* Dispatch`SwitchUserEvent` on`security.switch_user`

* Deprecated`Argon2iPasswordEncoder`, use`SodiumPasswordEncoder` instead

* Deprecated`BCryptPasswordEncoder`, use`NativePasswordEncoder` instead

* Added`DeauthenticatedEvent` dispatched in case the user has changed when trying to refresh it

4.2.0

* Passing custom class names to the

`Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver` to define

custom anonymous and remember me token classes is deprecated. To

use custom tokens, extend theexisting`Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`

use custom tokens, extend theex~~~~isting`Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`

or`Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.

* allow passing null as $filter in LdapUserProvider to get the default filter

* accessing the user object that is not an instance of`UserInterface` from`Security::getUser()` is deprecated

namespaceSymfony\Component\Security\Http\Event;

useSymfony\Component\Security\Core\Authentication\Token\TokenInterface;

useSymfony\Component\Security\Core\User\UserInterface;

useSymfony\Contracts\EventDispatcher\Event;

class DeauthenticatedEventextends Event

{

private$token;

private$user;

publicfunction__construct(TokenInterface$token,UserInterface$user)

{

$this->token =$token;

$this->user =$user;

}

publicfunctiongetToken():TokenInterface

{

return$this->token;

}

publicfunctiongetUser():UserInterface

{

return$this->user;

}

}

useSymfony\Component\Security\Core\Role\SwitchUserRole;

useSymfony\Component\Security\Core\User\UserInterface;

useSymfony\Component\Security\Core\User\UserProviderInterface;

useSymfony\Component\Security\Http\Event\DeauthenticatedEvent;

$this->logger->debug('Token was deauthenticated after trying to refresh it.');

}

if (null !==$this->dispatcher) {

$token->setUser($refreshedUser);

$this->dispatcher->dispatch(newDeauthenticatedEvent($token,$user), DeauthenticatedEvent::class);

}

returnnull;

}

useSymfony\Component\Security\Core\User\User;

useSymfony\Component\Security\Core\User\UserInterface;

useSymfony\Component\Security\Core\User\UserProviderInterface;

useSymfony\Component\Security\Http\Event\DeauthenticatedEvent;

useSymfony\Component\Security\Http\Firewall\ContextListener;

class ContextListenerTestextends TestCase

$this->assertSame($refreshedUser,$tokenStorage->getToken()->getUser());

}

publicfunctiontestDeauthenticatedEvent()

{

$tokenStorage =newTokenStorage();

$refreshedUser =newUser('foobar','baz');

$user =newUser('foo','bar');

$session =newSession(newMockArraySessionStorage());

$session->set('_security_context_key',serialize(newUsernamePasswordToken($user,'','context_key', ['ROLE_USER'])));

$request =newRequest();

$request->setSession($session);

$request->cookies->set('MOCKSESSID',true);

$eventDispatcher =newEventDispatcher();

$eventDispatcher->addListener(DeauthenticatedEvent::class,function ($event)use ($user) {

$this->assertEquals($event->getWrappedEvent()->getUser(),$user);

});

$listener =newContextListener($tokenStorage, [newNotSupportingUserProvider(),newSupportingUserProvider($refreshedUser)],'context_key',null,$eventDispatcher);

$listener(newRequestEvent($this->getMockBuilder(HttpKernelInterface::class)->getMock(),$request, HttpKernelInterface::MASTER_REQUEST));

$this->assertNull($tokenStorage->getToken());

}

protectedfunctionrunSessionOnKernelResponse($newToken,$original =null)

{

$session =newSession(newMockArraySessionStorage());