diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
index 67d992ce4e2c3..4a92b60636eb5 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
@@ -11,6 +11,7 @@
namespace Symfony\Component\Security\Core\Authentication\Token;
+use Symfony\Component\Security\Core\User\EquatableInterface;
use Symfony\Component\Security\Core\User\InMemoryUser;
use Symfony\Component\Security\Core\User\UserInterface;
@@ -23,24 +24,24 @@
abstract class AbstractToken implements TokenInterface, \Serializable
{
private ?UserInterface $user = null;
- private array $roleNames = [];
+ private array $roleNames;
private array $attributes = [];
/**
* @param string[] $roles An array of roles
- *
- * @throws \InvalidArgumentException
*/
public function __construct(array $roles = [])
{
+ $this->roleNames = [];
+
foreach ($roles as $role) {
- $this->roleNames[] = $role;
+ $this->roleNames[] = (string) $role;
}
}
public function getRoleNames(): array
{
- return $this->roleNames;
+ return $this->roleNames ??= self::__construct($this->user->getRoles()) ?? $this->roleNames;
}
public function getUserIdentifier(): string
@@ -82,7 +83,13 @@ public function eraseCredentials(): void
*/
public function __serialize(): array
{
- return [$this->user, true, null, $this->attributes, $this->roleNames];
+ $data = [$this->user, true, null, $this->attributes];
+
+ if (!$this->user instanceof EquatableInterface) {
+ $data[] = $this->roleNames;
+ }
+
+ return $data;
}
/**
@@ -103,7 +110,12 @@ public function __serialize(): array
*/
public function __unserialize(array $data): void
{
- [$user, , , $this->attributes, $this->roleNames] = $data;
+ [$user, , , $this->attributes] = $data;
+
+ if (\array_key_exists(4, $data)) {
+ $this->roleNames = $data[4];
+ }
+
$this->user = \is_string($user) ? new InMemoryUser($user, '', $this->roleNames, false) : $user;
}
diff --git a/src/Symfony/Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php b/src/Symfony/Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php
index 5555ce0b59f08..5a874291aeea5 100644
--- a/src/Symfony/Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php
@@ -53,6 +53,7 @@ public function testSharedSerializedData()
$exception->setSafeMessage('message', ['token' => $token]);
$processed = unserialize(serialize($exception));
+ $this->assertSame($token->getRoleNames(), $processed->getToken()->getRoleNames());
$this->assertEquals($token, $processed->getToken());
$this->assertEquals($token, $processed->getMessageData()['token']);
$this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
@@ -67,6 +68,7 @@ public function testSharedSerializedDataFromChild()
$exception->setToken($token);
$processed = unserialize(serialize($exception));
+ $this->assertSame($token->getRoleNames(), $processed->getToken()->getRoleNames());
$this->assertEquals($token, $processed->childMember);
$this->assertEquals($token, $processed->getToken());
$this->assertSame($processed->getToken(), $processed->childMember);
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
index 11523b5e27b6a..11a1132fe9a69 100644
--- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -301,11 +301,12 @@ private static function hasUserChanged(UserInterface $originalUser, TokenInterfa
}
}
- $userRoles = array_map('strval', $refreshedUser->getRoles());
+ $refreshedRoles = array_map('strval', $refreshedUser->getRoles());
+ $originalRoles = $refreshedToken->getRoleNames(); // This comes from cloning the original token, so it still contains the roles of the original user
if (
- \count($userRoles) !== \count($refreshedToken->getRoleNames())
- || \count($userRoles) !== \count(array_intersect($userRoles, $refreshedToken->getRoleNames()))
+ \count($refreshedRoles) !== \count($originalRoles)
+ || \count($refreshedRoles) !== \count(array_intersect($refreshedRoles, $originalRoles))
) {
return true;
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy