contao · leofeyer · Nov 27, 2019 · Nov 27, 2019 · Nov 27, 2019 · Toflar
diff --git a/core-bundle/src/Security/User/ContaoUserProvider.php b/core-bundle/src/Security/User/ContaoUserProvider.php
@@ -107,6 +107,19 @@ public function supportsClass($class): bool
         return $this->userClass === $class;
     }
 
+    /**
+     * @param User $user
+     */
+    public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
+    {
+        if (!is_a($user, $this->userClass)) {
 public function refreshUser(UserInterface $user) 
 { 
     if (!is_a($user, $this->userClass)) { 
         throw new UnsupportedUserException(sprintf('Unsupported class "%s".', \get_class($user))); 
     } 
 public function refreshUser(UserInterface $user) 
 { 
     if (!is_a($user, $this->userClass)) { 
         throw new UnsupportedUserException(sprintf('Unsupported class "%s".', \get_class($user))); 
     } 
+            throw new UnsupportedUserException(sprintf('Unsupported class "%s".', \get_class($user)));
+        }
+
+        $user->password = $newEncodedPassword;
+        $user->save();
+    }
+
     /**
      * Validates the session lifetime and logs the user out if the session has expired.
      *
@@ -153,12 +166,4 @@ private function triggerPostAuthenticateHook(User $user): void
             $system->importStatic($callback[0])->{$callback[1]}($user);
         }
     }
-
-    public function upgradePassword(UserInterface $user, string $newEncodedPassword): void
-    {
-        /** @var User $user */
-        $user->password = $newEncodedPassword;
-
-        $user->save();
-    }
 }
diff --git a/core-bundle/tests/Security/User/ContaoUserProviderTest.php b/core-bundle/tests/Security/User/ContaoUserProviderTest.php
@@ -207,24 +207,35 @@ public function testDoesNotHandleUnknownUserClasses(): void
         $this->getProvider(null, 'LdapUser');
     }
 
-    public function testStoresUpgradedPasswords(): void
+    public function testUpgradesPasswords(): void
     {
+        /** @var BackendUser&MockObject $user */
         $user = $this->mockClassWithProperties(BackendUser::class);
-        $user->expects($this->once())->method('save');
         $user->username = 'foobar';
         $user->password = 'superhash';
 
-        $userProvider = new ContaoUserProvider(
-            $this->mockContaoFramework(),
-            $this->createMock(SessionInterface::class),
-            BackendUser::class
-        );
+        $user
+            ->expects($this->once())
+            ->method('save')
+        ;
 
+        $userProvider = $this->getProvider(null, BackendUser::class);
         $userProvider->upgradePassword($user, 'newsuperhash');
 
         $this->assertSame('newsuperhash', $user->password);
     }
 
+    public function testFailsToUpgradePasswordsOfUnsupportedUsers(): void
+    {
+        $user = $this->createMock(UserInterface::class);
+        $provider = $this->getProvider();
+
+        $this->expectException(UnsupportedUserException::class);
+        $this->expectExceptionMessage(sprintf('Unsupported class "%s".', \get_class($user)));
+
+        $provider->upgradePassword($user, 'newsuperhash');
+    }
+
     /**
      * @group legacy
      *