Allow null password hash (#581)

patrickomeara · web-flow · commit 47d26f1d3108 · 2026-01-11T12:20:25.000-06:00
The users password may be null at this point
diff --git a/src/Http/Middleware/AuthenticateSession.php b/src/Http/Middleware/AuthenticateSession.php
@@ -110,11 +110,11 @@ protected function storePasswordHashInSession($request, string $guard)
      * Validate the password hash against the stored value.
      *
      * @param  \Illuminate\Auth\SessionGuard  $guard
-     * @param  string  $passwordHash
+     * @param  string|null  $passwordHash
      * @param  string  $storedValue
      * @return bool
      */
-    protected function validatePasswordHash(SessionGuard $guard, string $passwordHash, string $storedValue): bool
+    protected function validatePasswordHash(SessionGuard $guard, ?string $passwordHash, string $storedValue): bool
     {
         // Try new HMAC format first (Laravel 12.45.0+)...
         if (method_exists($guard, 'hashPasswordForCookie')) {

Original file line number	Diff line number	Diff line change
`@@ -110,11 +110,11 @@ protected function storePasswordHashInSession($request, string $guard)`
`110`	`110`	`* Validate the password hash against the stored value.`
`111`	`111`	`*`
`112`	`112`	`* @param \Illuminate\Auth\SessionGuard $guard`
`113`		`- * @param string $passwordHash`
	`113`	`+ * @param string\|null $passwordHash`
`114`	`114`	`* @param string $storedValue`
`115`	`115`	`* @return bool`
`116`	`116`	`*/`
`117`		`- protected function validatePasswordHash(SessionGuard $guard, string $passwordHash, string $storedValue): bool`
	`117`	`+ protected function validatePasswordHash(SessionGuard $guard, ?string $passwordHash, string $storedValue): bool`
`118`	`118`	`{`
`119`	`119`	`// Try new HMAC format first (Laravel 12.45.0+)...`
`120`	`120`	`if (method_exists($guard, 'hashPasswordForCookie')) {`