[Security] make TokenInterface::getUser() nullable to tell about unauthenticated tokens

nicolas-grekas · nicolas-grekas · commit d8beb0c8a3dc · 2021-08-20T09:39:46.000+02:00
diff --git a/DataCollector/SecurityDataCollector.php b/DataCollector/SecurityDataCollector.php
@@ -127,7 +127,7 @@ public function collect(Request $request, Response $response, \Throwable $except
 
             $this->data = [
                 'enabled' => true,
-                'authenticated' => method_exists($token, 'isAuthenticated') ? $token->isAuthenticated(false) : true,
+                'authenticated' => method_exists($token, 'isAuthenticated') ? $token->isAuthenticated(false) : (bool) $token->getUser(),
                 'impersonated' => null !== $impersonatorUser,
                 'impersonator_user' => $impersonatorUser,
                 'impersonation_exit_path' => null,
