symfony
diff --git a/‎src/Symfony/Bridge/Doctrine/Security/User/EntityUserProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Doctrine/Security/User/EntityUserProvider.php
+2-6Lines changed: 2 additions & 6 deletions b/‎src/Symfony/Bridge/Doctrine/Security/User/EntityUserProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Doctrine/Security/User/EntityUserProvider.php
+2-6Lines changed: 2 additions & 6 deletions
diff --git a/‎src/Symfony/Bridge/Doctrine/Tests/Fixtures/User.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Doctrine/Tests/Fixtures/User.php
-4Lines changed: 0 additions & 4 deletions b/‎src/Symfony/Bridge/Doctrine/Tests/Fixtures/User.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Doctrine/Tests/Fixtures/User.php
-4Lines changed: 0 additions & 4 deletions
diff --git a/‎src/Symfony/Component/Ldap/Security/LdapUserProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/LdapUserProvider.php
+4-3Lines changed: 4 additions & 3 deletions b/‎src/Symfony/Component/Ldap/Security/LdapUserProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/LdapUserProvider.php
+4-3Lines changed: 4 additions & 3 deletions
diff --git a/‎src/Symfony/Component/PasswordHasher/Hasher/UserPasswordHasher.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/PasswordHasher/Hasher/UserPasswordHasher.php
+2-12Lines changed: 2 additions & 12 deletions b/‎src/Symfony/Component/PasswordHasher/Hasher/UserPasswordHasher.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/PasswordHasher/Hasher/UserPasswordHasher.php
+2-12Lines changed: 2 additions & 12 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
+6-9Lines changed: 6 additions & 9 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php
+6-9Lines changed: 6 additions & 9 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+10-7Lines changed: 10 additions & 7 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+10-7Lines changed: 10 additions & 7 deletions
diff --git a/‎src/Symfony/Component/Security/Core/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/CHANGELOG.md
+3-1Lines changed: 3 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/CHANGELOG.md
+3-1Lines changed: 3 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Authentication/Provider/DaoAuthenticationProviderTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Provider/DaoAuthenticationProviderTest.php
+7-6Lines changed: 7 additions & 6 deletions b/‎src/Symfony/Component/Security/Core/Tests/Authentication/Provider/DaoAuthenticationProviderTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Provider/DaoAuthenticationProviderTest.php
+7-6Lines changed: 7 additions & 6 deletions
diff --git a/‎src/Symfony/Component/Security/Core/User/ChainUserProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/User/ChainUserProvider.php
+2-2Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Component/Security/Core/User/ChainUserProvider.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/User/ChainUserProvider.php
+2-2Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Core/User/PasswordUpgraderInterface.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/User/PasswordUpgraderInterface.php
+8-5Lines changed: 8 additions & 5 deletions b/‎src/Symfony/Component/Security/Core/User/PasswordUpgraderInterface.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/User/PasswordUpgraderInterface.php
+8-5Lines changed: 8 additions & 5 deletions
diff --git a/‎src/Symfony/Component/Security/Core/User/UserInterface.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/User/UserInterface.php
-23Lines changed: 0 additions & 23 deletions b/‎src/Symfony/Component/Security/Core/User/UserInterface.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/User/UserInterface.php
-23Lines changed: 0 additions & 23 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Validator/Constraints/UserPasswordValidator.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Validator/Constraints/UserPasswordValidator.php
+2-12Lines changed: 2 additions & 12 deletions b/‎src/Symfony/Component/Security/Core/Validator/Constraints/UserPasswordValidator.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Validator/Constraints/UserPasswordValidator.php
+2-12Lines changed: 2 additions & 12 deletions
diff --git a/‎src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php
+2-7Lines changed: 2 additions & 7 deletions b/‎src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/EventListener/CheckCredentialsListener.php
+2-7Lines changed: 2 additions & 7 deletions
diff --git a/‎src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
+4-2Lines changed: 4 additions & 2 deletions b/‎src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
+4-2Lines changed: 4 additions & 2 deletions
@@ -133,20 +133,16 @@ public function supportsClass(string $class)
      *
      * @final
      */
-    public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
+    public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void
     {
-        if (!$user instanceof PasswordAuthenticatedUserInterface) {
-            trigger_deprecation('symfony/doctrine-bridge', '5.3', 'The "%s::upgradePassword()" method expects an instance of "%s" as first argument, the "%s" class should implement it.', PasswordUpgraderInterface::class, PasswordAuthenticatedUserInterface::class, get_debug_type($user));
-        }
-
         $class = $this->getClass();
         if (!$user instanceof $class) {
             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));
         }
 
