symfony · fabpot · Aug 18, 2020 · Jun 24, 2020
diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -95,6 +95,10 @@ protected function attemptAuthentication(Request $request)
             throw new BadCredentialsException('Invalid username.');
         }
 
+        if (null === $password) {
+            throw new \LogicException(sprintf('The key "%s" cannot be null; check that the password field name of the form matches.', $this->options['password_parameter']));
+        }
+
         $request->getSession()->set(Security::LAST_USERNAME, $username);
 
         return $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey));

diff --git a/...Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php b/...Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
@@ -32,7 +32,7 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase
      */
     public function testHandleWhenUsernameLength($username, $ok)
     {
-        $request = Request::create('/login_check', 'POST', ['_username' => $username]);
+        $request = Request::create('/login_check', 'POST', ['_username' => $username, '_password' => 'symfony']);
         $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
 
         $httpUtils = $this->getMockBuilder('Symfony\Component\Security\Http\HttpUtils')->getMock();
@@ -161,7 +161,31 @@ public function testHandleNonStringUsernameWith__toString($postOnly)
             ->method('__toString')
             ->willReturn('someUsername');
 
-        $request = Request::create('/login_check', 'POST', ['_username' => $usernameClass]);
+        $request = Request::create('/login_check', 'POST', ['_username' => $usernameClass, '_password' => 'symfony']);
+        $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
+        $listener = new UsernamePasswordFormAuthenticationListener(
+            new TokenStorage(),
+            $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(),
+            new SessionAuthenticationStrategy(SessionAuthenticationStrategy::NONE),
+            $httpUtils = new HttpUtils(),
+            'foo',
+            new DefaultAuthenticationSuccessHandler($httpUtils),
+            new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
+            ['require_previous_session' => false, 'post_only' => $postOnly]
+        );
+        $event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
+        $listener->handle($event);
+    }
+
+    /**
+     * @dataProvider postOnlyDataProvider
+     */
+    public function testHandleWhenPasswordAreNull($postOnly)
+    {
+        $this->expectException('LogicException');
+        $this->expectExceptionMessage('The key "_password" cannot be null; check that the password field name of the form matches.');
+
+        $request = Request::create('/login_check', 'POST', ['_username' => 'symfony', 'password' => 'symfony']);
         $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
         $listener = new UsernamePasswordFormAuthenticationListener(
             new TokenStorage(),