do not implement __serialize() for users without passwords

Author: xabbuh

src/Security/UserClassBuilder.php

@@ -38,7 +38,7 @@ public function addUserInterfaceImplementation(ClassSourceManipulator $manipulat
 
         $this->addPasswordImplementation($manipulator, $userClassConfig);
 
-        if (class_exists(IsGrantedContext::class)) {
+        if (class_exists(IsGrantedContext::class) && $userClassConfig->hasPassword()) {
             $this->addSerialize($manipulator);
         }
 

tests/Security/fixtures/expected/UserEntityWithoutPassword.php

@@ -67,17 +67,6 @@ public function setRoles(array $roles): static
         return $this;
     }
 
-    /**
-     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
-     */
-    public function __serialize(): array
-    {
-        $data = (array) $this;
-        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
-        
-        return $data;
-    }
-
     #[\Deprecated]
     public function eraseCredentials(): void
     {

tests/Security/fixtures/expected/UserModelWithoutPassword.php

@@ -52,17 +52,6 @@ public function setRoles(array $roles): static
         return $this;
     }
 
-    /**
-     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
-     */
-    public function __serialize(): array
-    {
-        $data = (array) $this;
-        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
-        
-        return $data;
-    }
-
     #[\Deprecated]
     public function eraseCredentials(): void
     {