         $repository = $this->getRepository();
         if ($repository instanceof PasswordUpgraderInterface) {
-            $repository->upgradePassword($user, $newEncodedPassword);
+            $repository->upgradePassword($user, $newHashedPassword);
         }
     }
 
 
@@ -44,10 +44,6 @@ public function getPassword(): ?string
     {
     }
 
-    public function getSalt(): ?string
-    {
-    }
-
     public function getUsername(): string
     {
         return $this->name;
 
@@ -18,6 +18,7 @@
 use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
 use Symfony\Component\Security\Core\Exception\UserNotFoundException;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -132,7 +133,7 @@ public function refreshUser(UserInterface $user)
      *
      * @final
      */
-    public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
+    public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void
     {
         if (!$user instanceof LdapUser) {
             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));
@@ -143,9 +144,9 @@ public function upgradePassword(UserInterface $user, string $newEncodedPassword)
         }
 
         try {
-            $user->getEntry()->setAttribute($this->passwordAttribute, [$newEncodedPassword]);
+            $user->getEntry()->setAttribute($this->passwordAttribute, [$newHashedPassword]);
             $this->ldap->getEntryManager()->update($user->getEntry());
-            $user->setPassword($newEncodedPassword);
+            $user->setPassword($newHashedPassword);
         } catch (ExceptionInterface $e) {
             // ignore failed password upgrades
         }
 
@@ -32,30 +32,20 @@ public function __construct(PasswordHasherFactoryInterface $hasherFactory)
 
     public function hashPassword(PasswordAuthenticatedUserInterface $user, string $plainPassword): string
     {
-        $salt = null;
-        if ($user instanceof LegacyPasswordAuthenticatedUserInterface) {
-            $salt = $user->getSalt();
-        }
-
         $hasher = $this->hasherFactory->getPasswordHasher($user);
 
-        return $hasher->hash($plainPassword, $salt);
+        return $hasher->hash($plainPassword, $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null);
     }
 
     public function isPasswordValid(PasswordAuthenticatedUserInterface $user, string $plainPassword): bool
     {
-        $salt = null;
-        if ($user instanceof LegacyPasswordAuthenticatedUserInterface) {
-            $salt = $user->getSalt();
-        }
-
         if (null === $user->getPassword()) {
             return false;
         }
 
         $hasher = $this->hasherFactory->getPasswordHasher($user);
 
-        return $hasher->verify($user->getPassword(), $plainPassword, $salt);
+        return $hasher->verify($user->getPassword(), $plainPassword,  $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null);
     }
 
     public function needsRehash(PasswordAuthenticatedUserInterface $user): bool
 
@@ -51,7 +51,12 @@ public function __construct(UserProviderInterface $userProvider, UserCheckerInte
      */
     protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
     {
+        if ($user instanceof PasswordAuthenticatedUserInterface) {
+            throw new \LogicException(sprintf('Class "%s" must implement "%s" for using password-based authentication.',get_debug_type($user), PasswordAuthenticatedUserInterface::class));
+        }
+
         $currentUser = $token->getUser();
+
         if ($currentUser instanceof UserInterface) {
             if ($currentUser->getPassword() !== $user->getPassword()) {
                 throw new BadCredentialsException('The credentials were changed from another session.');
@@ -65,15 +70,7 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
                 throw new BadCredentialsException('The presented password is invalid.');
             }
 
