From b4e42d6562f6f98cc79c16ba37d117df13664f59 Mon Sep 17 00:00:00 2001
From: Hugo Sales <hugo@fc.up.pt>
Date: Mon, 27 Jul 2020 22:18:23 +0000
Subject: [PATCH] [SECURITY] Ensure ARGON2 constants are defined, or throw
 exception

---
 src/Entity/LocalUser.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/Entity/LocalUser.php b/src/Entity/LocalUser.php
index 1340efa643..108d123e7e 100644
--- a/src/Entity/LocalUser.php
+++ b/src/Entity/LocalUser.php
@@ -362,11 +362,14 @@ class LocalUser implements UserInterface
         case 'bcrypt':
             return PASSWORD_BCRYPT;
         case 'argon2i':
-            return PASSWORD_ARGON2I;
         case 'argon2d':
-            return PASSWORD_ARGON2D;
         case 'argon2id':
-            return PASSWORD_ARGON2ID;
+            $c = 'PASSWORD_' . strtoupper($algo);
+            if (defined($c)) {
+                return constant($c);
+            }
+            // fallthrough
+            // no break
         default:
             throw new Exception('Unsupported or unsafe hashing algorithm requested');
         }