From 1426ed1b022eb6b61887a520b5bbaf67d141a4cd Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Mon, 27 Dec 2021 11:29:45 +0100
Subject: [PATCH] [Security] fix unserializing session payloads from v4

---
 Role/Role.php                 | 31 +++++++++++++++++++++++++++++++
 Role/SwitchUserRole.php       | 23 +++++++++++++++++++++++
 Tests/Role/LegacyRoleTest.php | 28 ++++++++++++++++++++++++++++
 3 files changed, 82 insertions(+)
 create mode 100644 Role/Role.php
 create mode 100644 Role/SwitchUserRole.php
 create mode 100644 Tests/Role/LegacyRoleTest.php

diff --git a/Role/Role.php b/Role/Role.php
new file mode 100644
index 00000000..374eb59f
--- /dev/null
+++ b/Role/Role.php
@@ -0,0 +1,31 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Role;
+
+/**
+ * Allows migrating session payloads from v4.
+ *
+ * @internal
+ */
+class Role
+{
+    private $role;
+
+    private function __construct()
+    {
+    }
+
+    public function __toString(): string
+    {
+        return $this->role;
+    }
+}
diff --git a/Role/SwitchUserRole.php b/Role/SwitchUserRole.php
new file mode 100644
index 00000000..6a29fb4d
--- /dev/null
+++ b/Role/SwitchUserRole.php
@@ -0,0 +1,23 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Role;
+
+/**
+ * Allows migrating session payloads from v4.
+ *
+ * @internal
+ */
+class SwitchUserRole extends Role
+{
+    private $deprecationTriggered;
+    private $source;
+}
diff --git a/Tests/Role/LegacyRoleTest.php b/Tests/Role/LegacyRoleTest.php
new file mode 100644
index 00000000..44c95667
--- /dev/null
+++ b/Tests/Role/LegacyRoleTest.php
@@ -0,0 +1,28 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Tests\Role;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+
+class LegacyRoleTest extends TestCase
+{
+    public function testPayloadFromV4CanBeUnserialized()
+    {
+        $serialized = 'C:74:"Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken":236:{a:3:{i:0;N;i:1;s:4:"main";i:2;a:5:{i:0;s:2:"sf";i:1;b:1;i:2;a:1:{i:0;O:41:"Symfony\Component\Security\Core\Role\Role":1:{s:47:"Symfony\Component\Security\Core\Role\Role'."\0".'role'."\0".'";s:9:"ROLE_USER";}}i:3;a:0:{}i:4;a:1:{i:0;s:9:"ROLE_USER";}}}}';
+
+        $token = unserialize($serialized);
+
+        $this->assertInstanceOf(UsernamePasswordToken::class, $token);
+        $this->assertSame(['ROLE_USER'], $token->getRoleNames());
+    }
+}