-            if (!$user instanceof PasswordAuthenticatedUserInterface) {
-                trigger_deprecation('symfony/security-core', '5.3', 'Using password-based authentication listeners while not implementing "%s" interface from class "%s" is deprecated.', PasswordAuthenticatedUserInterface::class, get_debug_type($user));
-            }
-
-            $salt = $user->getSalt();
-            if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
-                trigger_deprecation('symfony/security-core', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
-            }
-
+            $salt = $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null;
             $hasher = $this->hasherFactory->getPasswordHasher($user);
 
             if (!$hasher->verify($user->getPassword(), $presentedPassword, $salt)) {
 
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Authentication\Token;
 
 use Symfony\Component\Security\Core\User\EquatableInterface;
+use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 
@@ -273,14 +274,16 @@ private function hasUserChanged(UserInterface $user): bool
             return !(bool) $this->user->isEqualTo($user);
         }
 
-        // @deprecated since Symfony 5.3, check for PasswordAuthenticatedUserInterface on both user objects before comparing passwords
-        if ($this->user->getPassword() !== $user->getPassword()) {
-            return true;
-        }
+        if ($this->user instanceof PasswordAuthenticatedUserInterface || $user instanceof PasswordAuthenticatedUserInterface) {
+            if (!$this->user instanceof PasswordAuthenticatedUserInterface || !$user instanceof PasswordAuthenticatedUserInterface || $this->user->getPassword() !== $user->getPassword()) {
+                return true;
+            }
 
-        // @deprecated since Symfony 5.3, check for LegacyPasswordAuthenticatedUserInterface on both user objects before comparing salts
-        if ($this->user->getSalt() !== $user->getSalt()) {
-            return true;
+            if ($this->user instanceof LegacyPasswordAuthenticatedUserInterface || $user instanceof LegacyPasswordAuthenticatedUserInterface) {
+                if (!$this->user instanceof LegacyPasswordAuthenticatedUserInterface || !$user instanceof LegacyPasswordAuthenticatedUserInterface || $this->user->getSalt() !== $user->getSalt()) {
+                    return true;
+                }
+            }
         }
 
         $userRoles = array_map('strval', (array) $user->getRoles());
 
@@ -5,7 +5,9 @@ CHANGELOG
 ---
 
  * `TokenInterface` does not extend `Serializable` anymore
- *  Remove all classes in the `Core\Encoder\`  sub-namespace, use the `PasswordHasher` component instead
+ * Remove all classes in the `Core\Encoder\`  sub-namespace, use the `PasswordHasher` component instead
+ * Remove methods `getPassword()` and `getSalt()` from `UserInterface`, use `PasswordAuthenticatedUserInterface`
+   or `LegacyPasswordAuthenticatedUserInterface` instead
 
 5.3
 ---
 
@@ -23,6 +23,7 @@
 use Symfony\Component\Security\Core\Exception\UserNotFoundException;
 use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Core\User\InMemoryUserProvider;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
 use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
@@ -188,7 +189,7 @@ public function testCheckAuthenticationWhenCredentialsAreNotValid()
     public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChanged()
     {
         $this->expectException(BadCredentialsException::class);
-        $user = $this->createMock(UserInterface::class);
+        $user = $this->createMock(TestUser::class);
         $user->expects($this->once())
              ->method('getPassword')
              ->willReturn('foo')
@@ -199,7 +200,7 @@ public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChang
               ->method('getUser')
               ->willReturn($user);
 
-        $dbUser = $this->createMock(UserInterface::class);
+        $dbUser = $this->createMock(TestUser::class);
         $dbUser->expects($this->once())
                ->method('getPassword')
                ->willReturn('newFoo')
@@ -213,7 +214,7 @@ public function testCheckAuthenticationDoesNotReauthenticateWhenPasswordHasChang
 
     public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithoutOriginalCredentials()
     {
-        $user = $this->createMock(UserInterface::class);
+        $user = $this->createMock(TestUser::class);
         $user->expects($this->once())
              ->method('getPassword')
              ->willReturn('foo')
@@ -224,7 +225,7 @@ public function testCheckAuthenticationWhenTokenNeedsReauthenticationWorksWithou
               ->method('getUser')
               ->willReturn($user);
 
-        $dbUser = $this->createMock(UserInterface::class);
+        $dbUser = $this->createMock(TestUser::class);
         $dbUser->expects($this->once())
                ->method('getPassword')
                ->willReturn('foo')
@@ -338,7 +339,7 @@ protected function getProvider($user = null, $userChecker = null, $passwordHashe
     }
 }
 
