[Security] Deprecate the is_anonymous() expression function

wouterj · wouterj · commit e77f4c824228 · 2021-08-12T21:37:54.000+02:00
diff --git a/UPGRADE-5.4.md b/UPGRADE-5.4.md
@@ -61,9 +61,9 @@ Security
 
  * Deprecate `AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and `AuthenticatedVoter::IS_ANONYMOUS`,
    use `AuthenticatedVoter::IS_AUTHENTICATED_FULLY` or `AuthenticatedVoter::IS_AUTHENTICATED` instead.
- * Deprecate `AuthenticationTrustResolverInterface::isAnonymous()` as anonymous no longer exists
-   in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead if you want to
-   check if the request is (fully) authenticated.
+ * Deprecate `AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression function
+   as anonymous no longer exists in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead
+   if you want to check if the request is (fully) authenticated.
  * Deprecate the `$authManager` argument of `AccessListener`
  * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
diff --git a/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php b/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php
@@ -26,16 +26,18 @@ public function getFunctions()
     {
         return [
             new ExpressionFunction('is_anonymous', function () {
-                return '$token && $auth_checker->isGranted("IS_ANONYMOUS")';
+                return 'trigger_deprecation("symfony/security-core", "5.4", "The \"is_anonymous()\" expression function is deprecated.") || ($token && $auth_checker->isGranted("IS_ANONYMOUS"))';
             }, function (array $variables) {
+                trigger_deprecation('symfony/security-core', '5.4', 'The "is_anonymous()" expression function is deprecated.');
+
                 return $variables['token'] && $variables['auth_checker']->isGranted('IS_ANONYMOUS');
             }),
 
             // @deprecated remove the ternary and always use IS_AUTHENTICATED in 6.0
             new ExpressionFunction('is_authenticated', function () {
                 return 'defined("'.AuthenticatedVoter::class.'::IS_AUTHENTICATED") ? $auth_checker->isGranted("IS_AUTHENTICATED") : ($token && !$auth_checker->isGranted("IS_ANONYMOUS"))';
             }, function (array $variables) {
-                return defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED') ? $variables['auth_checker']->isGranted('IS_AUTHENTICATED') : ($variables['token'] && !$variables['auth_checker']->isGranted('IS_ANONYMOUS'));
+                return \defined(AuthenticatedVoter::class.'::IS_AUTHENTICATED') ? $variables['auth_checker']->isGranted('IS_AUTHENTICATED') : ($variables['token'] && !$variables['auth_checker']->isGranted('IS_ANONYMOUS'));
             }),
 
             new ExpressionFunction('is_fully_authenticated', function () {
diff --git a/src/Symfony/Component/Security/Core/CHANGELOG.md b/src/Symfony/Component/Security/Core/CHANGELOG.md
@@ -6,9 +6,9 @@ CHANGELOG
 
  * Deprecate `AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY` and `AuthenticatedVoter::IS_ANONYMOUS`,
    use `AuthenticatedVoter::IS_AUTHENTICATED_FULLY` or `AuthenticatedVoter::IS_AUTHENTICATED` instead.
- * Deprecate `AuthenticationTrustResolverInterface::isAnonymous()` as anonymous no longer exists
-   in version 6, use the `isFullFledged()` or the new `isAuthenticated()` instead if you want to
-   check if the request is (fully) authenticated.
+ * Deprecate `AuthenticationTrustResolverInterface::isAnonymous()` and the `is_anonymous()` expression
+   function as anonymous no longer exists in version 6, use the `isFullFledged()` or the new
+   `isAuthenticated()` instead if you want to check if the request is (fully) authenticated.
  * Deprecate the `$authenticationManager` argument of the `AuthorizationChecker` constructor
  * Deprecate setting the `$alwaysAuthenticate` argument to `true` and not setting the
    `$exceptionOnNoToken` argument to `false` of `AuthorizationChecker`
