Change the way to reset the plain password after hashing it

stof · stof · commit 139e6089a03f · 2026-02-09T17:00:21.000+01:00
The PasswordUpdater implementation resets the plain password to `null`
after hashing the password, marking the fact that a next code (done in a
Doctrine listener for instance) would not need to hash anything anymore.
Instead of relying on `UserInterface::eraseCredentials` which is
deprecated in Symfony 7.3+ and not guaranteed to implement this behavior
if the entity overrides the method, the `null` is now set explicitly.
diff --git a/src/Util/HashingPasswordUpdater.php b/src/Util/HashingPasswordUpdater.php
@@ -50,6 +50,6 @@ public function hashPassword(UserInterface $user): void
         }
 
         $user->setPassword($hashedPassword);
-        $user->eraseCredentials();
+        $user->setPlainPassword(null);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,6 @@ public function hashPassword(UserInterface $user): void`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`$user->setPassword($hashedPassword);`
`53`		`- $user->eraseCredentials();`
	`53`	`+ $user->setPlainPassword(null);`
`54`	`54`	`}`
`55`	`55`	`}`