[Security] Deprecate getUsername() in favor of getUserIdentifier()

wouterj · wouterj · commit bf2b36f31247 · 2021-03-07T17:17:17.000+01:00
diff --git a/src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php b/src/Symfony/Bridge/Monolog/Processor/AbstractTokenProcessor.php
@@ -42,10 +42,15 @@ public function __invoke(array $record): array
 
         if (null !== $token = $this->getToken()) {
             $record['extra'][$this->getKey()] = [
-                'username' => $token->getUsername(),
                 'authenticated' => $token->isAuthenticated(),
                 'roles' => $token->getRoleNames(),
             ];
+
+            if (method_exists($token, 'getUserIdentifier')) {
+                $record['extra'][$this->getKey()]['username'] = $record['extra'][$this->getKey()]['user_identifier'] = $token->getUserIdentifier();
+            } else {
+                $record['extra'][$this->getKey()]['username'] = $token->getUsername();
+            }
         }
 
         return $record;
diff --git a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
@@ -97,7 +97,8 @@ public function collect(Request $request, Response $response, \Throwable $except
 
             $impersonatorUser = null;
             if ($token instanceof SwitchUserToken) {
-                $impersonatorUser = $token->getOriginalToken()->getUsername();
+                $originalToken = $token->getOriginalToken();
+                $impersonatorUser = method_exists($originalToken, 'getUserIdentifier') ? $originalToken->getUserIdentifier() : $originalToken->getUsername();
             }
 
             if (null !== $this->roleHierarchy) {
@@ -126,7 +127,7 @@ public function collect(Request $request, Response $response, \Throwable $except
                 'token' => $token,
                 'token_class' => $this->hasVarDumper ? new ClassStub(\get_class($token)) : \get_class($token),
                 'logout_url' => $logoutUrl,
-                'user' => $token->getUsername(),
+                'user' => method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername(),
                 'roles' => $assignedRoles,
                 'inherited_roles' => array_unique($inheritedRoles),
                 'supports_role_hierarchy' => null !== $this->roleHierarchy,
diff --git a/src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php b/src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php
@@ -83,7 +83,7 @@ public function onCheckPassport(CheckPassportEvent $event)
                 } else {
                     throw new LogicException('Using the "query_string" config without using a "search_dn" and a "search_password" is not supported.');
                 }
-                $username = $ldap->escape($user->getUsername(), '', LdapInterface::ESCAPE_FILTER);
+                $username = $ldap->escape(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), '', LdapInterface::ESCAPE_FILTER);
                 $query = str_replace('{username}', $username, $ldapBadge->getQueryString());
                 $result = $ldap->query($ldapBadge->getDnString(), $query)->execute();
                 if (1 !== $result->count()) {
@@ -92,7 +92,7 @@ public function onCheckPassport(CheckPassportEvent $event)
 
                 $dn = $result[0]->getDn();
             } else {
-                $username = $ldap->escape($user->getUsername(), '', LdapInterface::ESCAPE_DN);
+                $username = $ldap->escape(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), '', LdapInterface::ESCAPE_DN);
                 $dn = str_replace('{username}', $username, $ldapBadge->getDnString());
             }
 
diff --git a/src/Symfony/Component/Ldap/Security/LdapUser.php b/src/Symfony/Component/Ldap/Security/LdapUser.php
@@ -75,6 +75,13 @@ public function getSalt(): ?string
      * {@inheritdoc}
      */
     public function getUsername(): string
+    {
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s" is deprecated and will be removed in 6.0, use getUserIdentifier() instead.', __METHOD__);
+
+        return $this->username;
+    }
+
+    public function getUserIdentifier(): string
     {
         return $this->username;
     }
diff --git a/src/Symfony/Component/Ldap/Security/LdapUserProvider.php b/src/Symfony/Component/Ldap/Security/LdapUserProvider.php
@@ -117,7 +117,7 @@ public function refreshUser(UserInterface $user)
             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));
         }
 
