feature #42423 [Security] Deprecate AnonymousToken, non-UserInterface users, and token credentials (wouterj)

This PR was squashed before being merged into the 5.4 branch.

Discussion
----------

[Security] Deprecate AnonymousToken, non-UserInterface users, and token credentials

| Q             | A
| ------------- | ---
| Branch?       | 5.4
| Bug fix?      | no
| New feature?  | no
| Deprecations? | yes
| Tickets       | Ref #41613, #34909
| License       | MIT
| Doc PR        | -

This is a continuation of `@xabbuh`'s experiment in #34909 and `@chalasr`'s work in #42050. This hopefully is the last cleanup of `TokenInterface`:

* As tokens now always represent an authenticated user (and no longer e.g. the "username" input of the form), we can finally remove the weird `string|\Stringable` union from `Token::getUser()` and other helper methods and require a user to be an instance of `UserInterface`.
* For the same reason, we can also deprecate token credentials. I didn't deprecate `Token::eraseCredentials()` as this is still used to remove credentials from `UserInterface`.
* Meanwhile, this also deprecated the `AnonymousToken`, which we forgot in 5.3. This token is not used anymore in the new system (anonymous does no longer exists). This was also the only token in core that didn't fulfill the `UserInterface` requirement for authenticated tokens.

Commits
-------

44b843a355 [Security] Deprecate AnonymousToken, non-UserInterface users, and token credentials

Author: fabpot

Authentication/Token/AbstractToken.php

@@ -99,6 +99,10 @@ public function setUser($user)
             throw new \InvalidArgumentException('$user must be an instanceof UserInterface, an object implementing a __toString method, or a primitive string.');
         }
 
+        if (!$user instanceof UserInterface) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Using an object that is not an instance of "%s" as $user in "%s" is deprecated.', UserInterface::class, static::class);
+        }
+
         // @deprecated since Symfony 5.4, remove the whole block if/elseif/else block in 6.0
         if (1 < \func_num_args() && !func_get_arg(1)) {
             // ContextListener checks if the user has changed on its own and calls `setAuthenticated()` subsequently,

Authentication/Token/AnonymousToken.php

@@ -17,6 +17,8 @@
  * AnonymousToken represents an anonymous token.
  *
  * @author Fabien Potencier <[email protected]>
+ *
+ * @deprecated since 5.4, anonymous is now represented by the absence of a token
  */
 class AnonymousToken extends AbstractToken
 {
@@ -29,6 +31,8 @@ class AnonymousToken extends AbstractToken
      */
     public function __construct(string $secret, $user, array $roles = [])
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'The "%s" class is deprecated.', __CLASS__);
+
         parent::__construct($roles);
 
         $this->secret = $secret;

Authentication/Token/PreAuthenticatedToken.php

@@ -24,20 +24,28 @@ class PreAuthenticatedToken extends AbstractToken
     private $firewallName;
 
     /**
-     * @param string|\Stringable|UserInterface $user
-     * @param mixed                            $credentials
-     * @param string[]                         $roles
+     * @param UserInterface $user
+     * @param string        $firewallName
+     * @param string[]      $roles
      */
-    public function __construct($user, $credentials, string $firewallName, array $roles = [])
+    public function __construct($user, /*string*/ $firewallName, /*array*/ $roles = [])
     {
+        if (\is_string($roles)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'Argument $credentials of "%s()" is deprecated.', __METHOD__);
+
+            $credentials = $firewallName;
+            $firewallName = $roles;
+            $roles = \func_num_args() > 3 ? func_get_arg(3) : [];
+        }
+
         parent::__construct($roles);
 
         if ('' === $firewallName) {
             throw new \InvalidArgumentException('$firewallName must not be empty.');
         }
 
         $this->setUser($user);
-        $this->credentials = $credentials;
+        $this->credentials = $credentials ?? null;
         $this->firewallName = $firewallName;
 
         if ($roles) {
@@ -55,7 +63,7 @@ public function __construct($user, $credentials, string $firewallName, array $ro
     public function getProviderKey()
     {
         if (1 !== \func_num_args() || true !== func_get_arg(0)) {
-            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);
+            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s()" is deprecated, use "getFirewallName()" instead.', __METHOD__);
         }
 
         return $this->firewallName;
@@ -71,6 +79,8 @@ public function getFirewallName(): string
      */
     public function getCredentials()
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated.', __METHOD__);
+
         return $this->credentials;
     }
 

Authentication/Token/RememberMeToken.php

@@ -69,7 +69,7 @@ public function setAuthenticated(bool $authenticated)
     public function getProviderKey()
     {
         if (1 !== \func_num_args() || true !== func_get_arg(0)) {
-            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s" is deprecated, use "getFirewallName()" instead.', __METHOD__);
+            trigger_deprecation('symfony/security-core', '5.2', 'Method "%s()" is deprecated, use "getFirewallName()" instead.', __METHOD__);
         }
 
         return $this->firewallName;
@@ -95,6 +95,8 @@ public function getSecret()
      */
     public function getCredentials()
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'Method "%s()" is deprecated.', __METHOD__);
+
         return '';
     }
 