-class TestUser implements UserInterface
+class TestUser implements PasswordAuthenticatedUserInterface, UserInterface
 {
     public function getRoles(): array
     {
@@ -371,7 +372,7 @@ public function eraseCredentials()
 }
 interface PasswordUpgraderProvider extends UserProviderInterface, PasswordUpgraderInterface
 {
-    public function upgradePassword(UserInterface $user, string $newHashedPassword): void;
+    public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void;
 
     public function loadUserByIdentifier(string $identifier): UserInterface;
 }
 
@@ -128,12 +128,12 @@ public function supportsClass(string $class)
     /**
      * {@inheritdoc}
      */
-    public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newEncodedPassword): void
+    public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void
     {
         foreach ($this->providers as $provider) {
             if ($provider instanceof PasswordUpgraderInterface) {
                 try {
-                    $provider->upgradePassword($user, $newEncodedPassword);
+                    $provider->upgradePassword($user, $newHashedPassword);
                 } catch (UnsupportedUserException $e) {
                     // ignore: password upgrades are opportunistic
                 }
 
@@ -13,12 +13,15 @@
 
 /**
  * @author Nicolas Grekas <p@tchwork.com>
- *
- * @method void upgradePassword(PasswordAuthenticatedUserInterface|UserInterface $user, string $newHashedPassword) Upgrades the hashed password of a user, typically for using a better hash algorithm.
- *                                                                                                                 This method should persist the new password in the user storage and update the $user object accordingly.
- *                                                                                                                 Because you don't want your users not being able to log in, this method should be opportunistic:
- *                                                                                                                 it's fine if it does nothing or if it fails without throwing any exception.
  */
 interface PasswordUpgraderInterface
 {
+    /**
+     * Upgrades the hashed password of a user, typically for using a better hash algorithm.
+     *
+     * This method should persist the new password in the user storage and update the $user object accordingly.
+     * Because you don't want your users not being able to log in, this method should be opportunistic:
+     * it's fine if it does nothing or if it fails without throwing any exception.
+     */
+    public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void;
 }
@@ -48,29 +48,6 @@ interface UserInterface
      */
     public function getRoles();
 
-    /**
-     * Returns the password used to authenticate the user.
-     *
-     * This should be the hashed password. On authentication, a plain-text
-     * password will be hashed, and then compared to this value.
-     *
-     * This method is deprecated since Symfony 5.3, implement it from {@link PasswordAuthenticatedUserInterface} instead.
-     *
-     * @return string|null The hashed password if any
-     */
-    public function getPassword();
-
-    /**
-     * Returns the salt that was originally used to hash the password.
-     *
-     * This can return null if the password was not hashed using a salt.
-     *
-     * This method is deprecated since Symfony 5.3, implement it from {@link LegacyPasswordAuthenticatedUserInterface} instead.
-     *
-     * @return string|null The salt
-     */
-    public function getSalt();
-
     /**
      * Removes sensitive data from the user.
      *
 
@@ -15,7 +15,6 @@
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
-use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Validator\Constraint;
 use Symfony\Component\Validator\ConstraintValidator;
 use Symfony\Component\Validator\Exception\ConstraintDefinitionException;
@@ -53,22 +52,13 @@ public function validate(mixed $password, Constraint $constraint)
 
         $user = $this->tokenStorage->getToken()->getUser();
 
-        if (!$user instanceof UserInterface) {
-            throw new ConstraintDefinitionException('The User object must implement the UserInterface interface.');
-        }
-
         if (!$user instanceof PasswordAuthenticatedUserInterface) {
-            trigger_deprecation('symfony/security-core', '5.3', 'Using the "%s" validation constraint without implementing the "%s" interface is deprecated, the "%s" class should implement it.', UserPassword::class, PasswordAuthenticatedUserInterface::class, get_debug_type($user));
-        }
-
-        $salt = $user->getSalt();
-        if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
-            trigger_deprecation('symfony/security-core', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
+            throw new ConstraintDefinitionException(sprintf('The "%s" class must implement the "%s" interface.', PasswordAuthenticatedUserInterface::class, get_debug_type($user)));
         }
 