-        return new LdapUser($user->getEntry(), $user->getUsername(), $user->getPassword(), $user->getRoles(), $user->getExtraFields());
+        return new LdapUser($user->getEntry(), method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), $user->getPassword(), $user->getRoles(), $user->getExtraFields());
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
@@ -105,6 +105,10 @@ public function authenticate(TokenInterface $token)
                 $this->eventDispatcher->dispatch(new AuthenticationSuccessEvent($result), AuthenticationEvents::AUTHENTICATION_SUCCESS);
             }
 
+            if ($user = $result->getUser() instanceof UserInterface && !method_exists($result->getUser(), 'getUserIdentifier')) {
+                trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "getUserIdentifier(): string" in user class "%s" is deprecated. This method will replace "getUsername()" in Symfony 6.0.', \get_class($result->getUser()));
+            }
+
             return $result;
         }
 
diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
@@ -74,7 +74,7 @@ protected function retrieveUser(string $username, UsernamePasswordToken $token)
      */
     protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
     {
-        $username = $token->getUsername();
+        $username = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();
         $password = $token->getCredentials();
 
         if ('' === (string) $password) {
diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php
@@ -51,7 +51,7 @@ public function authenticate(TokenInterface $token)
 
         $user = $token->getUser();
 
-        if (!$token->getUser() instanceof UserInterface) {
+        if (!$user instanceof UserInterface) {
             throw new LogicException(sprintf('Method "%s::getUser()" must return a "%s" instance, "%s" returned.', get_debug_type($token), UserInterface::class, get_debug_type($user)));
         }
 
diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
@@ -55,7 +55,7 @@ public function authenticate(TokenInterface $token)
             throw new AuthenticationException('The token is not supported by this authentication provider.');
         }
 
-        $username = $token->getUsername();
+        $username = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();
         if ('' === $username || null === $username) {
             $username = AuthenticationProviderInterface::USERNAME_NONE_PROVIDED;
         }
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
@@ -51,15 +51,36 @@ public function getRoleNames(): array
     /**
      * {@inheritdoc}
      */
-    public function getUsername()
+    public function getUsername(/* $legacy = true */)
     {
+        if (1 === func_num_args() && false === func_get_arg(0)) {
+            return null;
+        }
+
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s" is deprecated and will be removed in 6.0, use getUserIdentifier() instead.', __METHOD__);
+
         if ($this->user instanceof UserInterface) {
             return $this->user->getUsername();
         }
 
         return (string) $this->user;
     }
 
+    public function getUserIdentifier(): string
+    {
+        // method returns "null" in non-legacy mode if not overriden
+        $username = $this->getUsername(false);
+        if (null !== $username) {
+            trigger_deprecation('symfony/security-core', '5.3', 'Method "%s::getUsername()" is deprecated and will be removed in 6.0, override "getUserIdentifier()" instead.', \get_class($this));
+        }
+
+        if ($this->user instanceof UserInterface) {
+            return method_exists($this->user, 'getUserIdentifier') ? $this->user->getUserIdentifier() : $this->user->getUsername();
+        }
+
+        return (string) $this->user;
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -234,7 +255,7 @@ public function __toString()
             $roles[] = $role;
         }
 
-        return sprintf('%s(user="%s", authenticated=%s, roles="%s")', $class, $this->getUsername(), json_encode($this->authenticated), implode(', ', $roles));
+        return sprintf('%s(user="%s", authenticated=%s, roles="%s")', $class, $this->getUserIdentifier(), json_encode($this->authenticated), implode(', ', $roles));
     }
 
     /**
@@ -283,7 +304,11 @@ private function hasUserChanged(UserInterface $user): bool
             return true;
         }
 
-        if ($this->user->getUsername() !== $user->getUsername()) {
+        // @deprecated since Symfony 5.3, drop getUsername() in 6.0
+        $userIdentifier = function ($user) {
+            return method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
+        };
+        if ($userIdentifier($this->user) !== $userIdentifier($user)) {
             return true;
         }
 
