[Security] PasswordMigratingListener fails if UserInterface::getPassword returns null

**Symfony version(s) affected**: 5.2.x

**Description**
[UserInterface::getPassword()](https://github.com/symfony/symfony/blob/92b6458f601135c23c139ef7626439115c70991a/src/Symfony/Component/Security/Core/User/UserInterface.php#L57) is allowed to return a null value. In case it does, [PasswordMigratingListener::onLoginSuccess](https://github.com/symfony/symfony/blob/92b6458f601135c23c139ef7626439115c70991a/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php#L54) calling [PasswordEncoderInterface::needsRehash](https://github.com/symfony/symfony/blob/92b6458f601135c23c139ef7626439115c70991a/src/Symfony/Component/Security/Core/Encoder/PasswordEncoderInterface.php#L49) fails because that does not allow null input:

```
Argument 1 passed to Symfony\Component\Security\Core\Encoder\MigratingPasswordEncoder::needsRehash() must be of the type string, null given, called in (...)/vendor/symfony/security-http/EventListener/PasswordMigratingListener.php on line 54
```

**How to reproduce**
Maybe trivial: create a standard authentication setup using a custom User class, which returns `null` in the `getPassword()` method. When logging in, the mentioned exception occurs.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions