[Security] Check UserInterface::getPassword is not null before calling needsRehash

src/Symfony/Component/Security/Core/Encoder/UserPasswordEncoder.php

@@ -56,6 +56,10 @@ class UserPasswordEncoder implements UserPasswordEncoderInterface
      */
     public function needsRehash(UserInterface $user): bool
     {
+        if (null === $user->getPassword()) {
+            return false;
+        }
+
         $encoder = $this->encoderFactory->getEncoder($user);
 
         return method_exists($encoder, 'needsRehash') && $encoder->needsRehash($user->getPassword());