symfony · derrabus · Jun 21, 2021 · Jun 20, 2021
@@ -43,9 +43,16 @@ public function hashPassword($user, string $plainPassword): string
             trigger_deprecation('symfony/password-hasher', '5.3', 'The "%s()" method expects a "%s" instance as first argument. Not implementing it in class "%s" is deprecated.', __METHOD__, PasswordAuthenticatedUserInterface::class, get_debug_type($user));
         }
 
-        $salt = $user->getSalt();
-        if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
-            trigger_deprecation('symfony/password-hasher', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
+        $salt = null;
+
+        if ($user instanceof LegacyPasswordAuthenticatedUserInterface) {
+            $salt = $user->getSalt();
+        } elseif ($user instanceof UserInterface) {
+            $salt = $user->getSalt();
+
+            if (null !== $salt) {
+                trigger_deprecation('symfony/password-hasher', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
+            }
         }
 
         $hasher = $this->hasherFactory->getPasswordHasher($user);
@@ -65,9 +72,16 @@ public function isPasswordValid($user, string $plainPassword): bool
             trigger_deprecation('symfony/password-hasher', '5.3', 'The "%s()" method expects a "%s" instance as first argument. Not implementing it in class "%s" is deprecated.', __METHOD__, PasswordAuthenticatedUserInterface::class, get_debug_type($user));
         }
 
-        $salt = $user->getSalt();
-        if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
-            trigger_deprecation('symfony/password-hasher', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
+        $salt = null;
+
+        if ($user instanceof LegacyPasswordAuthenticatedUserInterface) {
+            $salt = $user->getSalt();
+        } elseif ($user instanceof UserInterface) {
+            $salt = $user->getSalt();
+
+            if (null !== $salt) {
+                trigger_deprecation('symfony/password-hasher', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
+            }
         }
 
         if (null === $user->getPassword()) {

@@ -0,0 +1,53 @@
+<?php
+
+namespace Symfony\Component\PasswordHasher\Tests\Fixtures;
+
+use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+final class TestLegacyPasswordAuthenticatedUser implements LegacyPasswordAuthenticatedUserInterface, UserInterface
+{
+    private $username;
+    private $password;
+    private $salt;
+    private $roles;
+
+    public function __construct(string $username, ?string $password = null, ?string $salt = null, array $roles = [])
+    {
+        $this->roles = $roles;
+        $this->salt = $salt;
+        $this->password = $password;
+        $this->username = $username;
+    }
+
+    public function getSalt(): ?string
+    {
+        return $this->salt;
+    }
+
+    public function getPassword(): ?string
+    {
+        return $this->password;
+    }
+
+    public function getRoles()
+    {
+        return $this->roles;
+    }
+
+    public function eraseCredentials()
+    {
+        // Do nothing
+        return;
+    }
+
+    public function getUsername()
+    {
+        return $this->username;
+    }
+
+    public function getUserIdentifier()
+    {
+        return $this->username;
+    }
+}
@@ -0,0 +1,20 @@
+<?php
+
+namespace Symfony\Component\PasswordHasher\Tests\Fixtures;
+
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
+
+final class TestPasswordAuthenticatedUser implements PasswordAuthenticatedUserInterface
+{
+    private $password;
+
+    public function __construct(?string $password = null)
+    {
+        $this->password = $password;
+    }
+
+    public function getPassword(): ?string
+    {
+        return $this->password;
+    }
+}
@@ -17,10 +17,10 @@
 use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
 use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasher;
 use Symfony\Component\PasswordHasher\PasswordHasherInterface;
+use Symfony\Component\PasswordHasher\Tests\Fixtures\TestLegacyPasswordAuthenticatedUser;
+use Symfony\Component\PasswordHasher\Tests\Fixtures\TestPasswordAuthenticatedUser;
 use Symfony\Component\Security\Core\User\InMemoryUser;
-use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\User;
-use Symfony\Component\Security\Core\User\UserInterface;
 
 class UserPasswordHasherTest extends TestCase
 {
@@ -56,12 +56,9 @@ public function testHashWithNonPasswordAuthenticatedUser()
         $this->assertEquals('hash', $encoded);
     }
 
-    public function testHash()
+    public function testHashWithLegacyUser()
     {
-        $userMock = $this->createMock(TestPasswordAuthenticatedUser::class);
-        $userMock->expects($this->any())
-            ->method('getSalt')
-            ->willReturn('userSalt');
+        $user = new TestLegacyPasswordAuthenticatedUser('name', null, 'userSalt');
 
