symfony
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
+3-2Lines changed: 3 additions & 2 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
+3-2Lines changed: 3 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Authentication/Provider/UserAuthenticationProviderTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Provider/UserAuthenticationProviderTest.php
+18Lines changed: 18 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Tests/Authentication/Provider/UserAuthenticationProviderTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Provider/UserAuthenticationProviderTest.php
+18Lines changed: 18 additions & 0 deletions
@@ -18,6 +18,7 @@
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\AuthenticationServiceException;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAccountStatusException;
 use Symfony\Component\Security\Core\Exception\UserNotFoundException;
 use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
@@ -84,8 +85,8 @@ public function authenticate(TokenInterface $token)
             $this->userChecker->checkPreAuth($user);
             $this->checkAuthentication($user, $token);
             $this->userChecker->checkPostAuth($user);
-        } catch (AccountStatusException $e) {
-            if ($this->hideUserNotFoundExceptions) {
+        } catch (AccountStatusException | BadCredentialsException $e) {
+            if ($this->hideUserNotFoundExceptions && !$e instanceof CustomUserMessageAccountStatusException) {
                 throw new BadCredentialsException('Bad credentials.', 0, $e);
             }
 
 
@@ -69,6 +69,24 @@ public function testAuthenticateWhenUsernameIsNotFoundAndHideIsTrue()
         $provider->authenticate($this->getSupportedToken());
     }
 
+    public function testAuthenticateWhenCredentialsAreInvalidAndHideIsTrue()
+    {
+        $provider = $this->getProvider();
+        $provider->expects($this->once())
+            ->method('retrieveUser')
+            ->willReturn($this->createMock(UserInterface::class))
+        ;
+        $provider->expects($this->once())
+            ->method('checkAuthentication')
+            ->willThrowException(new BadCredentialsException())
+        ;
+
+        $this->expectException(BadCredentialsException::class);
+        $this->expectExceptionMessage('Bad credentials.');
+
+        $provider->authenticate($this->getSupportedToken());
+    }
+
     public function testAuthenticateWhenProviderDoesNotReturnAnUserInterface()
     {
         $this->expectException(AuthenticationServiceException::class);