Skip to content

Security expression doc about check anonymous user is misleading #11950

New issue
New issue
Closed
Closed
Security expression doc about check anonymous user is misleading#11950
Labels
SecurityactionableClear and specific issues ready for anyone to take them.buggood first issueIdeal for your first contribution! (some Symfony experience may be required)
@andrew-demb

Description

@andrew-demb
andrew-demb
opened on Jul 11, 2019

Issue with page: https://symfony.com/doc/current/security/expressions.html

In https://symfony.com/doc/current/security.html#checking-to-see-if-a-user-is-logged-in-is-authenticated-fully docs are provide information, that IS_AUTHENTICATED_ANONYMOUSLY attribute are granted for anon. tokens and fully authenticated.

IS_AUTHENTICATED_ANONYMOUSLY: All users (even anonymous ones)

On https://symfony.com/doc/current/security/expressions.html we see, that is_anonymous() expression are the same as IS_AUTHENTICATED_ANONYMOUSLY.

is_anonymous
Equal to using IS_AUTHENTICATED_ANONYMOUSLY with the isGranted() function.

But in code we can see, that is_anonymous() returns true only for anon. tokens.

https://github.com/symfony/symfony/blob/ea92f38c52eaf5951911df6fa39eb258716ecd21/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php#L30

return $variables['trust_resolver']->isAnonymous($variables['token']);

Metadata

Metadata

Assignees

No one assigned

    Labels

    SecurityactionableClear and specific issues ready for anyone to take them.buggood first issueIdeal for your first contribution! (some Symfony experience may be required)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions