[Security] Deprecate remaining anonymous checks

wouterj · wouterj · commit d6de7d5ddc7c · 2021-08-13T21:58:36.000+02:00
diff --git a/UPGRADE-5.4.md b/UPGRADE-5.4.md
@@ -62,6 +62,30 @@ Security
  * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
  * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
  * Deprecate not returning an `UserInterface` from `Token::getUser()`
+ * Deprecate `AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and `AuthenticatedVoter::IS_ANONYMOUS`,
+   use `AuthenticatedVoter::PUBLIC_ACCESS` instead.
+
+   Before:
+   ```yaml
+   # config/packages/security.yaml
+   security:
+       # ...
+       access_control:
+           - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+   ```
+
+   After:
+   ```yaml
+   # config/packages/security.yaml
+   security:
+       # ...
+       access_control:
+           - { path: ^/login, roles: PUBLIC_ACCESS }
+   ```
+
+ * Deprecate `AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression function
+   as anonymous no longer exists in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead
+   if you want to check if the request is (fully) authenticated.
  * Deprecate the `$authManager` argument of `AccessListener`, the argument will be removed
  * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor, the argument will be removed
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
diff --git a/UPGRADE-6.0.md b/UPGRADE-6.0.md
@@ -210,6 +210,30 @@ Security
  * Remove `AnonymousToken`
  * Remove `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
  * Restrict the return type of `Token::getUser()` to `UserInterface` (removing `string|\Stringable`)
+ * Remove `AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and `AuthenticatedVoter::IS_ANONYMOUS`,
+   use `AuthenticatedVoter::PUBLIC_ACCESS` instead.
+
+   Before:
+   ```yaml
+   # config/packages/security.yaml
+   security:
+       # ...
+       access_control:
+           - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+   ```
+
+   After:
+   ```yaml
+   # config/packages/security.yaml
+   security:
+       # ...
+       access_control:
+           - { path: ^/login, roles: PUBLIC_ACCESS }
+   ```
+
+ * Remove `AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression function
+   as anonymous no longer exists in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead
+   if you want to check if the request is (fully) authenticated.
  * Remove the 4th and 5th argument of `AuthorizationChecker`
  * Remove the 5th argument of `AccessListener`
  * Remove class `User`, use `InMemoryUser` or your own implementation instead.
diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 5.4
 ---
 
+ * Deprecate `FirewallConfig::allowsAnonymous()` and the `allows_anonymous` from the data collector data, there will be no anonymous concept as of version 6.
  * Deprecate not setting `$authenticatorManagerEnabled` to `true` in `SecurityDataCollector` and `DebugFirewallCommand`
  * Deprecate `SecurityFactoryInterface` and `SecurityExtension::addSecurityListenerFactory()` in favor of
    `AuthenticatorFactoryInterface` and `SecurityExtension::addAuthenticatorFactory()`
diff --git a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
@@ -184,7 +184,7 @@ public function collect(Request $request, Response $response, \Throwable $except
             if (null !== $firewallConfig) {
                 $this->data['firewall'] = [
                     'name' => $firewallConfig->getName(),
-                    'allows_anonymous' => $firewallConfig->allowsAnonymous(),
+                    'allows_anonymous' => $this->authenticatorManagerEnabled ? false : $firewallConfig->allowsAnonymous(),
                     'request_matcher' => $firewallConfig->getRequestMatcher(),
                     'security_enabled' => $firewallConfig->isSecurityEnabled(),
                     'stateless' => $firewallConfig->isStateless(),
diff --git a/src/Symfony/Bundle/SecurityBundle/Security/FirewallConfig.php b/src/Symfony/Bundle/SecurityBundle/Security/FirewallConfig.php
@@ -64,8 +64,13 @@ public function isSecurityEnabled(): bool
         return $this->securityEnabled;
     }
 
+    /**
+     * @deprecated since 5.4
+     */
     public function allowsAnonymous(): bool
     {
+        trigger_deprecation('symfony/security-bundle', '5.4', 'The "%s()" method is deprecated.', __METHOD__);
+
         return \in_array('anonymous', $this->listeners, true);
     }
 
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
@@ -141,7 +141,6 @@ public function testGetFirewall()
         $collected = $collector->getFirewall();
 
