Closed
Description
Symfony version(s) affected: 4.3.1
Description
Previously encoded passwords with argoni2 algoritm are not verified by Symfony 4.3, although they could be automatically
How to reproduce
- Install fresh symfony 4.3 with simple user management (ex. FOSUserBundle)
- Use algoritm argoni2 instead of auto
- create user with hashed password
- switch algoritm to auto
- can't login anymore
Possible Solution
Very similar to 1318d3b
if (0 === strpos($encoded, '$argon2i')) {
return password_verify($raw, $encoded);
}
Additional context
Related to #31758, but made new issue because it was already closed and target to bcrypt. I'm having the same issue with argoni2