Merge branch '4.4'

* 4.4: (39 commits)
  [Console] Fix #33915, Detect dimensions using mode CON if vt100 is supported
  [PhpUnitBridge] Also search for composer.phar in git root folder
  [HttpKernel][DataCollectorInterface] Ease compatibility
  Add tests to ensure defaultLocale is properly passed to the URL generator
  [DependencyInjection] Fix broken references in tests
  [VarDumper] display the method we're in when dumping stack traces
  [HttpClient] Retry safe requests when then fail before the body arrives
  [Console] Rename some methods related to redraw frequency
  Avoid using of kernel after shutdown
  Simplify PHP CS Fixer configuration
  [PropertyInfo] Fixed type extraction for nullable collections of non-nullable elements
  [FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month
  Fix CS
  [Serializer] Fix property name usage for denormalization
  Name test accordingly to the tested class
  Fix MockFileSessionStorageTest::sessionDir being used after it's unset
  [Security] Fix SwitchUserToken wrongly deauthenticated
  Supporting Bootstrap 4 custom switches
  Add new Form WeekType
  bumped Symfony version to 4.3.7
  ...

Author: nicolas-grekas

Authentication/Token/AbstractToken.php

@@ -271,9 +271,12 @@ private function hasUserChanged(UserInterface $user): bool
         }
 
         $userRoles = array_map('strval', (array) $user->getRoles());
-        $rolesChanged = \count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()));
 
-        if ($rolesChanged) {
+        if ($this instanceof SwitchUserToken) {
+            $userRoles[] = 'ROLE_PREVIOUS_ADMIN';
+        }
+
+        if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
             return true;
         }
 

Tests/Authentication/Token/SwitchUserTokenTest.php

@@ -14,6 +14,7 @@
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\User\UserInterface;
 
 class SwitchUserTokenTest extends TestCase
 {
@@ -38,4 +39,38 @@ public function testSerialize()
         $this->assertSame('provider-key', $unserializedOriginalToken->getProviderKey());
         $this->assertEquals(['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'], $unserializedOriginalToken->getRoleNames());
     }
+
+    public function testSetUserDoesNotDeauthenticate()
+    {
+        $impersonated = new class() implements UserInterface {
+            public function getUsername()
+            {
+                return 'impersonated';
+            }
+
+            public function getPassword()
+            {
+                return null;
+            }
+
+            public function eraseCredentials()
+            {
+            }
+
+            public function getRoles()
+            {
+                return ['ROLE_USER'];
+            }
+
+            public function getSalt()
+            {
+                return null;
+            }
+        };
+
+        $originalToken = new UsernamePasswordToken('impersonator', 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
+        $token = new SwitchUserToken($impersonated, 'bar', 'provider-key', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $originalToken);
+        $token->setUser($impersonated);
+        $this->assertTrue($token->isAuthenticated());
+    }
 }