         $this->assertSame($firewallConfig->getName(), $collected['name']);
-        $this->assertSame($firewallConfig->allowsAnonymous(), $collected['allows_anonymous']);
         $this->assertSame($firewallConfig->getRequestMatcher(), $collected['request_matcher']);
         $this->assertSame($firewallConfig->isSecurityEnabled(), $collected['security_enabled']);
         $this->assertSame($firewallConfig->isStateless(), $collected['stateless']);
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/base_config.yml
@@ -53,5 +53,5 @@ security:
         - { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/secured-by-one-env-placeholder-multiple-ips-and-one-real-ip$, ips: ['%env(APP_IPS)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/highly_protected_resource$, roles: IS_ADMIN }
-        - { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
+        - { path: ^/protected-via-expression$, allow_if: "(!is_authenticated() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
         - { path: .*, roles: IS_AUTHENTICATED_FULLY }
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallConfigTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Security/FirewallConfigTest.php
@@ -18,7 +18,7 @@ class FirewallConfigTest extends TestCase
 {
     public function testGetters()
     {
-        $listeners = ['logout', 'remember_me', 'anonymous'];
+        $listeners = ['logout', 'remember_me'];
         $options = [
             'request_matcher' => 'foo_request_matcher',
             'security' => false,
@@ -57,7 +57,6 @@ public function testGetters()
         $this->assertSame($options['access_denied_handler'], $config->getAccessDeniedHandler());
         $this->assertSame($options['access_denied_url'], $config->getAccessDeniedUrl());
         $this->assertSame($options['user_checker'], $config->getUserChecker());
-        $this->assertTrue($config->allowsAnonymous());
         $this->assertSame($listeners, $config->getListeners());
         $this->assertSame($options['switch_user'], $config->getSwitchUser());
     }
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolver.php
@@ -23,11 +23,22 @@
  */
 class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface
 {
+    public function isAuthenticated(TokenInterface $token = null): bool
+    {
+        return null !== $token && !$token instanceof NullToken
+            // @deprecated since Symfony 5.4, TokenInterface::isAuthenticated() and AnonymousToken no longer exists in 6.0
+            && !$token instanceof AnonymousToken && $token->isAuthenticated(false);
+    }
+
     /**
      * {@inheritdoc}
      */
-    public function isAnonymous(TokenInterface $token = null)
+    public function isAnonymous(TokenInterface $token = null/*, $deprecation = true*/)
     {
+        if (1 === \func_num_args() || false !== func_get_arg(1)) {
+            trigger_deprecation('symfony/security-core', '5.4', 'The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.', __METHOD__);
+        }
+
         if (null === $token) {
             return false;
         }
@@ -56,6 +67,6 @@ public function isFullFledged(TokenInterface $token = null)
             return false;
         }
 
-        return !$this->isAnonymous($token) && !$this->isRememberMe($token);
+        return !$this->isAnonymous($token, false) && !$this->isRememberMe($token);
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolverInterface.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationTrustResolverInterface.php
@@ -17,6 +17,8 @@
  * Interface for resolving the authentication status of a given token.
  *
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ *
+ * @method bool isAuthenticated(TokenInterface $token = null)
  */
 interface AuthenticationTrustResolverInterface
 {
@@ -27,6 +29,8 @@ interface AuthenticationTrustResolverInterface
      * If null is passed, the method must return false.
      *
      * @return bool
+     *
+     * @deprecated since 5.4
      */
     public function isAnonymous(TokenInterface $token = null);
 
diff --git a/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php b/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php
@@ -13,6 +13,7 @@
 
 use Symfony\Component\ExpressionLanguage\ExpressionFunction;
 use Symfony\Component\ExpressionLanguage\ExpressionFunctionProviderInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
 
 /**
  * Define some ExpressionLanguage functions.
@@ -25,15 +26,18 @@ public function getFunctions()
     {
         return [
             new ExpressionFunction('is_anonymous', function () {
-                return '$token && $auth_checker->isGranted("IS_ANONYMOUS")';
+                return 'trigger_deprecation("symfony/security-core", "5.4", "The \"is_anonymous()\" expression function is deprecated.") || ($token && $auth_checker->isGranted("IS_ANONYMOUS"))';
             }, function (array $variables) {
+                trigger_deprecation('symfony/security-core', '5.4', 'The "is_anonymous()" expression function is deprecated.');
+
                 return $variables['token'] && $variables['auth_checker']->isGranted('IS_ANONYMOUS');
             }),
 
