symfony
diff --git a/‎src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php
Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php
Lines changed: 3 additions & 3 deletions b/‎src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Encoder/NativePasswordEncoderTest.php
Lines changed: 9 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Tests/Encoder/NativePasswordEncoderTest.php
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php
Lines changed: 9 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php
Lines changed: 9 additions & 0 deletions
@@ -80,9 +80,9 @@ public function isPasswordValid($encoded, $raw, $salt): bool
             return false;
         }
 
-        if (0 === strpos($encoded, '$2')) {
+        if (0 !== strpos($encoded, '$argon')) {
             // BCrypt encodes only the first 72 chars
-            return 72 >= \strlen($raw) && password_verify($raw, $encoded);
+            return (72 >= \strlen($raw) || 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);
         }
 
         if (\extension_loaded('sodium') && version_compare(\SODIUM_LIBRARY_VERSION, '1.0.14', '>=')) {
 
@@ -80,9 +80,9 @@ public function isPasswordValid($encoded, $raw, $salt): bool
             return false;
         }
 
-        if (72 >= \strlen($raw) && 0 === strpos($encoded, '$2')) {
-            // Accept validating BCrypt passwords for seamless migrations
-            return password_verify($raw, $encoded);
+        if (0 !== strpos($encoded, '$argon')) {
+            // Accept validating non-argon passwords for seamless migrations
+            return (72 >= \strlen($raw) || 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);
         }
 
         if (\function_exists('sodium_crypto_pwhash_str_verify')) {
 
@@ -55,6 +55,15 @@ public function testValidation()
         $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
     }
 
+    public function testNonArgonValidation()
+    {
+        $encoder = new NativePasswordEncoder();
+        $this->assertTrue($encoder->isPasswordValid('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));
+        $this->assertFalse($encoder->isPasswordValid('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));
+        $this->assertTrue($encoder->isPasswordValid('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));
+        $this->assertFalse($encoder->isPasswordValid('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));
+    }
+
     public function testConfiguredAlgorithm()
     {
         $encoder = new NativePasswordEncoder(null, null, null, PASSWORD_BCRYPT);
 
@@ -37,6 +37,15 @@ public function testBCryptValidation()
         $this->assertTrue($encoder->isPasswordValid('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));
     }
 
+    public function testNonArgonValidation()
+    {
+        $encoder = new SodiumPasswordEncoder();
+        $this->assertTrue($encoder->isPasswordValid('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'password', null));
+        $this->assertFalse($encoder->isPasswordValid('$5$abcdefgh$ZLdkj8mkc2XVSrPVjskDAgZPGjtj1VGVaa1aUkrMTU/', 'anotherPassword', null));
+        $this->assertTrue($encoder->isPasswordValid('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'password', null));
+        $this->assertFalse($encoder->isPasswordValid('$6$abcdefgh$yVfUwsw5T.JApa8POvClA1pQ5peiq97DUNyXCZN5IrF.BMSkiaLQ5kvpuEm/VQ1Tvh/KV2TcaWh8qinoW5dhA1', 'anotherPassword', null));
+    }
+
     public function testEncodePasswordLength()
     {
         $this->expectException('Symfony\Component\Security\Core\Exception\BadCredentialsException');
Original file line number	Diff line number	Diff line change
`@@ -80,9 +80,9 @@ public function isPasswordValid($encoded, $raw, $salt): bool`
`80`	`80`	`return false;`
`81`	`81`	`}`
`82`	`82`
`83`		`- if (0 === strpos($encoded, '$2')) {`
	`83`	`+ if (0 !== strpos($encoded, '$argon')) {`
`84`	`84`	`// BCrypt encodes only the first 72 chars`
`85`		`- return 72 >= \strlen($raw) && password_verify($raw, $encoded);`
	`85`	`+ return (72 >= \strlen($raw) \|\| 0 !== strpos($encoded, '$2')) && password_verify($raw, $encoded);`
`86`	`86`	`}`
`87`	`87`
`88`	`88`	`if (\extension_loaded('sodium') && version_compare(\SODIUM_LIBRARY_VERSION, '1.0.14', '>=')) {`