         $hasher = $this->hasherFactory->getPasswordHasher($user);
 
-        if (null === $user->getPassword() || !$hasher->verify($user->getPassword(), $password, $user->getSalt())) {
+        if (null === $user->getPassword() || !$hasher->verify($user->getPassword(), $password, $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null)) {
             $this->context->addViolation($constraint->message);
         }
     }
 
@@ -47,7 +47,7 @@ public function checkPassport(CheckPassportEvent $event): void
             $user = $passport->getUser();
 
             if (!$user instanceof PasswordAuthenticatedUserInterface) {
-                trigger_deprecation('symfony/security-http', '5.3', 'Not implementing the "%s" interface in class "%s" while using password-based authentication is deprecated.', PasswordAuthenticatedUserInterface::class, get_debug_type($user));
+                throw new \LogicException(sprintf('Class "%s" must implement "%s" for using password-based authentication.',get_debug_type($user), PasswordAuthenticatedUserInterface::class));
             }
 
             /** @var PasswordCredentials $badge */
@@ -66,12 +66,7 @@ public function checkPassport(CheckPassportEvent $event): void
                 throw new BadCredentialsException('The presented password is invalid.');
             }
 
-            $salt = $user->getSalt();
-            if ($salt && !$user instanceof LegacyPasswordAuthenticatedUserInterface) {
-                trigger_deprecation('symfony/security-http', '5.3', 'Returning a string from "getSalt()" without implementing the "%s" interface is deprecated, the "%s" class should implement it.', LegacyPasswordAuthenticatedUserInterface::class, get_debug_type($user));
-            }
-
-            if (!$this->hasherFactory->getPasswordHasher($user)->verify($user->getPassword(), $presentedPassword, $salt)) {
+            if (!$this->hasherFactory->getPasswordHasher($user)->verify($user->getPassword(), $presentedPassword, $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null)) {
                 throw new BadCredentialsException('The presented password is invalid.');
             }
 
 
@@ -14,6 +14,8 @@
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;
 use Symfony\Component\PasswordHasher\PasswordHasherInterface;
+use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;
+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
@@ -50,7 +52,7 @@ public function onLoginSuccess(LoginSuccessEvent $event): void
         }
 
         $user = $passport->getUser();
-        if (null === $user->getPassword()) {
+        if (!$user instanceof PasswordAuthenticatedUserInterface || null === $user->getPassword()) {
             return;
         }
 
@@ -76,7 +78,7 @@ public function onLoginSuccess(LoginSuccessEvent $event): void
             }
         }
 
-        $passwordUpgrader->upgradePassword($user, $passwordHasher instanceof PasswordHasherInterface ? $passwordHasher->hash($plaintextPassword, $user->getSalt()) : $passwordHasher->encodePassword($plaintextPassword, $user->getSalt()));
+        $passwordUpgrader->upgradePassword($user, $passwordHasher->hash($plaintextPassword, $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null));
     }
 
