From 7d2ad4b265e42f54ce49d7e103ae243081aef1b7 Mon Sep 17 00:00:00 2001
From: Thibaut Salanon <thlbaut@users.noreply.github.com>
Date: Tue, 3 Mar 2020 16:54:02 +0100
Subject: [PATCH] Fix wrong roles comparison

---
 .../Security/Core/Authentication/Token/AbstractToken.php   | 7 ++-----
 .../Core/Tests/Authentication/Token/AbstractTokenTest.php  | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
index e59997de3491..de0ebac26488 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
@@ -317,13 +317,10 @@ private function hasUserChanged(UserInterface $user): bool
             return true;
         }
 
+        $currentUserRoles = array_map('strval', (array) $this->user->getRoles());
         $userRoles = array_map('strval', (array) $user->getRoles());
 
-        if ($this instanceof SwitchUserToken) {
-            $userRoles[] = 'ROLE_PREVIOUS_ADMIN';
-        }
-
-        if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
+        if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
             return true;
         }
 
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
index fe0ed08cc66d..031fe4989884 100644
--- a/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
@@ -238,7 +238,7 @@ public function getUserChangesAdvancedUser()
      */
     public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
     {
-        $token = new ConcreteToken();
+        $token = new ConcreteToken(['ROLE_FOO']);
         $token->setAuthenticated(true);
         $this->assertTrue($token->isAuthenticated());