bug #31763 [Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords (nicolas-grekas)

This PR was merged into the 4.3 branch.

Discussion
----------

[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords

| Q             | A
| ------------- | ---
| Branch?       | 4.3
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #31758
| License       | MIT
| Doc PR        | -

Otherwise, the promise of the "auto" mode doesn't work.

Commits
-------

c0fc45682a [Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords

src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php

@@ -84,6 +84,11 @@ final class SodiumPasswordEncoder implements PasswordEncoderInterface, SelfSalti
             return false;
         }
 
+        if (72 >= \strlen($raw) && 0 === strpos($encoded, '$2')) {
+            // Accept validating BCrypt passwords for seamless migrations
+            return password_verify($raw, $encoded);
+        }
+
         if (\function_exists('sodium_crypto_pwhash_str_verify')) {
             return \sodium_crypto_pwhash_str_verify($encoded, $raw);
         }

src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php

@@ -31,6 +31,12 @@ class SodiumPasswordEncoderTest extends TestCase
         $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
     }
 
+    public function testBCryptValidation()
+    {
+        $encoder = new SodiumPasswordEncoder();
+        $this->assertTrue($encoder->isPasswordValid('$2y$04$M8GDODMoGQLQRpkYCdoJh.lbiZPee3SZI32RcYK49XYTolDGwoRMm', 'abc', null));
+    }
+
     /**
      * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
      */