symfony
diff --git a/‎src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php
+5Lines changed: 5 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php
+5Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php
+6Lines changed: 6 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php
+6Lines changed: 6 additions & 0 deletions
@@ -84,6 +84,11 @@ public function isPasswordValid($encoded, $raw, $salt)
             return false;
         }
 
+        if (72 >= \strlen($raw) && 0 === strpos($encoded, '$2')) {
+            // Accept validating BCrypt passwords for seamless migrations
+            return password_verify($raw, $encoded);
+        }
+
         if (\function_exists('sodium_crypto_pwhash_str_verify')) {
             return \sodium_crypto_pwhash_str_verify($encoded, $raw);
         }
 
@@ -31,6 +31,12 @@ public function testValidation()
         $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
     }
 
+    public function testBCryptValidation()
+    {
+        $encoder = new SodiumPasswordEncoder();
+        $this->assertTrue($encoder->isPasswordValid('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));
+    }
+
     /**
      * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
      */
Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,11 @@ public function isPasswordValid($encoded, $raw, $salt)`
`84`	`84`	`return false;`
`85`	`85`	`}`
`86`	`86`
	`87`	`+ if (72 >= \strlen($raw) && 0 === strpos($encoded, '$2')) {`
	`88`	`+ // Accept validating BCrypt passwords for seamless migrations`
	`89`	`+ return password_verify($raw, $encoded);`
	`90`	`+ }`
	`91`	`+`
`87`	`92`	`if (\function_exists('sodium_crypto_pwhash_str_verify')) {`
`88`	`93`	`return \sodium_crypto_pwhash_str_verify($encoded, $raw);`
`89`	`94`	`}`