[Form] Skip password hashing on empty password

Seb33300 · nicolas-grekas · commit b4aa3ea79af6 · 2023-02-21T13:18:28.000+01:00
diff --git a/src/Symfony/Component/Form/Extension/PasswordHasher/EventListener/PasswordHasherListener.php b/src/Symfony/Component/Form/Extension/PasswordHasher/EventListener/PasswordHasherListener.php
@@ -37,6 +37,10 @@ public function __construct(
 
     public function registerPassword(FormEvent $event)
     {
+        if (null === $event->getData() || '' === $event->getData()) {
+            return;
+        }
+
         $this->assertNotMapped($event->getForm());
 
         $this->passwords[] = [
diff --git a/src/Symfony/Component/Form/Tests/Extension/PasswordHasher/Type/PasswordTypePasswordHasherExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/PasswordHasher/Type/PasswordTypePasswordHasherExtensionTest.php
@@ -13,6 +13,7 @@
 
 use PHPUnit\Framework\MockObject\MockObject;
 use Symfony\Component\Form\Exception\InvalidConfigurationException;
+use Symfony\Component\Form\Extension\Core\Type\FormType;
 use Symfony\Component\Form\Extension\Core\Type\PasswordType;
 use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
 use Symfony\Component\Form\Extension\PasswordHasher\EventListener\PasswordHasherListener;
@@ -80,6 +81,36 @@ public function testPasswordHashSuccess()
         $this->assertSame($user->getPassword(), $hashedPassword);
     }
 
+    public function testPasswordHashSkippedWithEmptyPassword()
+    {
+        $oldHashedPassword = 'PreviousHashedPassword';
+
+        $user = new User();
+        $user->setPassword($oldHashedPassword);
+
+        $this->passwordHasher
+            ->expects($this->never())
+            ->method('hashPassword')
+        ;
+
+        $this->assertEquals($user->getPassword(), $oldHashedPassword);
+
+        $form = $this->factory
+            ->createBuilder(FormType::class, $user)
+            ->add('plainPassword', PasswordType::class, [
+                'hash_property_path' => 'password',
+                'mapped' => false,
+                'required' => false,
+            ])
+            ->getForm()
+        ;
+
+        $form->submit(['plainPassword' => '']);
+
+        $this->assertTrue($form->isValid());
+        $this->assertSame($user->getPassword(), $oldHashedPassword);
+    }
+
     public function testPasswordHashSuccessWithEmptyData()
     {
         $user = new User();

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,10 @@ public function __construct(`
`37`	`37`
`38`	`38`	`public function registerPassword(FormEvent $event)`
`39`	`39`	`{`
	`40`	`+ if (null === $event->getData() \|\| '' === $event->getData()) {`
	`41`	`+ return;`
	`42`	`+ }`
	`43`	`+`
`40`	`44`	`$this->assertNotMapped($event->getForm());`
`41`	`45`
`42`	`46`	`$this->passwords[] = [`