[Security/Http] Fix getting password-upgrader when user-loader is a closure

Author: nicolas-grekas

EventListener/PasswordMigratingListener.php

@@ -79,7 +79,9 @@ public function onLoginSuccess(LoginSuccessEvent $event): void
             $userLoader = $userBadge->getUserLoader();
             if (\is_array($userLoader) && $userLoader[0] instanceof PasswordUpgraderInterface) {
                 $passwordUpgrader = $userLoader[0];
-            } else {
+            } elseif (!$userLoader instanceof \Closure
+                || !($passwordUpgrader = (new \ReflectionFunction($userLoader))->getClosureThis()) instanceof PasswordUpgraderInterface
+            ) {
                 return;
             }
         }

Tests/EventListener/PasswordMigratingListenerTest.php

@@ -111,13 +111,16 @@ public function testUpgradeWithoutUpgrader()
         $userLoader = $this->getMockForAbstractClass(TestMigratingUserProvider::class);
         $userLoader->expects($this->any())->method('loadUserByIdentifier')->willReturn($this->user);
 
-        $userLoader->expects($this->once())
+        $userLoader->expects($this->exactly(2))
             ->method('upgradePassword')
             ->with($this->user, 'new-hash')
         ;
 
         $event = $this->createEvent(new SelfValidatingPassport(new UserBadge('test', [$userLoader, 'loadUserByIdentifier']), [new PasswordUpgradeBadge('pa$$word')]));
         $this->listener->onLoginSuccess($event);
+
+        $event = $this->createEvent(new SelfValidatingPassport(new UserBadge('test', \Closure::fromCallable([$userLoader, 'loadUserByIdentifier'])), [new PasswordUpgradeBadge('pa$$word')]));
+        $this->listener->onLoginSuccess($event);
     }
 
     public function testUserWithoutPassword()