Authentication/Token/SwitchUserToken.php

@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Token;
 
+use Symfony\Component\Security\Core\User\UserInterface;
+
 /**
  * Token representing a user who temporarily impersonates another one.
  *
@@ -22,15 +24,29 @@ class SwitchUserToken extends UsernamePasswordToken
     private $originatedFromUri;
 
     /**
-     * @param string|object $user              The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method
-     * @param mixed         $credentials       This usually is the password of the user
+     * @param UserInterface $user
      * @param string|null   $originatedFromUri The URI where was the user at the switch
      *
      * @throws \InvalidArgumentException
      */
-    public function __construct($user, $credentials, string $firewallName, array $roles, TokenInterface $originalToken, string $originatedFromUri = null)
+    public function __construct($user, /*string*/ $firewallName, /*array*/ $roles, /*TokenInterface*/ $originalToken, /*string*/ $originatedFromUri = null)
     {
-        parent::__construct($user, $credentials, $firewallName, $roles);
+        if (\is_string($roles)) {
+            // @deprecated since 5.4, deprecation is triggered by UsernamePasswordToken::__construct()
+            $credentials = $firewallName;
+            $firewallName = $roles;
+            $roles = $originalToken;
+            $originalToken = $originatedFromUri;
+            $originatedFromUri = \func_num_args() > 5 ? func_get_arg(5) : null;
+
+            parent::__construct($user, $credentials, $firewallName, $roles);
+        } else {
+            parent::__construct($user, $firewallName, $roles);
+        }
+
+        if (!$originalToken instanceof TokenInterface) {
+            throw new \TypeError(sprintf('Argument $originalToken of "%s" must be an instance of "%s", "%s" given.', __METHOD__, TokenInterface::class, get_debug_type($originalToken)));
+        }
 
         $this->originalToken = $originalToken;
         $this->originatedFromUri = $originatedFromUri;

Authentication/Token/TokenInterface.php

@@ -43,25 +43,24 @@ public function getRoleNames(): array;
      * Returns the user credentials.
      *
      * @return mixed The user credentials
+     *
+     * @deprecated since 5.4
      */
     public function getCredentials();
 
     /**
      * Returns a user representation.
      *
-     * @return string|\Stringable|UserInterface
+     * @return UserInterface
      *
      * @see AbstractToken::setUser()
      */
     public function getUser();
 
     /**
-     * Sets the user in the token.
-     *
-     * The user can be a UserInterface instance, or an object implementing
-     * a __toString method or the username as a regular string.
+     * Sets the authenticated user in the token.
      *
-     * @param string|\Stringable|UserInterface $user
+     * @param UserInterface $user
      *
      * @throws \InvalidArgumentException
      */

Authentication/Token/UsernamePasswordToken.php

@@ -24,22 +24,29 @@ class UsernamePasswordToken extends AbstractToken
     private $firewallName;
 
     /**
-     * @param string|\Stringable|UserInterface $user        The username (like a nickname, email address, etc.) or a UserInterface instance
-     * @param mixed                            $credentials
-     * @param string[]                         $roles
+     * @param UserInterface $user
+     * @param string[]      $roles
      *
      * @throws \InvalidArgumentException
      */
-    public function __construct($user, $credentials, string $firewallName, array $roles = [])
+    public function __construct($user, /*string*/ $firewallName, /*array*/ $roles = [])
     {
+        if (\is_string($roles)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'The $credentials argument of "%s" is deprecated.', static::class.'::__construct');
+
+            $credentials = $firewallName;
+            $firewallName = $roles;
+            $roles = \func_num_args() > 3 ? func_get_arg(3) : [];
+        }
+
         parent::__construct($roles);
 
         if ('' === $firewallName) {
             throw new \InvalidArgumentException('$firewallName must not be empty.');
         }
 
         $this->setUser($user);
-        $this->credentials = $credentials;
+        $this->credentials = $credentials ?? null;
         $this->firewallName = $firewallName;
 
         parent::setAuthenticated(\count($roles) > 0, false);
@@ -62,6 +69,8 @@ public function setAuthenticated(bool $isAuthenticated)
      */
     public function getCredentials()
     {
+        trigger_deprecation('symfony/security-core', '5.4', 'Method "%s" is deprecated.', __METHOD__);
+
         return $this->credentials;
     }
 

CHANGELOG.md

@@ -4,6 +4,9 @@ CHANGELOG
 5.4
 ---
 
+ * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
+ * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
+ * Deprecate returning `string|\Stringable` from `Token::getUser()` (it must return a `UserInterface`)
  * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
    `$exceptionOnNoToken` argument to `false` of `AuthorizationChecker`

Security.php

@@ -42,10 +42,12 @@ public function getUser(): ?UserInterface
         }
 
         $user = $token->getUser();
+        // @deprecated since 5.4, $user will always be a UserInterface instance
         if (!\is_object($user)) {
             return null;
         }
 
+        // @deprecated since 5.4, $user will always be a UserInterface instance
         if (!$user instanceof UserInterface) {
             return null;
         }