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/NullToken.php
@@ -42,6 +42,13 @@ public function setUser($user)
     }
 
     public function getUsername()
+    {
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s" is deprecated and will be removed in 6.0, use getUserIdentifier() instead.', __METHOD__);
+
+        return '';
+    }
+
+    public function getUserIdentifier(): string
     {
         return '';
     }
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php b/src/Symfony/Component/Security/Core/Authentication/Token/TokenInterface.php
@@ -16,6 +16,8 @@
 /**
  * TokenInterface is the interface for the user authentication information.
  *
+ * @method string getUserIdentifier()
+ *
  * @author Fabien Potencier <fabien@symfony.com>
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  */
@@ -69,6 +71,8 @@ public function setUser($user);
      * Returns the username.
      *
      * @return string
+     *
+     * @deprecated since 5.3, use/implement getUserIdentifier() instead
      */
     public function getUsername();
 
diff --git a/src/Symfony/Component/Security/Core/User/ChainUserProvider.php b/src/Symfony/Component/Security/Core/User/ChainUserProvider.php
@@ -87,8 +87,9 @@ public function refreshUser(UserInterface $user)
         }
 
         if ($supportedUserFound) {
-            $e = new UsernameNotFoundException(sprintf('There is no user with name "%s".', $user->getUsername()));
-            $e->setUsername($user->getUsername());
+            $username = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
+            $e = new UsernameNotFoundException(sprintf('There is no user with name "%s".', $username));
+            $e->setUsername($username);
             throw $e;
         } else {
             throw new UnsupportedUserException(sprintf('There is no user provider for user "%s". Shouldn\'t the "supportsClass()" method of your user provider return true for this classname?', get_debug_type($user)));
diff --git a/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php b/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php
@@ -51,11 +51,12 @@ public function __construct(array $users = [])
      */
     public function createUser(UserInterface $user)
     {
-        if (isset($this->users[strtolower($user->getUsername())])) {
+        $username = strtolower(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername());
+        if (isset($this->users[$username])) {
             throw new \LogicException('Another user with the same username already exists.');
         }
 
-        $this->users[strtolower($user->getUsername())] = $user;
+        $this->users[$username] = $user;
     }
 
     /**
@@ -65,7 +66,7 @@ public function loadUserByUsername(string $username)
     {
         $user = $this->getUser($username);
 
-        return new User($user->getUsername(), $user->getPassword(), $user->getRoles(), $user->isEnabled(), $user->isAccountNonExpired(), $user->isCredentialsNonExpired(), $user->isAccountNonLocked());
+        return new User(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), $user->getPassword(), $user->getRoles(), $user->isEnabled(), $user->isAccountNonExpired(), $user->isCredentialsNonExpired(), $user->isAccountNonLocked());
     }
 
     /**
@@ -77,9 +78,9 @@ public function refreshUser(UserInterface $user)
             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));
         }
 
-        $storedUser = $this->getUser($user->getUsername());
+        $storedUser = $this->getUser(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername());
 
-        return new User($storedUser->getUsername(), $storedUser->getPassword(), $storedUser->getRoles(), $storedUser->isEnabled(), $storedUser->isAccountNonExpired(), $storedUser->isCredentialsNonExpired() && $storedUser->getPassword() === $user->getPassword(), $storedUser->isAccountNonLocked());
+        return new User(method_exists($storedUser, 'getUserIdentifier') ? $storedUser->getUserIdentifier() : $storedUser->getUsername(), $storedUser->getPassword(), $storedUser->getRoles(), $storedUser->isEnabled(), $storedUser->isAccountNonExpired(), $storedUser->isCredentialsNonExpired() && $storedUser->getPassword() === $user->getPassword(), $storedUser->isAccountNonLocked());
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Core/User/User.php b/src/Symfony/Component/Security/Core/User/User.php
@@ -47,7 +47,7 @@ public function __construct(?string $username, ?string $password, array $roles =
 
     public function __toString(): string
     {
-        return $this->getUsername();
+        return $this->getUserIdentifier();
     }
 
     /**
@@ -78,6 +78,16 @@ public function getSalt(): ?string
      * {@inheritdoc}
      */
     public function getUsername(): string
+    {
+        trigger_deprecation('symfony/security-core', '5.3', 'Method "%s" is deprecated and will be removed in 6.0, use getUserIdentifier() instead.', __METHOD__);
+
+        return $this->username;
+    }
+
+    /**
+     * @see getUsername
+     */
+    public function getUserIdentifier(): string
     {
         return $this->username;
     }
@@ -178,7 +188,7 @@ public function isEqualTo(UserInterface $user): bool
             return false;
         }
 