         $mockHasher = $this->createMock(PasswordHasherInterface::class);
         $mockHasher->expects($this->any())
@@ -72,25 +69,42 @@ public function testHash()
         $mockPasswordHasherFactory = $this->createMock(PasswordHasherFactoryInterface::class);
         $mockPasswordHasherFactory->expects($this->any())
             ->method('getPasswordHasher')
-            ->with($this->equalTo($userMock))
+            ->with($user)
             ->willReturn($mockHasher);
 
         $passwordHasher = new UserPasswordHasher($mockPasswordHasherFactory);
 
-        $encoded = $passwordHasher->hashPassword($userMock, 'plainPassword');
+        $encoded = $passwordHasher->hashPassword($user, 'plainPassword');
         $this->assertEquals('hash', $encoded);
     }
 
-    public function testVerify()
+    public function testHashWithPasswordAuthenticatedUser()
     {
-        $userMock = $this->createMock(TestPasswordAuthenticatedUser::class);
-        $userMock->expects($this->any())
-            ->method('getSalt')
-            ->willReturn('userSalt');
-        $userMock->expects($this->any())
-            ->method('getPassword')
+        $user = new TestPasswordAuthenticatedUser();
+
+        $mockHasher = $this->createMock(PasswordHasherInterface::class);
+        $mockHasher->expects($this->any())
+            ->method('hash')
+            ->with($this->equalTo('plainPassword'), $this->equalTo(null))
             ->willReturn('hash');
 
+        $mockPasswordHasherFactory = $this->createMock(PasswordHasherFactoryInterface::class);
+        $mockPasswordHasherFactory->expects($this->any())
+            ->method('getPasswordHasher')
+            ->with($user)
+            ->willReturn($mockHasher);
+
+        $passwordHasher = new UserPasswordHasher($mockPasswordHasherFactory);
+
+        $hashedPassword = $passwordHasher->hashPassword($user, 'plainPassword');
+
+        $this->assertSame('hash', $hashedPassword);
+    }
+
+    public function testVerifyWithLegacyUser()
+    {
+        $user = new TestLegacyPasswordAuthenticatedUser('user', 'hash', 'userSalt');
+
         $mockHasher = $this->createMock(PasswordHasherInterface::class);
         $mockHasher->expects($this->any())
             ->method('verify')
@@ -100,12 +114,34 @@ public function testVerify()
         $mockPasswordHasherFactory = $this->createMock(PasswordHasherFactoryInterface::class);
         $mockPasswordHasherFactory->expects($this->any())
             ->method('getPasswordHasher')
-            ->with($this->equalTo($userMock))
+            ->with($user)
+            ->willReturn($mockHasher);
+
+        $passwordHasher = new UserPasswordHasher($mockPasswordHasherFactory);
+
+        $isValid = $passwordHasher->isPasswordValid($user, 'plainPassword');
+        $this->assertTrue($isValid);
+    }
+
+    public function testVerify()
+    {
+        $user = new TestPasswordAuthenticatedUser('hash');
+
+        $mockHasher = $this->createMock(PasswordHasherInterface::class);
+        $mockHasher->expects($this->any())
+            ->method('verify')
+            ->with($this->equalTo('hash'), $this->equalTo('plainPassword'), $this->equalTo(null))
+            ->willReturn(true);
+
+        $mockPasswordHasherFactory = $this->createMock(PasswordHasherFactoryInterface::class);
+        $mockPasswordHasherFactory->expects($this->any())
+            ->method('getPasswordHasher')
+            ->with($user)
             ->willReturn($mockHasher);
 
         $passwordHasher = new UserPasswordHasher($mockPasswordHasherFactory);
 
-        $isValid = $passwordHasher->isPasswordValid($userMock, 'plainPassword');
+        $isValid = $passwordHasher->isPasswordValid($user, 'plainPassword');
         $this->assertTrue($isValid);
     }
 
@@ -128,7 +164,3 @@ public function testNeedsRehash()
         $this->assertFalse($passwordHasher->needsRehash($user));
     }
 }
-
-abstract class TestPasswordAuthenticatedUser implements LegacyPasswordAuthenticatedUserInterface, UserInterface
-{
-}