[Security | Testing] Re-adjust functional security testing

[Steveb-p]

Link to related docs: https://symfony.com/doc/current/testing/http_authentication.html

Recently introduced commit: symfony/symfony@a51a0c5 adds a helper method to allow easy logging-in when testing.

However, docs for testing (https://github.com/symfony/symfony-docs/blob/master/testing/http_authentication.rst) do not reflect it yet.

Also - unless I'm mistaken - there was a change between 4.3 and 4.4 that makes providers reload users when authentication is checked
https://github.com/symfony/symfony/blob/4dd6e2f0b2daefc2bddd08aa056370afb1c1cb1d/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L127
which causes the solution presented (the one with Token) to no longer work - user is invalidated and AnonymousToken is injected into TokenStorage instead.

I'd suggest creating an inline, anonymous class for token in docs to show users on Symfony 4.4/5.0 how to properly test their endpoint security, while noting that Symfony 5.1 will have the helper method.

[wouterj]

Thanks!

We did already document the new feature in a different chapter: https://symfony.com/doc/master/testing.html#logging-in-users-authentication

I've modified the HTTP Authentication chapter in 5.1 in #13523 to better link to this new section. I've also updated the examples for 4.4 & 5.0 (I hope) in #13524.

[Steveb-p]

Awesome @wouterj, thanks 👍