Removed AnonymousToken from the authenticator system

wouterj · fabpot · commit eadb75975ee3 · 2020-05-03T08:43:40.000+02:00
* Anonymous users are actual to unauthenticated users, both are now represented by no token
* Added a PUBLIC_ACCESS Security attribute to be used in access_control
* Deprecated "anonymous: lazy" in favor of "lazy: true"
diff --git a/Authorization/AuthorizationChecker.php b/Authorization/AuthorizationChecker.php
@@ -29,24 +29,30 @@ class AuthorizationChecker implements AuthorizationCheckerInterface
     private $accessDecisionManager;
     private $authenticationManager;
     private $alwaysAuthenticate;
+    private $exceptionOnNoToken;
 
-    public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, AccessDecisionManagerInterface $accessDecisionManager, bool $alwaysAuthenticate = false)
+    public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, AccessDecisionManagerInterface $accessDecisionManager, bool $alwaysAuthenticate = false, bool $exceptionOnNoToken = true)
     {
         $this->tokenStorage = $tokenStorage;
         $this->authenticationManager = $authenticationManager;
         $this->accessDecisionManager = $accessDecisionManager;
         $this->alwaysAuthenticate = $alwaysAuthenticate;
+        $this->exceptionOnNoToken = $exceptionOnNoToken;
     }
 
     /**
      * {@inheritdoc}
      *
-     * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token
+     * @throws AuthenticationCredentialsNotFoundException when the token storage has no authentication token and $exceptionOnNoToken is set to true
      */
     final public function isGranted($attribute, $subject = null): bool
     {
         if (null === ($token = $this->tokenStorage->getToken())) {
-            throw new AuthenticationCredentialsNotFoundException('The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.');
+            if ($this->exceptionOnNoToken) {
+                throw new AuthenticationCredentialsNotFoundException('The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.');
+            }
+
+            return false;
         }
 
         if ($this->alwaysAuthenticate || !$token->isAuthenticated()) {
diff --git a/Tests/Authorization/AuthorizationCheckerTest.php b/Tests/Authorization/AuthorizationCheckerTest.php
@@ -73,6 +73,13 @@ public function testVoteWithoutAuthenticationToken()
         $this->authorizationChecker->isGranted('ROLE_FOO');
     }
 
+    public function testVoteWithoutAuthenticationTokenAndExceptionOnNoTokenIsFalse()
+    {
+        $authorizationChecker = new AuthorizationChecker($this->tokenStorage, $this->authenticationManager, $this->accessDecisionManager, false, false);
+
+        $this->assertFalse($authorizationChecker->isGranted('ROLE_FOO'));
+    }
+
     /**
      * @dataProvider isGrantedProvider
      */
