symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/SecuredPageBundle/Resources/config/routing.yml
Copy file name to clipboard
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/SecuredPageBundle/Resources/config/routing.yml
Copy file name to clipboard
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php
+6-6Lines changed: 6 additions & 6 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/SecuredPageBundle/Security/Core/User/ArrayUserProvider.php
+6-6Lines changed: 6 additions & 6 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
+107-6Lines changed: 107 additions & 6 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityTest.php
+107-6Lines changed: 107 additions & 6 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml
+1-2Lines changed: 1 addition & 2 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/AbstractTokenCompareRoles/config.yml
+1-2Lines changed: 1 addition & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+3-17Lines changed: 3 additions & 17 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+3-17Lines changed: 3 additions & 17 deletions
diff --git a/‎src/Symfony/Component/Security/Core/User/User.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/User/User.php
+11Lines changed: 11 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/User/User.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/User/User.php
+11Lines changed: 11 additions & 0 deletions
@@ -1,3 +1,3 @@
 admin:
     path:     /admin
-    defaults: { _controller: SecuredPageBundle:Admin:index }
+    defaults: { _controller: \Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Controller\AdminController::indexAction }
@@ -4,21 +4,20 @@
 
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
 use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
-use Symfony\Component\Security\Core\User\User;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
 
 class ArrayUserProvider implements UserProviderInterface
 {
-    /** @var User[] */
+    /** @var UserInterface[] */
     private $users = [];
 
-    public function addUser(User $user)
+    public function addUser(UserInterface $user)
     {
         $this->users[$user->getUsername()] = $user;
     }
 
-    public function setUser($username, User $user)
+    public function setUser($username, UserInterface $user)
     {
         $this->users[$username] = $user;
     }
@@ -41,13 +40,14 @@ public function loadUserByUsername($username)
 
     public function refreshUser(UserInterface $user)
     {
-        if (!$user instanceof User) {
+        if (!$user instanceof UserInterface) {
             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', \get_class($user)));
         }
 
         $storedUser = $this->getUser($user->getUsername());
+        $class = get_class($storedUser);
 
-        return new User($storedUser->getUsername(), $storedUser->getPassword(), $storedUser->getRoles(), $storedUser->isEnabled(), $storedUser->isAccountNonExpired(), $storedUser->isCredentialsNonExpired() && $storedUser->getPassword() === $user->getPassword(), $storedUser->isAccountNonLocked());
+        return new $class($storedUser->getUsername(), $storedUser->getPassword(), $storedUser->getRoles(), $storedUser->isEnabled(), $storedUser->isAccountNonExpired(), $storedUser->isCredentialsNonExpired() && $storedUser->getPassword() === $user->getPassword(), $storedUser->isAccountNonLocked());
     }
 
     public function supportsClass($class)
 
@@ -13,8 +13,8 @@
 
 use Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\SecuredPageBundle\Security\Core\User\ArrayUserProvider;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
-use Symfony\Component\Security\Core\Role\Role;
 use Symfony\Component\Security\Core\User\User;
+use Symfony\Component\Security\Core\User\UserInterface;
 
 class SecurityTest extends WebTestCase
 {
@@ -37,22 +37,22 @@ public function testServiceIsFunctional()
     public function userWillBeMarkedAsChangedIfRolesHasChangedProvider()
     {
         return [
-            [new Role('ROLE_ADMIN'), new Role('ROLE_USER')],
-            ['ROLE_ADMIN', 'ROLE_USER'],
+            [User::class],
+            [UserWithoutEquatable::class],
         ];
     }
 
     /**
      * @dataProvider userWillBeMarkedAsChangedIfRolesHasChangedProvider
      */
-    public function testUserWillBeMarkedAsChangedIfRolesHasChanged($adminRole, $userRole)
+    public function testUserWillBeMarkedAsChangedIfRolesHasChanged($userClass)
     {
         $client = $this->createClient(['test_case' => 'AbstractTokenCompareRoles', 'root_config' => 'config.yml']);
         $client->disableReboot();
 
         /** @var ArrayUserProvider $userProvider */
         $userProvider = static::$kernel->getContainer()->get('security.user.provider.array');
-        $userProvider->addUser(new User('user1', 'test', [$adminRole]));
+        $userProvider->addUser(new $userClass('user1', 'test', ['ROLE_ADMIN']));
 
         $client->request('POST', '/login', [
             '_username' => 'user1',
@@ -64,10 +64,111 @@ public function testUserWillBeMarkedAsChangedIfRolesHasChanged($adminRole, $user
         $this->assertEquals(200, $client->getResponse()->getStatusCode());
 
         // revoking ROLE_ADMIN from user1
-        $userProvider->setUser('user1', new User('user1', 'test', [$userRole]));
+        $userProvider->setUser('user1', new $userClass('user1', 'test', ['ROLE_USER']));
 
