symfony
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 1 addition & 1 deletion b/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php‎
Lines changed: 15 additions & 10 deletions b/‎src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php‎
Lines changed: 15 additions & 10 deletions
diff --git a/‎src/Symfony/Component/PasswordHasher/Tests/Hasher/PasswordHasherFactoryTest.php‎
Lines changed: 23 additions & 0 deletions b/‎src/Symfony/Component/PasswordHasher/Tests/Hasher/PasswordHasherFactoryTest.php‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/ChannelListener.php‎
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Http/Firewall/ChannelListener.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php‎
Lines changed: 27 additions & 0 deletions b/‎src/Symfony/Component/Security/Http/Tests/Firewall/ChannelListenerTest.php‎
Lines changed: 27 additions & 0 deletions
@@ -1,6 +1,6 @@
 | Q             | A
 | ------------- | ---
-| Branch?       | 5.4 for features / 4.4, 5.2 or 5.3 for bug fixes <!-- see below -->
+| Branch?       | 5.4 for features / 4.4 or 5.3 for bug fixes <!-- see below -->
 | Bug fix?      | yes/no
 | New feature?  | yes/no <!-- please update src/**/CHANGELOG.md files -->
 | Deprecations? | yes/no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
 
@@ -61,14 +61,7 @@ public function getPasswordHasher($user): PasswordHasherInterface
             throw new \RuntimeException(sprintf('No password hasher has been configured for account "%s".', \is_object($user) ? get_debug_type($user) : $user));
         }
 
-        if (!$this->passwordHashers[$hasherKey] instanceof PasswordHasherInterface) {
-            $this->passwordHashers[$hasherKey] = $this->passwordHashers[$hasherKey] instanceof PasswordEncoderInterface
-                ? new PasswordHasherAdapter($this->passwordHashers[$hasherKey])
-                : $this->createHasher($this->passwordHashers[$hasherKey])
-            ;
-        }
-
-        return $this->passwordHashers[$hasherKey];
+        return $this->createHasherUsingAdapter($hasherKey);
     }
 
     /**
@@ -111,6 +104,18 @@ private function createHasher(array $config, bool $isExtra = false): PasswordHas
         return new MigratingPasswordHasher($hasher, ...$extrapasswordHashers);
     }
 
+    private function createHasherUsingAdapter(string $hasherKey): PasswordHasherInterface
+    {
+        if (!$this->passwordHashers[$hasherKey] instanceof PasswordHasherInterface) {
+            $this->passwordHashers[$hasherKey] = $this->passwordHashers[$hasherKey] instanceof PasswordEncoderInterface
+                ? new PasswordHasherAdapter($this->passwordHashers[$hasherKey])
+                : $this->createHasher($this->passwordHashers[$hasherKey])
+            ;
+        }
+
+        return $this->passwordHashers[$hasherKey];
+    }
+
     private function getHasherConfigFromAlgorithm(array $config): array
     {
         if ('auto' === $config['algorithm']) {
@@ -142,8 +147,8 @@ private function getHasherConfigFromAlgorithm(array $config): array
             $hasherChain = [$this->createHasher($config, true)];
 
             foreach ($frompasswordHashers as $name) {
-                if ($hasher = $this->passwordHashers[$name] ?? false) {
-                    $hasher = $hasher instanceof PasswordHasherInterface ? $hasher : $this->createHasher($hasher, true);
+                if (isset($this->passwordHashers[$name])) {
+                    $hasher = $this->createHasherUsingAdapter($name);
                 } else {
                     $hasher = $this->createHasher(['algorithm' => $name], true);
                 }
 
@@ -163,6 +163,29 @@ public function testMigrateFrom()
         $this->assertStringStartsWith(\SODIUM_CRYPTO_PWHASH_STRPREFIX, $hasher->hash('foo', null));
     }
 
+    /**
+     * @group legacy
+     */
+    public function testMigrateFromLegacy()
+    {
+        if (!SodiumPasswordHasher::isSupported()) {
+            $this->markTestSkipped('Sodium is not available');
+        }
+
+        $factory = new PasswordHasherFactory([
+            'plaintext_encoder' => $plaintext = new PlaintextPasswordEncoder(),
+            SomeUser::class => ['algorithm' => 'sodium', 'migrate_from' => ['bcrypt', 'plaintext_encoder']],
+        ]);
+
+        $hasher = $factory->getPasswordHasher(SomeUser::class);
+        $this->assertInstanceOf(MigratingPasswordHasher::class, $hasher);
+
+        $this->assertTrue($hasher->verify((new SodiumPasswordHasher())->hash('foo', null), 'foo', null));
+        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, null, \PASSWORD_BCRYPT))->hash('foo', null), 'foo', null));
+        $this->assertTrue($hasher->verify($plaintext->encodePassword('foo', null), 'foo', null));
+        $this->assertStringStartsWith(\SODIUM_CRYPTO_PWHASH_STRPREFIX, $
3ADC
hasher->hash('foo', null));
+    }
+
     public function testDefaultMigratingHashers()
     {
         $this->assertInstanceOf(
 
@@ -49,7 +49,7 @@ public function supports(Request $request): ?bool
             if (null !== $this->logger) {
                 if ('https' === $request->headers->get('X-Forwarded-Proto')) {
                     $this->logger->info('Redirecting to HTTPS. ("X-Forwarded-Proto" header is set to "https" - did you set "trusted_proxies" correctly?)');
-                } elseif (str_contains($request->headers->get('Forwarded'), 'proto=https')) {
+                } elseif (str_contains($request->headers->get('Forwarded', ''), 'proto=https')) {
                     $this->logger->info('Redirecting to HTTPS. ("Forwarded" header is set to "proto=https" - did you set "trusted_proxies" correctly?)');
                 } else {
                     $this->logger->info('Redirecting to HTTPS.');
 
@@ -12,6 +12,8 @@
 namespace Symfony\Component\Security\Http\Tests\Firewall;
 
 use PHPUnit\Framework\TestCase;
+use Psr\Log\NullLogger;
+use Symfony\Component\HttpFoundation\HeaderBag;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\RequestEvent;
@@ -153,4 +155,29 @@ public function testHandleWithSecuredRequestAndHttpChannel()
 
         $this->assertSame($response, $event->getResponse());
     }
+
+    public function testSupportsWithoutHeaders()
+    {
+        $request = $this->createMock(Request::class);
+        $request
+            ->expects($this->any())
+            ->method('isSecure')
+            ->willReturn(false)
+        ;
+        $request->headers = new HeaderBag();
+
+        $accessMap = $this->createMock(AccessMapInterface::class);
+        $accessMap
+            ->expects($this->any())
+            ->method('getPatterns')
+            ->with($this->equalTo($request))
+            ->willReturn([[], 'https'])
+        ;
+
+        $entryPoint = $this->createMock(AuthenticationEntryPointInterface::class);
+
+        $listener = new ChannelListener($accessMap, $entryPoint, new NullLogger());
+
+        $this->assertTrue($listener->supports($request));
+    }
 }