-        if ($this->getUsername() !== $user->getUsername()) {
+        if ($this->getUserIdentifier() !== $user->getUserIdentifier()) {
             return false;
         }
 
diff --git a/src/Symfony/Component/Security/Core/User/UserInterface.php b/src/Symfony/Component/Security/Core/User/UserInterface.php
@@ -26,6 +26,8 @@
  *
  * @see UserProviderInterface
  *
+ * @method string getUserIdentifier()
+ *
  * @author Fabien Potencier <fabien@symfony.com>
  */
 interface UserInterface
@@ -73,6 +75,8 @@ public function getSalt();
      * Returns the username used to authenticate the user.
      *
      * @return string The username
+     *
+     * @deprecated since 5.3, use/implement getUserIdentifier() instead
      */
     public function getUsername();
 
diff --git a/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php b/src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProvider.php
@@ -113,7 +113,7 @@ private function authenticateViaGuard(AuthenticatorInterface $guardAuthenticator
 
         if (null === $user) {
             $e = new UsernameNotFoundException(sprintf('Null returned from "%s::getUser()".', get_debug_type($guardAuthenticator)));
-            $e->setUsername($token->getUsername());
+            $e->setUsername(method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername());
 
             throw $e;
         }
diff --git a/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php b/src/Symfony/Component/Security/Http/Authentication/AuthenticatorManager.php
@@ -69,7 +69,7 @@ public function __construct(iterable $authenticators, TokenStorageInterface $tok
     public function authenticateUser(UserInterface $user, AuthenticatorInterface $authenticator, Request $request, array $badges = []): ?Response
     {
         // create an authenticated token for the User
-        $token = $authenticator->createAuthenticatedToken($passport = new SelfValidatingPassport(new UserBadge($user->getUsername(), function () use ($user) { return $user; }), $badges), $this->firewallName);
+        $token = $authenticator->createAuthenticatedToken($passport = new SelfValidatingPassport(new UserBadge(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), function () use ($user) { return $user; }), $badges), $this->firewallName);
 
         // announce the authenticated token
         $token = $this->eventDispatcher->dispatch(new AuthenticationTokenCreatedEvent($token))->getAuthenticatedToken();
@@ -210,6 +210,10 @@ private function executeAuthenticator(AuthenticatorInterface $authenticator, Req
 
     private function handleAuthenticationSuccess(TokenInterface $authenticatedToken, PassportInterface $passport, Request $request, AuthenticatorInterface $authenticator): ?Response
     {
+        if (!method_exists($authenticatedToken->getUser(), 'getUserIdentifier')) {
+            trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "getUserIdentifier(): string" in user class "%s" is deprecated. This method will replace "getUsername()" in Symfony 6.0.', \get_class($authenticatedToken->getUser()));
+        }
+
         $this->tokenStorage->setToken($authenticatedToken);
 
         $response = $authenticator->onAuthenticationSuccess($request, $authenticatedToken, $this->firewallName);
diff --git a/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php
@@ -82,7 +82,7 @@ public function authenticate(Request $request): PassportInterface
             throw new \LogicException('No remember me token is set.');
         }
 
-        return new SelfValidatingPassport(new UserBadge($token->getUsername(), [$token, 'getUser']));
+        return new SelfValidatingPassport(new UserBadge(method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername(), [$token, 'getUser']));
     }
 
     public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
diff --git a/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php
@@ -195,7 +195,7 @@ private function onFailure(Request $request, AuthenticationException $failed): R
     private function onSuccess(Request $request, TokenInterface $token): Response
     {
         if (null !== $this->logger) {
-            $this->logger->info('User has been authenticated successfully.', ['username' => $token->getUsername()]);
+            $this->logger->info('User has been authenticated successfully.', ['username' => method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername()]);
         }
 