         // user1 has lost ROLE_ADMIN and MUST be redirected away from secure page
         $client->request('GET', '/admin');
         $this->assertEquals(302, $client->getResponse()->getStatusCode());
     }
 }
+
+final class UserWithoutEquatable implements UserInterface
+{
+    private $username;
+    private $password;
+    private $enabled;
+    private $accountNonExpired;
+    private $credentialsNonExpired;
+    private $accountNonLocked;
+    private $roles;
+
+    public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true)
+    {
+        if ('' === $username || null === $username) {
+            throw new \InvalidArgumentException('The username cannot be empty.');
+        }
+
+        $this->username = $username;
+        $this->password = $password;
+        $this->enabled = $enabled;
+        $this->accountNonExpired = $userNonExpired;
+        $this->credentialsNonExpired = $credentialsNonExpired;
+        $this->accountNonLocked = $userNonLocked;
+        $this->roles = $roles;
+    }
+
+    public function __toString()
+    {
+        return $this->getUsername();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getRoles()
+    {
+        return $this->roles;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getPassword()
+    {
+        return $this->password;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getSalt()
+    {
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getUsername()
+    {
+        return $this->username;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isAccountNonExpired()
+    {
+        return $this->accountNonExpired;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isAccountNonLocked()
+    {
+        return $this->accountNonLocked;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isCredentialsNonExpired()
+    {
+        return $this->credentialsNonExpired;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isEnabled()
+    {
+        return $this->enabled;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function eraseCredentials()
+    {
+    }
+}
@@ -10,7 +10,7 @@ services:
 security:
 
   encoders:
-    Symfony\Component\Security\Core\User\User: plaintext
+    \Symfony\Component\Security\Core\User\UserInterface: plaintext
 
   providers:
     array:
@@ -24,7 +24,6 @@ security:
         require_previous_session: false
       logout: ~
       anonymous: ~
-      logout_on_user_change: true
       stateless: false
 
   access_control:
 
@@ -277,10 +277,10 @@ private function hasUserChanged(UserInterface $user)
 
         $rolesChanged = \count(
             array_diff(
-                array_map([$this, 'castRole'], (array) $this->user->getRoles()),
-                array_map([$this, 'castRole'], (array) $user->getRoles())
+                (array) $this->user->getRoles(),
+                (array) $user->getRoles()
             )
-        );
+        ) === 1;
 
         if ($rolesChanged) {
             return true;
@@ -292,18 +292,4 @@ private function hasUserChanged(UserInterface $user)
 
         return false;
     }
-
-    /**
-     * @param string|Role $role
-     *
-     * @return string
-     */
-    private function castRole($role)
-    {
-        if ($role instanceof Role) {
-            return $role->getRole();
-        }
-
-        return (string) $role;
-    }
 }
@@ -135,6 +135,17 @@ public function isEqualTo(UserInterface $user)
             return false;
         }
 
+        $rolesChanged = \count(
+            array_diff(
+                (array) $this->getRoles(),
+                (array) $user->getRoles()
+            )
+        ) === 1;
+
+        if ($rolesChanged) {
+            return false;
+        }
+
         if ($this->getUsername() !== $user->getUsername()) {
             return false;
         }
Original file line number	Diff line number	Diff line change
`@@ -4,21 +4,20 @@`
`4`	`4`
`5`	`5`	`use Symfony\Component\Security\Core\Exception\UnsupportedUserException;`
`6`	`6`	`use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;`
`7`		`-use Symfony\Component\Security\Core\User\User;`
`8`	`7`	`use Symfony\Component\Security\Core\User\UserInterface;`
`9`	`8`	`use Symfony\Component\Security\Core\User\UserProviderInterface;`
`10`	`9`
`11`	`10`	`class ArrayUserProvider implements UserProviderInterface`
`12`	`11`	`{`
`13`		`- /** @var User[] */`
	`12`	`+ /** @var UserInterface[] */`
`14`	`13`	`private $users = [];`
`15`	`14`
`16`		`- public function addUser(User $user)`
	`15`	`+ public function addUser(UserInterface $user)`
`17`	`16`	`{`
`18`	`17`	`$this->users[$user->getUsername()] = $user;`
`19`	`18`	`}`
`20`	`19`
`21`		`- public function setUser($username, User $user)`
	`20`	`+ public function setUser($username, UserInterface $user)`
`22`	`21`	`{`
`23`	`22`	`$this->users[$username] = $user;`
`24`	`23`	`}`
`@@ -41,13 +40,14 @@ public function loadUserByUsername($username)`
`41`	`40`
`42`	`41`	`public function refreshUser(UserInterface $user)`
`43`	`42`	`{`
`44`		`- if (!$user instanceof User) {`
	`43`	`+ if (!$user instanceof UserInterface) {`
`45`	`44`	`throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', \get_class($user)));`
`46`	`45`	`}`
`47`	`46`
`48`	`47`	`$storedUser = $this->getUser($user->getUsername());`
	`48`	`+ $class = get_class($storedUser);`
`49`	`49`
`50`		`- return new User($storedUser->getUsername(), $storedUser->getPassword(), $storedUser->getRoles(), $storedUser->isEnabled(), $storedUser->isAccountNonExpired(), $storedUser->isCredentialsNonExpired() && $storedUser->getPassword() === $user->getPassword(), $storedUser->isAccountNonLocked());`
	`50`	`+ return new $class($storedUser->getUsername(), $storedUser->getPassword(), $storedUser->getRoles(), $storedUser->isEnabled(), $storedUser->isAccountNonExpired(), $storedUser->isCredentialsNonExpired() && $storedUser->getPassword() === $user->getPassword(), $storedUser->isAccountNonLocked());`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`public function supportsClass($class)`