26,15 @@ public function testConstructor()
         $this->assertEquals('foo', $token->getSecret());
         $this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
         $this->assertSame($user, $token->getUser());
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testIsAuthenticated()
+    {
+        $user = $this->getUser();
+        $token = new RememberMeToken($user, 'fookey', 'foo');
         $this->assertTrue($token->isAuthenticated());
     }
 
diff --git a/Tests/Authentication/Token/SwitchUserTokenTest.php b/Tests/Authentication/Token/SwitchUserTokenTest.php
@@ -15,6 +15,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Tests\Authentication\Token\Fixtures\CustomUser;
+use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 class SwitchUserTokenTest extends TestCase
@@ -42,6 +43,9 @@ public function testSerialize()
         $this->assertEquals(['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'], $unserializedOriginalToken->getRoleNames());
     }
 
+    /**
+     * @group legacy
+     */
     public function testSetUserDoesNotDeauthenticate()
     {
         $impersonated = new class() implements UserInterface {
@@ -75,7 +79,7 @@ public function getSalt()
             }
         };
 
-        $originalToken = new UsernamePasswordToken('impersonator', 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
+        $originalToken = new UsernamePasswordToken(new InMemoryUser('impersonator', '', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']), 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
         $token = new SwitchUserToken($impersonated, 'bar', 'provider-key', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $originalToken);
         $token->setUser($impersonated);
         $this->assertTrue($token->isAuthenticated());
diff --git a/Tests/Authentication/Token/UsernamePasswordTokenTest.php b/Tests/Authentication/Token/UsernamePasswordTokenTest.php
@@ -17,23 +17,37 @@
 class UsernamePasswordTokenTest extends TestCase
 {
     public function testConstructor()
+    {
+        $token = new UsernamePasswordToken('foo', 'bar', 'key', ['ROLE_FOO']);
+        $this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
+        $this->assertEquals('key', $token->getFirewallName());
+    }
+
+    /**
+     * @group legacy
+     */
+    public function testIsAuthenticated()
     {
         $token = new UsernamePasswordToken('foo', 'bar', 'key');
         $this->assertFalse($token->isAuthenticated());
 
         $token = new UsernamePasswordToken('foo', 'bar', 'key', ['ROLE_FOO']);
-        $this->assertEquals(['ROLE_FOO'], $token->getRoleNames());
         $this->assertTrue($token->isAuthenticated());
-        $this->assertEquals('key', $token->getFirewallName());
     }
 
+    /**
+     * @group legacy
+     */
     public function testSetAuthenticatedToTrue()
     {
         $this->expectException(\LogicException::class);
         $token = new UsernamePasswordToken('foo', 'bar', 'key');
         $token->setAuthenticated(true);
     }
 
+    /**
+     * @group legacy
+     */
     public function testSetAuthenticatedToFalse()
     {
         $token = new UsernamePasswordToken('foo', 'bar', 'key');
diff --git a/Tests/Authorization/AuthorizationCheckerTest.php b/Tests/Authorization/AuthorizationCheckerTest.php
@@ -42,6 +42,9 @@ protected function setUp(): void
         );
     }
 
+    /**
+     * @group legacy
+     */
     public function testVoteAuthenticatesTokenIfNecessary()
     {
         $token = new UsernamePasswordToken('username', 'password', 'provider');

Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,12 @@ public function setUser($user)`
`99`	`99`	`throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.');`
`100`	`100`	`}`
`101`	`101`
`102`		`- if (null === $this->user) {`
	`102`	`+ // @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0`
	`103`	`+ if (1 < \func_num_args() && !func_get_arg(1)) {`
	`104`	+ // ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,
	`105`	`+ // avoid doing the same checks twice`
	`106`	`+ $changed = false;`
	`107`	`+ } elseif (null === $this->user) {`
`103`	`108`	`$changed = false;`
`104`	`109`	`} elseif ($this->user instanceof UserInterface) {`
`105`	`110`	`if (!$user instanceof UserInterface) {`
`@@ -113,18 +118,25 @@ public function setUser($user)`
`113`	`118`	`$changed = (string) $this->user !== (string) $user;`
`114`	`119`	`}`
`115`	`120`
	`121`	`+ // @deprecated since Symfony 5.4`
`116`	`122`	`if ($changed) {`
`117`		`- $this->setAuthenticated(false);`
	`123`	`+ $this->setAuthenticated(false, false);`
`118`	`124`	`}`
`119`	`125`
`120`	`126`	`$this->user = $user;`
`121`	`127`	`}`
`122`	`128`
`123`	`129`	`/**`
`124`	`130`	`* {@inheritdoc}`
	`131`	`+ *`
	`132`	`+ * @deprecated since Symfony 5.4`
`125`	`133`	`*/`
`126`	`134`	`public function isAuthenticated()`
`127`	`135`	`{`
	`136`	`+ if (1 > \func_num_args() \|\| func_get_arg(0)) {`
	`137`	`+ trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);`
	`138`	`+ }`
	`139`	`+`
`128`	`140`	`return $this->authenticated;`
`129`	`141`	`}`
`130`	`142`
`@@ -133,6 +145,10 @@ public function isAuthenticated()`
`133`	`145`	`*/`
`134`	`146`	`public function setAuthenticated(bool $authenticated)`
`135`	`147`	`{`
	`148`	`+ if (2 > \func_num_args() \|\| func_get_arg(1)) {`
	`149`	`+ trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" state anymore and will always be considered as authenticated.', __METHOD__);`
	`150`	`+ }`
	`151`	`+`
`136`	`152`	`$this->authenticated = $authenticated;`
`137`	`153`	`}`
`138`	`154`
`@@ -275,6 +291,9 @@ final public function unserialize($serialized)`
`275`	`291`	`$this->__unserialize(\is_array($serialized) ? $serialized : unserialize($serialized));`
`276`	`292`	`}`
`277`	`293`
	`294`	`+ /**`
	`295`	`+ * @deprecated since Symfony 5.4`
	`296`	`+ */`
`278`	`297`	`private function hasUserChanged(UserInterface $user): bool`
`279`	`298`	`{`
`280`	`299`	`if (!($this->user instanceof UserInterface)) {`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,8 @@ public function __construct(string $secret, $user, array $roles = [])`
`33`	`33`
`34`	`34`	`$this->secret = $secret;`
`35`	`35`	`$this->setUser($user);`
`36`		`- $this->setAuthenticated(true);`
	`36`	`+ // @deprecated since Symfony 5.4`
	`37`	`+ $this->setAuthenticated(true, false);`
`37`	`38`	`}`
`38`	`39`
`39`	`40`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -53,11 +53,21 @@ public function getUserIdentifier(): string`
`53`	`53`	`return '';`
`54`	`54`	`}`
`55`	`55`
	`56`	`+ /**`
	`57`	`+ * @deprecated since Symfony 5.4`
	`58`	`+ */`
`56`	`59`	`public function isAuthenticated()`
`57`	`60`	`{`
	`61`	`+ if (0 === \func_num_args() \|\| func_get_arg(0)) {`
	`62`	`+ trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated. In version 6.0, security tokens won\'t have an "authenticated" flag anymore and will always be considered authenticated.', __METHOD__);`
	`63`	`+ }`
	`64`	`+`
`58`	`65`	`return true;`
`59`	`66`	`}`
`60`	`67`
	`68`	`+ /**`
	`69`	`+ * @deprecated since Symfony 5.4`
	`70`	`+ */`
`61`	`71`	`public function setAuthenticated(bool $isAuthenticated)`
`62`	`72`	`{`
`63`	`73`	`throw new \BadMethodCallException('Cannot change authentication state of NullToken.');`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro`
`41`	`41`	`$this->firewallName = $firewallName;`
`42`	`42`
`43`	`43`	`if ($roles) {`
`44`		`- $this->setAuthenticated(true);`
	`44`	`+ $this->setAuthenticated(true, false);`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ public function __construct(UserInterface $user, string $firewallName, string $s`
`44`	`44`	`$this->secret = $secret;`
`45`	`45`
`46`	`46`	`$this->setUser($user);`
`47`		`- parent::setAuthenticated(true);`
	`47`	`+ parent::setAuthenticated(true, false);`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`/**`
`@@ -56,7 +56,7 @@ public function setAuthenticated(bool $authenticated)`
`56`	`56`	`throw new \LogicException('You cannot set this token to authenticated after creation.');`
`57`	`57`	`}`
`58`	`58`
`59`		`- parent::setAuthenticated(false);`
	`59`	`+ parent::setAuthenticated(false, false);`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro`
`42`	`42`	`$this->credentials = $credentials;`
`43`	`43`	`$this->firewallName = $firewallName;`
`44`	`44`
`45`		`- parent::setAuthenticated(\count($roles) > 0);`
	`45`	`+ parent::setAuthenticated(\count($roles) > 0, false);`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`/**`
`@@ -54,7 +54,7 @@ public function setAuthenticated(bool $isAuthenticated)`
`54`	`54`	`throw new \LogicException('Cannot set this token to trusted after instantiation.');`
`55`	`55`	`}`
`56`	`56`
`57`		`- parent::setAuthenticated(false);`
	`57`	`+ parent::setAuthenticated(false, false);`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,12 @@ final public function isGranted($attribute, $subject = null): bool`
`62`	`62`
`63`	`63`	`$token = new NullToken();`
`64`	`64`	`} else {`
`65`		`- if ($this->alwaysAuthenticate \|\| !$token->isAuthenticated()) {`
	`65`	`+ $authenticated = true;`
	`66`	`+ // @deprecated since Symfony 5.4`
	`67`	`+ if ($this->alwaysAuthenticate \|\| !$authenticated = $token->isAuthenticated(false)) {`
	`68`	`+ if (!($authenticated ?? true)) {`
	`69`	`+ trigger_deprecation('symfony/core', '5.4', 'Returning false from "%s()" is deprecated and won\'t have any effect in Symfony 6.0 as security tokens will always be considered authenticated.');`
	`70`	`+ }`
`66`	`71`	`$this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));`
`67`	`72`	`}`
`68`	`73`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ public function getUsername()`
`41`	`41`
`42`	`42`	`public function getRoles()`
`43`	`43`	`{`
	`44`	`+ return [];`
`44`	`45`	`}`
`45`	`46`
`46`	`47`	`public function getPassword()`
`@@ -104,6 +105,9 @@ public function testConstructor()`
`104`	`105`	`$this->assertEquals(['ROLE_FOO'], $token->getRoleNames());`
`105`	`106`	`}`
`106`	`107`
	`108`	`+ /**`
	`109`	`+ * @group legacy`
	`110`	`+ */`
`107`	`111`	`public function testAuthenticatedFlag()`
`108`	`112`	`{`
`109`	`113`	`$token = new ConcreteToken();`
`@@ -158,6 +162,7 @@ public function getUsers()`
`158`	`162`	`}`
`159`	`163`
`160`	`164`	`/**`
	`165`	`+ * @group legacy`
`161`	`166`	`* @dataProvider getUserChanges`
`162`	`167`	`*/`
`163`	`168`	`public function testSetUserSetsAuthenticatedToFalseWhenUserChanges($firstUser, $secondUser)`
`@@ -190,6 +195,7 @@ public function getUserChanges()`
`190`	`195`	`}`
`191`	`196`
`192`	`197`	`/**`
	`198`	`+ * @group legacy`
`193`	`199`	`* @dataProvider getUsers`
`194`	`200`	`*/`
`195`	`201`	`public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)`
`@@ -205,6 +211,9 @@ public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($`
`205`	`211`	`$this->assertTrue($token->isAuthenticated());`
`206`	`212`	`}`
`207`	`213`
	`214`	`+ /**`
	`215`	`+ * @group legacy`
	`216`	`+ */`
`208`	`217`	`public function testIsUserChangedWhenSerializing()`
`209`	`218`	`{`
`210`	`219`	`$token = new ConcreteToken(['ROLE_ADMIN']);`