Tests/Authentication/AuthenticationTrustResolverTest.php

@@ -26,8 +26,6 @@ public function testIsAnonymous()
         $this->assertFalse($resolver->isAnonymous($this->getToken()));
         $this->assertFalse($resolver->isAnonymous($this->getRememberMeToken()));
         $this->assertFalse($resolver->isAnonymous(new FakeCustomToken()));
-        $this->assertTrue($resolver->isAnonymous(new RealCustomAnonymousToken()));
-        $this->assertTrue($resolver->isAnonymous($this->getAnonymousToken()));
     }
 
     public function testIsRememberMe()
@@ -36,7 +34,6 @@ public function testIsRememberMe()
 
         $this->assertFalse($resolver->isRememberMe(null));
         $this->assertFalse($resolver->isRememberMe($this->getToken()));
-        $this->assertFalse($resolver->isRememberMe($this->getAnonymousToken()));
         $this->assertFalse($resolver->isRememberMe(new FakeCustomToken()));
         $this->assertTrue($resolver->isRememberMe(new RealCustomRememberMeToken()));
         $this->assertTrue($resolver->isRememberMe($this->getRememberMeToken()));
@@ -47,9 +44,7 @@ public function testisFullFledged()
         $resolver = new AuthenticationTrustResolver();
 
         $this->assertFalse($resolver->isFullFledged(null));
-        $this->assertFalse($resolver->isFullFledged($this->getAnonymousToken()));
         $this->assertFalse($resolver->isFullFledged($this->getRememberMeToken()));
-        $this->assertFalse($resolver->isFullFledged(new RealCustomAnonymousToken()));
         $this->assertFalse($resolver->isFullFledged(new RealCustomRememberMeToken()));
         $this->assertTrue($resolver->isFullFledged($this->getToken()));
         $this->assertTrue($resolver->isFullFledged(new FakeCustomToken()));
@@ -62,8 +57,6 @@ public function testIsAnonymousWithClassAsConstructorButStillExtending()
         $this->assertFalse($resolver->isAnonymous(null));
         $this->assertFalse($resolver->isAnonymous($this->getToken()));
         $this->assertFalse($resolver->isAnonymous($this->getRememberMeToken()));
-        $this->assertTrue($resolver->isAnonymous($this->getAnonymousToken()));
-        $this->assertTrue($resolver->isAnonymous(new RealCustomAnonymousToken()));
     }
 
     public function testIsRememberMeWithClassAsConstructorButStillExtending()
@@ -72,7 +65,6 @@ public function testIsRememberMeWithClassAsConstructorButStillExtending()
 
         $this->assertFalse($resolver->isRememberMe(null));
         $this->assertFalse($resolver->isRememberMe($this->getToken()));
-        $this->assertFalse($resolver->isRememberMe($this->getAnonymousToken()));
         $this->assertTrue($resolver->isRememberMe($this->getRememberMeToken()));
         $this->assertTrue($resolver->isRememberMe(new RealCustomRememberMeToken()));
     }
@@ -82,13 +74,27 @@ public function testisFullFledgedWithClassAsConstructorButStillExtending()
         $resolver = $this->getResolver();
 
         $this->assertFalse($resolver->isFullFledged(null));
-        $this->assertFalse($resolver->isFullFledged($this->getAnonymousToken()));
         $this->assertFalse($resolver->isFullFledged($this->getRememberMeToken()));
-        $this->assertFalse($resolver->isFullFledged(new RealCustomAnonymousToken()));
         $this->assertFalse($resolver->isFullFledged(new RealCustomRememberMeToken()));
         $this->assertTrue($resolver->isFullFledged($this->getToken()));
     }
 
+    /**
+     * @group legacy
+     */
+    public function testLegacy()
+    {
+        $resolver = $this->getResolver();
+
+        $this->assertTrue($resolver->isAnonymous($this->getAnonymousToken()));
+        $this->assertTrue($resolver->isAnonymous($this->getRealCustomAnonymousToken()));
+
+        $this->assertFalse($resolver->isRememberMe($this->getAnonymousToken()));
+
+        $this->assertFalse($resolver->isFullFledged($this->getAnonymousToken()));
+        $this->assertFalse($resolver->isFullFledged($this->getRealCustomAnonymousToken()));
+    }
+
     protected function getToken()
     {
         return $this->createMock(TokenInterface::class);
@@ -99,6 +105,15 @@ protected function getAnonymousToken()
         return $this->getMockBuilder(AnonymousToken::class)->setConstructorArgs(['', ''])->getMock();
     }
 
+    private function getRealCustomAnonymousToken()
+    {
+        return new class() extends AnonymousToken {
+            public function __construct()
+            {
+            }
+        };
+    }
+
     protected function getRememberMeToken()
     {
         return $this->getMockBuilder(RememberMeToken::class)->setMethods(['setPersistent'])->disableOriginalConstructor()->getMock();
@@ -192,13 +207,6 @@ public function setAttribute(string $name, $value)
     }
 }
 
-class RealCustomAnonymousToken extends AnonymousToken
-{
-    public function __construct()
-    {
-    }
-}
-
 class RealCustomRememberMeToken extends RememberMeToken
 {
     public function __construct()