diff --git a/phpstan-tests.neon b/phpstan-tests.neon
index 106428cb7c0c48672ba8c06da021b7a698d21deb..64e8c887853a551bfe64d7193d4c14c0200336b0 100644
--- a/phpstan-tests.neon
+++ b/phpstan-tests.neon
@@ -1,5 +1,5 @@
 parameters:
-    level: 6
+    level: 7
     paths:
         - tests/
     symfony:
diff --git a/phpstan.neon b/phpstan.neon
index e56bade66e2efbf69b74a594330d364d86ac2d24..a703b75b75873eaffccd5860461d71953fb62d94 100644
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -1,5 +1,5 @@
 parameters:
-    level: 6
+    level: 7
     paths:
         - src/
     symfony:
diff --git a/src/Controller/ResetPasswordController.php b/src/Controller/ResetPasswordController.php
index 4eb6d1425d7baa4f3702eaedec1a9e0d28ce67b4..4ea2ab3340dc48a7f1b927fece2ad85b0e664a9c 100644
--- a/src/Controller/ResetPasswordController.php
+++ b/src/Controller/ResetPasswordController.php
@@ -12,7 +12,6 @@ use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Mailer\MailerInterface;
-use Symfony\Component\Mime\Address;
 use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Routing\Annotation\Route;
 use SymfonyCasts\Bundle\ResetPassword\Controller\ResetPasswordControllerTrait;
@@ -102,6 +101,9 @@ class ResetPasswordController extends AbstractController
 
         try {
             $user = $this->resetPasswordHelper->validateTokenAndFetchUser($token);
+            if (! $user instanceof User) {
+                throw new \Exception("User should be an instance of UserPasswordHasherInterface");
+            }
         } catch (ResetPasswordExceptionInterface $e) {
             $this->addFlash('reset_password_error', sprintf(
                 'There was a problem validating your reset request - %s',
diff --git a/src/Repository/ResetPasswordRequestRepository.php b/src/Repository/ResetPasswordRequestRepository.php
index a8e7738c9cc6dc226927fe0230b91e862411f254..f0ecba68232515ec56e2a52fce142d2f478f447f 100644
--- a/src/Repository/ResetPasswordRequestRepository.php
+++ b/src/Repository/ResetPasswordRequestRepository.php
@@ -30,6 +30,7 @@ class ResetPasswordRequestRepository extends ServiceEntityRepository implements
         string $selector,
         string $hashedToken
     ): ResetPasswordRequestInterface {
+        /** @phpstan-ignore-next-line */
         return new ResetPasswordRequest($user, $expiresAt, $selector, $hashedToken);
     }
 }
diff --git a/src/Security/AppCustomAuthenticator.php b/src/Security/AppCustomAuthenticator.php
index 05d6c1b253b3d7e410871c958c11019a4297cd69..94b1da29d22340045c1dd4fecf08b131a24c9865 100644
--- a/src/Security/AppCustomAuthenticator.php
+++ b/src/Security/AppCustomAuthenticator.php
@@ -32,14 +32,15 @@ class AppCustomAuthenticator extends AbstractLoginFormAuthenticator
     public function authenticate(Request $request): PassportInterface
     {
         $email = $request->request->get('email', '');
+        $password = $request->request->get('password', '');
 
         $request->getSession()->set(Security::LAST_USERNAME, $email);
 
         return new Passport(
-            new UserBadge($email),
-            new PasswordCredentials($request->request->get('password', '')),
+            new UserBadge((string) $email),
+            new PasswordCredentials((string) $password),
             [
-                new CsrfTokenBadge('authenticate', $request->request->get('_csrf_token')),
+                new CsrfTokenBadge('authenticate', (string) $request->request->get('_csrf_token')),
             ]
         );
     }