+            // @deprecated remove the ternary and always use IS_AUTHENTICATED in 6.0
             new ExpressionFunction('is_authenticated', function () {
-                return '$token && !$auth_checker->isGranted("IS_ANONYMOUS")';
+                return 'defined("'.AuthenticatedVoter::class.'::IS_AUTHENTICATED") ? $auth_checker->isGranted("IS_AUTHENTICATED") : ($token && !$auth_checker->isGranted("IS_ANONYMOUS"))';
             }, function (array $variables) {
-                return $variables['token'] && !$variables['auth_checker']->isGranted('IS_ANONYMOUS');
+                return \defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED') ? $variables['auth_checker']->isGranted('IS_AUTHENTICATED') : ($variables['token'] && !$variables['auth_checker']->isGranted('IS_ANONYMOUS'));
             }),
 
             new ExpressionFunction('is_fully_authenticated', function () {
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
@@ -12,12 +12,13 @@
 namespace Symfony\Component\Security\Core\Authorization\Voter;
 
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
+use Symfony\Component\Security\Core\Authentication\Token\NullToken;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 /**
  * AuthenticatedVoter votes if an attribute like IS_AUTHENTICATED_FULLY,
- * IS_AUTHENTICATED_REMEMBERED, or IS_AUTHENTICATED_ANONYMOUSLY is present.
+ * IS_AUTHENTICATED_REMEMBERED, IS_AUTHENTICATED is present.
  *
  * This list is most restrictive to least restrictive checking.
  *
@@ -28,8 +29,15 @@ class AuthenticatedVoter implements VoterInterface
 {
     public const IS_AUTHENTICATED_FULLY = 'IS_AUTHENTICATED_FULLY';
     public const IS_AUTHENTICATED_REMEMBERED = 'IS_AUTHENTICATED_REMEMBERED';
+    /**
+     * @deprecated since 5.4
+     */
     public const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY';
+    /**
+     * @deprecated since 5.4
+     */
     public const IS_ANONYMOUS = 'IS_ANONYMOUS';
+    public const IS_AUTHENTICATED = 'IS_AUTHENTICATED';
     public const IS_IMPERSONATOR = 'IS_IMPERSONATOR';
     public const IS_REMEMBERED = 'IS_REMEMBERED';
     public const PUBLIC_ACCESS = 'PUBLIC_ACCESS';
@@ -55,6 +63,7 @@ public function vote(TokenInterface $token, $subject, array $attributes)
             if (null === $attribute || (self::IS_AUTHENTICATED_FULLY !== $attribute
                     && self::IS_AUTHENTICATED_REMEMBERED !== $attribute
                     && self::IS_AUTHENTICATED_ANONYMOUSLY !== $attribute
+                    && self::IS_AUTHENTICATED !== $attribute
                     && self::IS_ANONYMOUS !== $attribute
                     && self::IS_IMPERSONATOR !== $attribute
                     && self::IS_REMEMBERED !== $attribute)) {
@@ -78,6 +87,16 @@ public function vote(TokenInterface $token, $subject, array $attributes)
                 && ($this->authenticationTrustResolver->isAnonymous($token)
                     || $this->authenticationTrustResolver->isRememberMe($token)
                     || $this->authenticationTrustResolver->isFullFledged($token))) {
+                trigger_deprecation('symfony/security-core', '5.4', 'The "IS_AUTHENTICATED_ANONYMOUSLY" security attribute is deprecated, use "IS_AUTHENTICATED" or "IS_AUTHENTICATED_FULLY" instead if you want to check if the request is (fully) authenticated.');
+
+                return VoterInterface::ACCESS_GRANTED;
+            }
+
+            // @deprecated $this->authenticationTrustResolver must implement isAuthenticated() in 6.0
+            if (self::IS_AUTHENTICATED === $attribute
+                && (method_exists($this->authenticationTrustResolver, 'isAuthenticated')
+                    ? $this->authenticationTrustResolver->isAuthenticated($token)
+                    : (null !== $token && !$token instanceof NullToken))) {
                 return VoterInterface::ACCESS_GRANTED;
             }
 
