When login in with SAML, the password from `$event->getPassword()` is `null`.
This PR makes sure that this `null` value won't be used to override the stored password even though it is different.
This PR also allow for the password and user to be updated even though they were not set before.
Signed-off-by: Louis Chemineau <louis@chmn.me>
$newCredentials = $storedCredentials;
$shouldUpdate = false;
- if (isset($storedCredentials['password']) && $storedCredentials['password'] !== $event->getPassword()) {
+ if (($storedCredentials['password'] ?? null) !== $event->getPassword() && $event->getPassword() !== null) {
$shouldUpdate = true;
$newCredentials['password'] = $event->getPassword();
}
- if (isset($storedCredentials['user']) && $event instanceof UserLoggedInEvent && $storedCredentials['user'] !== $event->getLoginName()) {
+ if ($event instanceof UserLoggedInEvent && ($storedCredentials['user'] ?? null) !== $event->getLoginName()) {
$shouldUpdate = true;
$newCredentials['user'] = $event->getLoginName();
}