skip native serialize among child and parent serializable objects

src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php

@@ -134,10 +134,6 @@ abstract class AbstractToken implements TokenInterface
 
     /**
      * {@inheritdoc}
-     *
-     * @param bool $isCalledFromOverridingMethod Must be set to true when called from an overriding method
-     *
-     * @return string|array Returns an array when $isCalledFromOverridingMethod is set to true
      */
     public function serialize()
     {

src/Symfony/Component/Security/Core/Authentication/Token/AnonymousToken.php

@@ -59,7 +59,9 @@ class AnonymousToken extends AbstractToken
      */
     public function serialize()
     {
-        return serialize([$this->secret, parent::serialize()]);
+        $serialized = [$this->secret, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**

src/Symfony/Component/Security/Core/Authentication/Token/PreAuthenticatedToken.php

@@ -76,8 +76,6 @@ class PreAuthenticatedToken extends AbstractToken
 
     /**
      * {@inheritdoc}
-     *
-     * @param bool $isCalledFromOverridingMethod Must be set to true when called from an overriding method
      */
     public function serialize()
     {

src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php

@@ -94,11 +94,9 @@ class RememberMeToken extends AbstractToken
      */
     public function serialize()
     {
-        return serialize([
+        $serialized = [$this->secret, $this->providerKey, parent::serialize(true)];
-            $this->secret,
+
-            $this->providerKey,
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
-            parent::serialize(),
-        ]);
     }
 
     /**

src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php

@@ -91,7 +91,9 @@ class UsernamePasswordToken extends AbstractToken
      */
     public function serialize()
     {
-        return serialize([$this->credentials, $this->providerKey, parent::serialize()]);
+        $serialized = [$this->credentials, $this->providerKey, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**

src/Symfony/Component/Security/Core/Exception/AccountStatusException.php

@@ -44,10 +44,9 @@ abstract class AccountStatusException extends AuthenticationException
      */
     public function serialize()
     {
-        return serialize([
+        $serialized = [$this->user, parent::serialize(true)];
-            $this->user,
+
-            parent::serialize(),
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
-        ]);
     }
 
     /**

src/Symfony/Component/Security/Core/Exception/AuthenticationException.php

@@ -38,15 +38,33 @@ class AuthenticationException extends \RuntimeException implements \Serializable
         $this->token = $token;
     }
 
+    /**
+     * {@inheritdoc}
+     */
     public function serialize()
     {
-        return serialize([
+        $serialized = [
             $this->token,
             $this->code,
             $this->message,
             $this->file,
             $this->line,
-        ]);
+        ];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
+    }
+
+    /**
+     * @internal
+     */
+    protected function doSerialize($serialized, $isCalledFromOverridingMethod)
+    {
+        if (null === $isCalledFromOverridingMethod) {
+            $trace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT, 3);
+            $isCalledFromOverridingMethod = isset($trace[2]['function'], $trace[2]['object']) && 'serialize' === $trace[2]['function'] && $this === $trace[2]['object'];
+        }
+
+        return $isCalledFromOverridingMethod ? $serialized : serialize($serialized);
     }
 
     public function unserialize($str)
@@ -57,7 +75,7 @@ class AuthenticationException extends \RuntimeException implements \Serializable
             $this->message,
             $this->file,
             $this->line
-        ) = unserialize($str);
+        ) = \is_array($str) ? $str : unserialize($str);
     }
 
     /**

src/Symfony/Component/Security/Core/Exception/CustomUserMessageAuthenticationException.php

@@ -60,11 +60,9 @@ class CustomUserMessageAuthenticationException extends AuthenticationException
      */
     public function serialize()
     {
-        return serialize([
+        return serialize([parent::serialize(true), $this->messageKey, $this->messageData]);
-            parent::serialize(),
+
-            $this->messageKey,
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
-            $this->messageData,
-        ]);
     }
 
     /**

src/Symfony/Component/Security/Core/Exception/UsernameNotFoundException.php

@@ -54,10 +54,9 @@ class UsernameNotFoundException extends AuthenticationException
      */
     public function serialize()
     {
-        return serialize([
+        $serialized = [$this->username, parent::serialize(true)];
-            $this->username,
+
-            parent::serialize(),
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
-        ]);
     }
 
     /**

src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php

@@ -44,11 +44,13 @@ class ConcreteToken extends AbstractToken
     }
 
     /**
-     * @param bool $isCalledFromOverridingMethod Must be set to true when called from an overriding method
+     * {@inheritdoc}
      */
     public function serialize()
     {
-        return serialize([$this->credentials, parent::serialize()]);
+        $serialized = [$this->credentials, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     public function unserialize($serialized)

src/Symfony/Component/Security/Core/Tests/Exception/CustomUserMessageAuthenticationExceptionTest.php

@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Tests\Exception;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
 use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
 
 class CustomUserMessageAuthenticationExceptionTest extends TestCase
@@ -24,4 +25,18 @@ class CustomUserMessageAuthenticationExceptionTest extends TestCase
         $this->assertEquals(['foo' => true], $e->getMessageData());
         $this->assertEquals('SAFE MESSAGE', $e->getMessage());
     }
+
+    public function testSharedSerializedData()
+    {
+        $token = new AnonymousToken('foo', 'bar');
+
+        $exception = new CustomUserMessageAuthenticationException();
+        $exception->setToken($token);
+        $exception->setSafeMessage('message', ['token' => $token]);
+
+        $processed = unserialize(serialize($exception));
+        $this->assertEquals($token, $processed->getToken());
+        $this->assertEquals($token, $processed->getMessageData()['token']);
+        $this->assertSame($processed->getToken(), $processed->getMessageData()['token']);
+    }
 }

src/Symfony/Component/Security/Guard/Token/PostAuthenticationGuardToken.php

@@ -76,7 +76,9 @@ class PostAuthenticationGuardToken extends AbstractToken implements GuardTokenIn
      */
     public function serialize()
     {
-        return serialize([$this->providerKey, parent::serialize(true)]);
+        $serialized = [$this->providerKey, parent::serialize(true)];
+
+        return $this->doSerialize($serialized, \func_num_args() ? \func_get_arg(0) : null);
     }
 
     /**