@@ -86,6 +105,8 @@ public function vote(TokenInterface $token, $subject, array $attributes)
             }
 
             if (self::IS_ANONYMOUS === $attribute && $this->authenticationTrustResolver->isAnonymous($token)) {
+                trigger_deprecation('symfony/security-core', '5.4', 'The "IS_ANONYMOUSLY" security attribute is deprecated, anonymous no longer exists in version 6.');
+
                 return VoterInterface::ACCESS_GRANTED;
             }
 
diff --git a/src/Symfony/Component/Security/Core/CHANGELOG.md b/src/Symfony/Component/Security/Core/CHANGELOG.md
@@ -7,6 +7,11 @@ CHANGELOG
  * Deprecate `AnonymousToken`, as the related authenticator was deprecated in 5.3
  * Deprecate `Token::getCredentials()`, tokens should no longer contain credentials (as they represent authenticated sessions)
  * Deprecate returning `string|\Stringable` from `Token::getUser()` (it must return a `UserInterface`)
+ * Deprecate `AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and `AuthenticatedVoter::IS_ANONYMOUS`,
+   use `AuthenticatedVoter::IS_AUTHENTICATED_FULLY` or `AuthenticatedVoter::IS_AUTHENTICATED` instead.
+ * Deprecate `AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression
+   function as anonymous no longer exists in version 6, use the `isFullFledged()` or the new
+   `isAuthenticated()` instead if you want to check if the request is (fully) authenticated.
  * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
    `$exceptionOnNoToken` argument to `false` of `AuthorizationChecker`
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationTrustResolverTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/AuthenticationTrustResolverTest.php
@@ -16,9 +16,14 @@
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
 use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\InMemoryUser;
+use Symfony\Component\Security\Core\User\User;
 
 class AuthenticationTrustResolverTest extends TestCase
 {
+    /**
+     * @group legacy
+     */
     public function testIsAnonymous()
     {
         $resolver = new AuthenticationTrustResolver();
@@ -50,6 +55,17 @@ public function testisFullFledged()
         $this->assertTrue($resolver->isFullFledged(new FakeCustomToken()));
     }
 
+    public function testIsAuthenticated()
+    {
+        $resolver = new AuthenticationTrustResolver();
+        $this->assertFalse($resolver->isAuthenticated(null));
+        $this->assertTrue($resolver->isAuthenticated($this->getRememberMeToken()));
+        $this->assertTrue($resolver->isAuthenticated(new FakeCustomToken()));
+    }
+
+    /**
+     * @group legacy
+     */
     public function testIsAnonymousWithClassAsConstructorButStillExtending()
     {
         $resolver = $this->getResolver();
@@ -102,7 +118,7 @@ protected function getToken()
 
     protected function getAnonymousToken()
     {
-        return $this->getMockBuilder(AnonymousToken::class)->setConstructorArgs(['', ''])->getMock();
+        return new AnonymousToken('secret', 'anon.');
     }
 
     private function getRealCustomAnonymousToken()
@@ -116,7 +132,9 @@ public function __construct()
 
     protected function getRememberMeToken()
     {
-        return $this->getMockBuilder(RememberMeToken::class)->setMethods(['setPersistent'])->disableOriginalConstructor()->getMock();
+        $user = class_exists(InMemoryUser::class) ? new InMemoryUser('wouter', '', ['ROLE_USER']) : new User('wouter', '', ['ROLE_USER']);
+
+        return new RememberMeToken($user, 'main', 'secret');
     }
 
     protected function getResolver()
@@ -176,6 +194,7 @@ public function getUserIdentifier(): string
 
     public function isAuthenticated(): bool
     {
+        return true;
     }
 
     public function setAuthenticated(bool $isAuthenticated)
diff --git a/src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php b/src/Symfony/Component/Security/Core/Tests/Authorization/ExpressionLanguageTest.php
diff --git a/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php b/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php

Original file line number	Diff line number	Diff line change
`@@ -64,8 +64,13 @@ public function isSecurityEnabled(): bool`
`64`	`64`	`return $this->securityEnabled;`
`65`	`65`	`}`
`66`	`66`
	`67`	`+ /**`
	`68`	`+ * @deprecated since 5.4`
	`69`	`+ */`
`67`	`70`	`public function allowsAnonymous(): bool`
`68`	`71`	`{`
	`72`	`+ trigger_deprecation('symfony/security-bundle', '5.4', 'The "%s()" method is deprecated.', __METHOD__);`
	`73`	`+`
`69`	`74`	`return \in_array('anonymous', $this->listeners, true);`
`70`	`75`	`}`
`71`	`76`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ class FirewallConfigTest extends TestCase`
`18`	`18`	`{`
`19`	`19`	`public function testGetters()`
`20`	`20`	`{`
`21`		`- $listeners = ['logout', 'remember_me', 'anonymous'];`
	`21`	`+ $listeners = ['logout', 'remember_me'];`
`22`	`22`	`$options = [`
`23`	`23`	`'request_matcher' => 'foo_request_matcher',`
`24`	`24`	`'security' => false,`
`@@ -57,7 +57,6 @@ public function testGetters()`
`57`	`57`	`$this->assertSame($options['access_denied_handler'], $config->getAccessDeniedHandler());`
`58`	`58`	`$this->assertSame($options['access_denied_url'], $config->getAccessDeniedUrl());`
`59`	`59`	`$this->assertSame($options['user_checker'], $config->getUserChecker());`
`60`		`- $this->assertTrue($config->allowsAnonymous());`
`61`	`60`	`$this->assertSame($listeners, $config->getListeners());`
`62`	`61`	`$this->assertSame($options['switch_user'], $config->getSwitchUser());`
`63`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,11 +23,22 @@`
`23`	`23`	`*/`
`24`	`24`	`class AuthenticationTrustResolver implements AuthenticationTrustResolverInterface`
`25`	`25`	`{`
	`26`	`+ public function isAuthenticated(TokenInterface $token = null): bool`
	`27`	`+ {`
	`28`	`+ return null !== $token && !$token instanceof NullToken`
	`29`	`+ // @deprecated since Symfony 5.4, TokenInterface::isAuthenticated() and AnonymousToken no longer exists in 6.0`
	`30`	`+ && !$token instanceof AnonymousToken && $token->isAuthenticated(false);`
	`31`	`+ }`
	`32`	`+`
`26`	`33`	`/**`
`27`	`34`	`* {@inheritdoc}`
`28`	`35`	`*/`
`29`		`- public function isAnonymous(TokenInterface $token = null)`
	`36`	`+ public function isAnonymous(TokenInterface $token = null/, $deprecation = true/)`
`30`	`37`	`{`
	`38`	`+ if (1 === \func_num_args() \|\| false !== func_get_arg(1)) {`
	`39`	`+ trigger_deprecation('symfony/security-core', '5.4', 'The "%s()" method is deprecated, use "isAuthenticated()" or "isFullFledged()" if you want to check if the request is (fully) authenticated.', __METHOD__);`
	`40`	`+ }`
	`41`	`+`
`31`	`42`	`if (null === $token) {`
`32`	`43`	`return false;`
`33`	`44`	`}`
`@@ -56,6 +67,6 @@ public function isFullFledged(TokenInterface $token = null)`
`56`	`67`	`return false;`
`57`	`68`	`}`
`58`	`69`
`59`		`- return !$this->isAnonymous($token) && !$this->isRememberMe($token);`
	`70`	`+ return !$this->isAnonymous($token, false) && !$this->isRememberMe($token);`
`60`	`71`	`}`
`61`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@`
`17`	`17`	`* Interface for resolving the authentication status of a given token.`
`18`	`18`	`*`
`19`	`19`	`* @author Johannes M. Schmitt <schmittjoh@gmail.com>`
	`20`	`+ *`
	`21`	`+ * @method bool isAuthenticated(TokenInterface $token = null)`
`20`	`22`	`*/`
`21`	`23`	`interface AuthenticationTrustResolverInterface`
`22`	`24`	`{`
`@@ -27,6 +29,8 @@ interface AuthenticationTrustResolverInterface`
`27`	`29`	`* If null is passed, the method must return false.`
`28`	`30`	`*`
`29`	`31`	`* @return bool`
	`32`	`+ *`
	`33`	`+ * @deprecated since 5.4`
`30`	`34`	`*/`
`31`	`35`	`public function isAnonymous(TokenInterface $token = null);`
`32`	`36`