         $this->tokenStorage->setToken($token);
diff --git a/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php b/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
@@ -83,7 +83,7 @@ public function authenticate(RequestEvent $event)
         }
 
         if (null !== $token = $this->tokenStorage->getToken()) {
-            if ($token instanceof PreAuthenticatedToken && $this->providerKey == $token->getFirewallName() && $token->isAuthenticated() && $token->getUsername() === $user) {
+            if ($token instanceof PreAuthenticatedToken && $this->providerKey == $token->getFirewallName() && $token->isAuthenticated() && (method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername()) === $user) {
                 return;
             }
         }
diff --git a/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php
@@ -73,7 +73,7 @@ public function authenticate(RequestEvent $event)
         }
 
         if (null !== $token = $this->tokenStorage->getToken()) {
-            if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && $token->getUsername() === $username) {
+            if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() && (method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername()) === $username) {
                 return;
             }
         }
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
diff --git a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php
diff --git a/src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php b/src/Symfony/Component/Security/Http/LoginLink/LoginLinkHandler.php
diff --git a/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php
diff --git a/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php b/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,13 @@ public function getSalt(): ?string`
`75`	`75`	`* {@inheritdoc}`
`76`	`76`	`*/`
`77`	`77`	`public function getUsername(): string`
	`78`	`+ {`
	`79`	`+ trigger_deprecation('symfony/security-core', '5.3', 'Method "%s" is deprecated and will be removed in 6.0, use getUserIdentifier() instead.', __METHOD__);`
	`80`	`+`
	`81`	`+ return $this->username;`
	`82`	`+ }`
	`83`	`+`
	`84`	`+ public function getUserIdentifier(): string`
`78`	`85`	`{`
`79`	`86`	`return $this->username;`
`80`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ public function refreshUser(UserInterface $user)`
`117`	`117`	`throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));`
`118`	`118`	`}`
`119`	`119`
`120`		`- return new LdapUser($user->getEntry(), $user->getUsername(), $user->getPassword(), $user->getRoles(), $user->getExtraFields());`
	`120`	`+ return new LdapUser($user->getEntry(), method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), $user->getPassword(), $user->getRoles(), $user->getExtraFields());`
`121`	`121`	`}`
`122`	`122`
`123`	`123`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -105,6 +105,10 @@ public function authenticate(TokenInterface $token)`
`105`	`105`	`$this->eventDispatcher->dispatch(new AuthenticationSuccessEvent($result), AuthenticationEvents::AUTHENTICATION_SUCCESS);`
`106`	`106`	`}`
`107`	`107`
	`108`	`+ if ($user = $result->getUser() instanceof UserInterface && !method_exists($result->getUser(), 'getUserIdentifier')) {`
	`109`	`+ trigger_deprecation('symfony/security-core', '5.3', 'Not implementing method "getUserIdentifier(): string" in user class "%s" is deprecated. This method will replace "getUsername()" in Symfony 6.0.', \get_class($result->getUser()));`
	`110`	`+ }`
	`111`	`+`
`108`	`112`	`return $result;`
`109`	`113`	`}`
`110`	`114`
Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ protected function retrieveUser(string $username, UsernamePasswordToken $token)`
`74`	`74`	`*/`
`75`	`75`	`protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)`
`76`	`76`	`{`
`77`		`- $username = $token->getUsername();`
	`77`	`+ $username = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();`
`78`	`78`	`$password = $token->getCredentials();`
`79`	`79`
`80`	`80`	`if ('' === (string) $password) {`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ public function authenticate(TokenInterface $token)`
`51`	`51`
`52`	`52`	`$user = $token->getUser();`
`53`	`53`
`54`		`- if (!$token->getUser() instanceof UserInterface) {`
	`54`	`+ if (!$user instanceof UserInterface) {`
`55`	`55`	`throw new LogicException(sprintf('Method "%s::getUser()" must return a "%s" instance, "%s" returned.', get_debug_type($token), UserInterface::class, get_debug_type($user)));`
`56`	`56`	`}`
`57`	`57`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ public function authenticate(TokenInterface $token)`
`55`	`55`	`throw new AuthenticationException('The token is not supported by this authentication provider.');`
`56`	`56`	`}`
`57`	`57`
`58`		`- $username = $token->getUsername();`
	`58`	`+ $username = method_exists($token, 'getUserIdentifier') ? $token->getUserIdentifier() : $token->getUsername();`
`59`	`59`	`if ('' === $username \|\| null === $username) {`
`60`	`60`	`$username = AuthenticationProviderInterface::USERNAME_NONE_PROVIDED;`
`61`	`61`	`}`