bug #35944 [Security/Core] Fix wrong roles comparison (thlbaut)

This PR was merged into the 4.4 branch.

Discussion
----------

[Security/Core] Fix wrong roles comparison

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #35941
| License       | MIT

Fix wrong roles comparison.

Commits
-------

7d2ad4b265 Fix wrong roles comparison

src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php

@@ -317,13 +317,10 @@ abstract class AbstractToken implements TokenInterface
             return true;
         }
 
+        $currentUserRoles = array_map('strval', (array) $this->user->getRoles());
         $userRoles = array_map('strval', (array) $user->getRoles());
 
-        if ($this instanceof SwitchUserToken) {
-            $userRoles[] = 'ROLE_PREVIOUS_ADMIN';
-        }
-
-        if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
+        if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
             return true;
         }
 

src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php

@@ -238,7 +238,7 @@ class AbstractTokenTest extends TestCase
      */
     public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
     {
-        $token = new ConcreteToken();
+        $token = new ConcreteToken(['ROLE_FOO']);
         $token->setAuthenticated(true);
         $this->assertTrue($token->isAuthenticated());