Revert nullable argument and use nulltoken class

Author: acrobat

Domain/SecurityIdentityRetrievalStrategy.php

@@ -14,6 +14,7 @@
 use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
+use Symfony\Component\Security\Core\Authentication\Token\NullToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
@@ -42,24 +43,22 @@ public function __construct(RoleHierarchyInterface $roleHierarchy, Authenticatio
      *
      * @return RoleSecurityIdentity[]
      */
-    public function getSecurityIdentities(?TokenInterface $token)
+    public function getSecurityIdentities(TokenInterface $token)
     {
         $sids = [];
 
         // add user security identity
-        if (!$token instanceof AnonymousToken && null !== $token) {
+        if (!$token instanceof AnonymousToken && !$token instanceof NullToken) {
             try {
                 $sids[] = UserSecurityIdentity::fromToken($token);
             } catch (\InvalidArgumentException $e) {
                 // ignore, user has no user security identity
             }
         }
 
-        if (null !== $token) {
-            // add all reachable roles
-            foreach ($this->roleHierarchy->getReachableRoleNames($token->getRoleNames()) as $role) {
-                $sids[] = new RoleSecurityIdentity($role);
-            }
+        // add all reachable roles
+        foreach ($this->roleHierarchy->getReachableRoleNames($token->getRoleNames()) as $role) {
+            $sids[] = new RoleSecurityIdentity($role);
         }
 
         // add built-in special roles
@@ -77,7 +76,7 @@ public function getSecurityIdentities(?TokenInterface $token)
         return $sids;
     }
 
-    private function isNotAuthenticated(?TokenInterface $token): bool
+    private function isNotAuthenticated(TokenInterface $token): bool
     {
         if (\defined('\Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter::PUBLIC_ACCESS')) {
             return !$this->authenticationTrustResolver->isAuthenticated($token);

Tests/Domain/SecurityIdentityRetrievalStrategyTest.php

@@ -11,7 +11,6 @@
 
 namespace Symfony\Component\Security\Acl\Tests\Domain;
 
-use PHPUnit\Framework\Assert;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
 use Symfony\Component\Security\Acl\Domain\SecurityIdentityRetrievalStrategy;
@@ -20,6 +19,7 @@
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
 use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
+use Symfony\Component\Security\Core\Authentication\Token\NullToken;
 use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
@@ -31,7 +31,7 @@ class SecurityIdentityRetrievalStrategyTest extends TestCase
      */
     public function testGetSecurityIdentities($user, array $roles, string $authenticationStatus, array $sids)
     {
-        $token = null;
+        $token = class_exists(NullToken::class) ? new NullToken() : new AnonymousToken('', '');
         if ('anonymous' !== $authenticationStatus) {
             $class = '';
             if (\is_string($user)) {
@@ -190,8 +190,6 @@ public function __construct(array $roles)
 
             public function getReachableRoleNames(array $roles): array
             {
-                Assert::assertSame(['foo'], $roles);
-
                 return $this->roles;
             }
         };