feature #41965 [Security] Deprecate "always authenticate" and "exception on no token" (wouterj)

This PR was merged into the 5.4 branch.

Discussion
----------

[Security] Deprecate "always authenticate" and "exception on no token"

| Q             | A
| ------------- | ---
| Branch?       | 5.4
| Bug fix?      | no
| New feature?  | no
| Deprecations? | yes
| Tickets       | Ref #41613
| License       | MIT
| Doc PR        | n/a

Commits
-------

4bba287259 [Security] Deprecate "always authenticate" and "exception on no token"

Author: fabpot

Authorization/AuthorizationChecker.php

@@ -34,6 +34,13 @@ class AuthorizationChecker implements AuthorizationCheckerInterface
 
     public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, AccessDecisionManagerInterface $accessDecisionManager, bool $alwaysAuthenticate = false, bool $exceptionOnNoToken = true)
     {
+        if (false !== $alwaysAuthenticate) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 4th argument of "%s" to "false" is deprecated.', __METHOD__);
+        }
+        if (false !== $exceptionOnNoToken) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Not setting the 5th argument of "%s" to "false" is deprecated.', __METHOD__);
+        }
+
         $this->tokenStorage = $tokenStorage;
         $this->authenticationManager = $authenticationManager;
         $this->accessDecisionManager = $accessDecisionManager;

CHANGELOG.md

@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+5.4
+---
+
+ * Deprecate setting the 4th argument (`$alwaysAuthenticate`) to `true` and not setting the
+   5th argument (`$exceptionOnNoToken`) to `false` of `AuthorizationChecker`
+
 5.3
 ---
 

Tests/Authorization/AuthorizationCheckerTest.php

@@ -36,7 +36,9 @@ protected function setUp(): void
         $this->authorizationChecker = new AuthorizationChecker(
             $this->tokenStorage,
             $this->authenticationManager,
-            $this->accessDecisionManager
+            $this->accessDecisionManager,
+            false,
+            false
         );
     }
 
@@ -71,13 +73,23 @@ public function testVoteAuthenticatesTokenIfNecessary()
         $this->assertSame($newToken, $this->tokenStorage->getToken());
     }
 
-    public function testVoteWithoutAuthenticationToken()
+    /**
+     * @group legacy
+     */
+    public function testLegacyVoteWithoutAuthenticationToken()
     {
+        $authorizationChecker = new AuthorizationChecker(
+            $this->tokenStorage,
+            $this->authenticationManager,
+            $this->accessDecisionManager
+        );
+
         $this->expectException(AuthenticationCredentialsNotFoundException::class);
-        $this->authorizationChecker->isGranted('ROLE_FOO');
+
+        $authorizationChecker->isGranted('ROLE_FOO');
     }
 
-    public function testVoteWithoutAuthenticationTokenAndExceptionOnNoTokenIsFalse()
+    public function testVoteWithoutAuthenticationToken()
     {
         $authorizationChecker = new AuthorizationChecker($this->tokenStorage, $this->authenticationManager, $this->accessDecisionManager, false, false);
 

Tests/Authorization/ExpressionLanguageTest.php

@@ -37,7 +37,7 @@ public function testIsAuthenticated($token, $expression, $result)
         $tokenStorage = new TokenStorage();
         $tokenStorage->setToken($token);
         $accessDecisionManager = new AccessDecisionManager([new RoleVoter(), new AuthenticatedVoter($trustResolver)]);
-        $authChecker = new AuthorizationChecker($tokenStorage, $this->createMock(AuthenticationManagerInterface::class), $accessDecisionManager);
+        $authChecker = new AuthorizationChecker($tokenStorage, $this->createMock(AuthenticationManagerInterface::class), $accessDecisionManager, false, false);
 
         $context = [];
         $context['auth_checker'] = $authChecker;