     public static function getSubscribedEvents(): array
Original file line number	Diff line number	Diff line change
`@@ -133,20 +133,16 @@ public function supportsClass(string $class)`
`133`	`133`	`*`
`134`	`134`	`* @final`
`135`	`135`	`*/`
`136`		`- public function upgradePassword(UserInterface $user, string $newEncodedPassword): void`
	`136`	`+ public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void`
`137`	`137`	`{`
`138`		`- if (!$user instanceof PasswordAuthenticatedUserInterface) {`
`139`		`- trigger_deprecation('symfony/doctrine-bridge', '5.3', 'The "%s::upgradePassword()" method expects an instance of "%s" as first argument, the "%s" class should implement it.', PasswordUpgraderInterface::class, PasswordAuthenticatedUserInterface::class, get_debug_type($user));`
`140`		`- }`
`141`		`-`
`142`	`138`	`$class = $this->getClass();`
`143`	`139`	`if (!$user instanceof $class) {`
`144`	`140`	`throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user)));`
`145`	`141`	`}`
`146`	`142`
`147`	`143`	`$repository = $this->getRepository();`
`148`	`144`	`if ($repository instanceof PasswordUpgraderInterface) {`
`149`		`- $repository->upgradePassword($user, $newEncodedPassword);`
	`145`	`+ $repository->upgradePassword($user, $newHashedPassword);`
`150`	`146`	`}`
`151`	`147`	`}`
`152`	`148`
Original file line number	Diff line number	Diff line change
`@@ -44,10 +44,6 @@ public function getPassword(): ?string`
`44`	`44`	`{`
`45`	`45`	`}`
`46`	`46`
`47`		`- public function getSalt(): ?string`
`48`		`- {`
`49`		`- }`
`50`		`-`
`51`	`47`	`public function getUsername(): string`
`52`	`48`	`{`
`53`	`49`	`return $this->name;`
Original file line number	Diff line number	Diff line change
`@@ -32,30 +32,20 @@ public function __construct(PasswordHasherFactoryInterface $hasherFactory)`
`32`	`32`
`33`	`33`	`public function hashPassword(PasswordAuthenticatedUserInterface $user, string $plainPassword): string`
`34`	`34`	`{`
`35`		`- $salt = null;`
`36`		`- if ($user instanceof LegacyPasswordAuthenticatedUserInterface) {`
`37`		`- $salt = $user->getSalt();`
`38`		`- }`
`39`		`-`
`40`	`35`	`$hasher = $this->hasherFactory->getPasswordHasher($user);`
`41`	`36`
`42`		`- return $hasher->hash($plainPassword, $salt);`
	`37`	`+ return $hasher->hash($plainPassword, $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null);`
`43`	`38`	`}`
`44`	`39`
`45`	`40`	`public function isPasswordValid(PasswordAuthenticatedUserInterface $user, string $plainPassword): bool`
`46`	`41`	`{`
`47`		`- $salt = null;`
`48`		`- if ($user instanceof LegacyPasswordAuthenticatedUserInterface) {`
`49`		`- $salt = $user->getSalt();`
`50`		`- }`
`51`		`-`
`52`	`42`	`if (null === $user->getPassword()) {`
`53`	`43`	`return false;`
`54`	`44`	`}`
`55`	`45`
`56`	`46`	`$hasher = $this->hasherFactory->getPasswordHasher($user);`
`57`	`47`
`58`		`- return $hasher->verify($user->getPassword(), $plainPassword, $salt);`
	`48`	`+ return $hasher->verify($user->getPassword(), $plainPassword, $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null);`
`59`	`49`	`}`
`60`	`50`
`61`	`51`	`public function needsRehash(PasswordAuthenticatedUserInterface $user): bool`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@`
`14`	`14`	`use Symfony\Component\EventDispatcher\EventSubscriberInterface;`
`15`	`15`	`use Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface;`
`16`	`16`	`use Symfony\Component\PasswordHasher\PasswordHasherInterface;`
	`17`	`+use Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface;`
	`18`	`+use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;`
`17`	`19`	`use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;`
`18`	`20`	`use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;`
`19`	`21`	`use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;`
`@@ -50,7 +52,7 @@ public function onLoginSuccess(LoginSuccessEvent $event): void`
`50`	`52`	`}`
`51`	`53`
`52`	`54`	`$user = $passport->getUser();`
`53`		`- if (null === $user->getPassword()) {`
	`55`	`+ if (!$user instanceof PasswordAuthenticatedUserInterface \|\| null === $user->getPassword()) {`
`54`	`56`	`return;`
`55`	`57`	`}`
`56`	`58`
`@@ -76,7 +78,7 @@ public function onLoginSuccess(LoginSuccessEvent $event): void`
`76`	`78`	`}`
`77`	`79`	`}`
`78`	`80`
`79`		`- $passwordUpgrader->upgradePassword($user, $passwordHasher instanceof PasswordHasherInterface ? $passwordHasher->hash($plaintextPassword, $user->getSalt()) : $passwordHasher->encodePassword($plaintextPassword, $user->getSalt()));`
	`81`	`+ $passwordUpgrader->upgradePassword($user, $passwordHasher->hash($plaintextPassword, $user instanceof LegacyPasswordAuthenticatedUserInterface ? $user->getSalt() : null));`
`80`	`82`	`}`
`81`	`83`
`82`	`84`	`public static function getSubscribedEvents(): array`