Added test for serializing user without roles

src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php

@@ -248,6 +248,21 @@ public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($
         $token->setUser($user);
         $this->assertTrue($token->isAuthenticated());
     }
+
+    public function testIsUserChangedWhenSerializing()
+    {
+        $token = new ConcreteToken(['ROLE_ADMIN']);
+        $token->setAuthenticated(true);
+        $this->assertTrue($token->isAuthenticated());
+
+        $user = new SerializableUser('wouter', ['ROLE_ADMIN']);
+        $token->setUser($user);
+        $this->assertTrue($token->isAuthenticated());
+
+        $token = unserialize(serialize($token));
+        $token->setUser($user);
+        $this->assertTrue($token->isAuthenticated());
+    }
 }
 
 class TestUser
@@ -265,6 +280,55 @@ public function __toString(): string
     }
 }
 
+class SerializableUser implements UserInterface, \Serializable
+{
+    private $roles;
+    private $name;
+
+    public function __construct($name, array $roles = [])
+    {
+        $this->name = $name;
+        $this->roles = $roles;
+    }
+
+    public function getUsername()
+    {
+        return $this->name;
+    }
+
+    public function getPassword()
+    {
+        return '***';
+    }
+
+    public function getRoles()
+    {
+        if (empty($this->roles)) {
+            return ['ROLE_USER'];
+        }
+
+        return $this->roles;
+    }
+
+    public function eraseCredentials()
+    {}
+
+    public function getSalt()
+    {
+        return null;
+    }
+
+    public function serialize()
+    {
+        return serialize($this->name);
+    }
+
+    public function unserialize($serialized)
+    {
+        $this->name = unserialize($serialized);
+    }
+}
+
 class ConcreteToken extends AbstractToken
 {
     private $credentials = 'credentials_value';