Merge tag 'v11.28.1'

Signed-off-by: Mior Muhammad Zaki <crynobone@gmail.com>

Access/Gate.php

@@ -2,7 +2,6 @@
 
 namespace Illuminate\Auth\Access;
 
-use BackedEnum;
 use Closure;
 use Exception;
 use Illuminate\Auth\Access\Events\GateEvaluated;
@@ -16,6 +15,8 @@
 use ReflectionClass;
 use ReflectionFunction;
 
+use function Illuminate\Support\enum_value;
+
 class Gate implements GateContract
 {
     use HandlesAuthorization;
@@ -200,7 +201,7 @@ protected function authorizeOnDemand($condition, $message, $code, $allowWhenResp
      */
     public function define($ability, $callback)
     {
-        $ability = $ability instanceof BackedEnum ? $ability->value : $ability;
+        $ability = enum_value($ability);
 
         if (is_array($callback) && isset($callback[0]) && is_string($callback[0])) {
             $callback = $callback[0].'@'.$callback[1];
@@ -405,10 +406,8 @@ public function authorize($ability, $arguments = [])
      */
     public function inspect($ability, $arguments = [])
     {
-        $ability = $ability instanceof BackedEnum ? $ability->value : $ability;
-
         try {
-            $result = $this->raw($ability, $arguments);
+            $result = $this->raw(enum_value($ability), $arguments);
 
             if ($result instanceof Response) {
                 return $result;

DatabaseUserProvider.php

@@ -154,9 +154,15 @@ protected function getGenericUser($user)
      */
     public function validateCredentials(UserContract $user, #[\SensitiveParameter] array $credentials)
     {
-        return $this->hasher->check(
-            $credentials['password'], $user->getAuthPassword()
-        );
+        if (is_null($plain = $credentials['password'])) {
+            return false;
+        }
+
+        if (is_null($hashed = $user->getAuthPassword())) {
+            return false;
+        }
+
+        return $this->hasher->check($plain, $hashed);
     }
 
     /**

EloquentUserProvider.php

@@ -152,7 +152,11 @@ public function validateCredentials(UserContract $user, #[\SensitiveParameter] a
             return false;
         }
 
-        return $this->hasher->check($plain, $user->getAuthPassword());
+        if (is_null($hashed = $user->getAuthPassword())) {
+            return false;
+        }
+
+        return $this->hasher->check($plain, $hashed);
     }
 
     /**

Middleware/Authorize.php

@@ -2,11 +2,12 @@
 
 namespace Illuminate\Auth\Middleware;
 
-use BackedEnum;
 use Closure;
 use Illuminate\Contracts\Auth\Access\Gate;
 use Illuminate\Database\Eloquent\Model;
 
+use function Illuminate\Support\enum_value;
+
 class Authorize
 {
     /**
@@ -36,9 +37,7 @@ public function __construct(Gate $gate)
      */
     public static function using($ability, ...$models)
     {
-        $ability = $ability instanceof BackedEnum ? $ability->value : $ability;
-
-        return static::class.':'.implode(',', [$ability, ...$models]);
+        return static::class.':'.implode(',', [enum_value($ability), ...$models]);
     }
 
     /**