Fail on empty password verification (without warning on any implement…

…ation)

src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php

@@ -76,6 +76,9 @@ public function encodePassword($raw, $salt): string
      */
     public function isPasswordValid($encoded, $raw, $salt): bool
     {
+        if ('' === $raw) {
+            return false;
+        }
         if (\strlen($raw) > self::MAX_PASSWORD_LENGTH) {
             return false;
         }

src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php

@@ -76,6 +76,9 @@ public function encodePassword($raw, $salt): string
      */
     public function isPasswordValid($encoded, $raw, $salt): bool
     {
+        if ('' === $raw) {
+            return false;
+        }
         if (\strlen($raw) > self::MAX_PASSWORD_LENGTH) {
             return false;
         }

src/Symfony/Component/Security/Core/Tests/Encoder/NativePasswordEncoderTest.php

@@ -53,6 +53,7 @@ public function testValidation()
         $result = $encoder->encodePassword('password', null);
         $this->assertTrue($encoder->isPasswordValid($result, 'password', null));
         $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
+        $this->assertFalse($encoder->isPasswordValid($result, '', null));
     }
 
     public function testNonArgonValidation()

src/Symfony/Component/Security/Core/Tests/Encoder/SodiumPasswordEncoderTest.php

@@ -29,6 +29,7 @@ public function testValidation()
         $result = $encoder->encodePassword('password', null);
         $this->assertTrue($encoder->isPasswordValid($result, 'password', null));
         $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
+        $this->assertFalse($encoder->isPasswordValid($result, '', null));
     }
 
     public function testBCryptValidation()