Symfony version(s) affected

7.2.*

Description

Custom Password Strength Estimator not working when following the official guide, section Customizing the Password Strength Estimation:
https://symfony.com/doc/current/reference/constraints/PasswordStrength.html#customizing-the-password-strength-estimation

Results in error:

"Notice: Object of class App\\Validator\\CustomPasswordStrengthEstimator could not be converted to int"

In Symfony's Symfony\Component\Validator\Constraints\PasswordStrengthValidator in validate method the $strength variable should be of type integer, but instead it is the custom password strength estimator class object:

The __invoke method of the custom password strength estimator class not gets triggered:

How to reproduce

Create custom password strength estimator following the official guide, section Customizing the Password Strength Estimation:
https://symfony.com/doc/current/reference/constraints/PasswordStrength.html#customizing-the-password-strength-estimation

Assert the PasswordStrength constraint on User entity's password field:

Create a form type for password creation on User entity:

Try to submit a password through the form. The follow error will be returned:

"Notice: Object of class App\\Validator\\CustomPasswordStrengthEstimator could not be converted to int"

Possible Solution

It seems like on line 43 the custom password strength estimator class is instantiated, but then the object is not invoked, so the __invoke method of the customer estimator never gets triggered, thus not returning an integer, but it is the custom estimator class object itself inside $strength variable:

The proposed fix could be like this inside Symfony\Component\Validator\Constraints\PasswordStrengthValidator validate method:

Tested and is working as expected.

Additional Context

Using PHP 8.3.