symfony
diff --git a/‎src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php
+4Lines changed: 4 additions & 0 deletions b/‎src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Guard/PasswordAuthenticatedInterface.php
+4Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProviderTrait.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProviderTrait.php
+14-2Lines changed: 14 additions & 2 deletions b/‎src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProviderTrait.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Guard/Provider/GuardAuthenticationProviderTrait.php
+14-2Lines changed: 14 additions & 2 deletions
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Guard;
 
+use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+
 /**
  * An optional interface for "guard" authenticators that deal with user passwords.
  */
@@ -22,4 +24,6 @@ interface PasswordAuthenticatedInterface
      * @param mixed $credentials The user credentials
      */
     public function getPassword($credentials): ?string;
+
+    /* public function getPasswordEncoder(): ?UserPasswordEncoderInterface; */
 }
@@ -62,8 +62,20 @@ private function authenticateViaGuard($guardAuthenticator, PreAuthenticationGuar
 
             throw new BadCredentialsException(sprintf('Authentication failed because "%s::checkCredentials()" did not return true.', get_debug_type($guardAuthenticator)));
         }
-        if ($this->userProvider instanceof PasswordUpgraderInterface && $guardAuthenticator instanceof PasswordAuthenticatedInterface && null !== $this->passwordEncoder && (null !== $password = $guardAuthenticator->getPassword($token->getCredentials())) && method_exists($this->passwordEncoder, 'needsRehash') && $this->passwordEncoder->needsRehash($user)) {
-            $this->userProvider->upgradePassword($user, $this->passwordEncoder->encodePassword($user, $password));
+
+        if ($guardAuthenticator instanceof PasswordAuthenticatedInterface
+            && null !== $password = $guardAuthenticator->getPassword($token->getCredentials())
+            && null !== $passwordEncoder = $this->passwordEncoder ?? (method_exists($guardAuthenticator, 'getPasswordEncoder') ? $guardAuthenticator->getPasswordEncoder() : null)
+        ) {
+            if (method_exists($passwordEncoder, 'needsRehash') && $passwordEncoder->needsRehash($user)) {
+                if (!isset($this->userProvider)) {
+                    if ($guardAuthenticator instanceof PasswordUpgraderInterface) {
+                        $guardAuthenticator->upgradePassword($user, $guardAuthenticator->getPasswordEncoder()->encodePassword($user, $password));
+                    }
+                } elseif ($this->userProvider instanceof PasswordUpgraderInterface) {
+                    $this->userProvider->upgradePassword($user, $passwordEncoder->encodePassword($user, $password));
+                }
+            }
         }
         $this->userChecker->checkPostAuth($user);