[Security] Fix missing defaults for auto-migrating encoders

Author: chalasr

Encoder/EncoderFactory.php

@@ -144,10 +144,10 @@ private function getEncoderConfigFromAlgorithm(array $config): array
                 return [
                     'class' => Pbkdf2PasswordEncoder::class,
                     'arguments' => [
-                        $config['hash_algorithm'],
-                        $config['encode_as_base64'],
-                        $config['iterations'],
-                        $config['key_length'],
+                        $config['hash_algorithm'] ?? 'sha512',
+                        $config['encode_as_base64'] ?? true,
+                        $config['iterations'] ?? 1000,
+                        $config['key_length'] ?? 40,
                     ],
                 ];
 
@@ -205,8 +205,8 @@ private function getEncoderConfigFromAlgorithm(array $config): array
             'class' => MessageDigestPasswordEncoder::class,
             'arguments' => [
                 $config['algorithm'],
-                $config['encode_as_base64'],
-                $config['iterations'],
+                $config['encode_as_base64'] ?? true,
+                $config['iterations'] ?? 5000,
             ],
         ];
     }

Tests/Encoder/EncoderFactoryTest.php

@@ -162,6 +162,11 @@ public function testDefaultMigratingEncoders()
             (new EncoderFactory([SomeUser::class => ['class' => NativePasswordEncoder::class, 'arguments' => []]]))->getEncoder(SomeUser::class)
         );
 
+        $this->assertInstanceOf(
+            MigratingPasswordEncoder::class,
+            (new EncoderFactory([SomeUser::class => ['algorithm' => 'bcrypt', 'cost' => 11]]))->getEncoder(SomeUser::class)
+        );
+
         if (!SodiumPasswordEncoder::isSupported()) {
             return;
         }