Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add PasswordEncoder.upgradeEncoding

Browse Source 
Issue: gh-2778
This commit is contained in:
Rob Winch 2018-07-13 21:12:13 -05:00
parent 9cef054db7
commit 02b857d82a
5 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
View File

@ -289,6 +289,11 @@ public class AuthenticationConfiguration {
return getPasswordEncoder().matches(rawPassword, encodedPassword);
}
@Override
public boolean upgradeEncoding(String encodedPassword) {
return getPasswordEncoder().upgradeEncoding(encodedPassword);
}
private PasswordEncoder getPasswordEncoder() {
if (this.passwordEncoder != null) {
return this.passwordEncoder;

5
config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
View File

@ -593,6 +593,11 @@ public abstract class WebSecurityConfigurerAdapter implements
return getPasswordEncoder().matches(rawPassword, encodedPassword);
}
@Override
public boolean upgradeEncoding(String encodedPassword) {
return getPasswordEncoder().upgradeEncoding(encodedPassword);
}
private PasswordEncoder getPasswordEncoder() {
if (this.passwordEncoder != null) {
return this.passwordEncoder;

6
crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
View File

@ -216,6 +216,12 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
return prefixEncodedPassword.substring(start + 1, end);
}
@Override
public boolean upgradeEncoding(String encodedPassword) {
String id = extractId(encodedPassword);
return !this.idForEncode.equalsIgnoreCase(id);
}
private String extractEncodedPassword(String prefixEncodedPassword) {
int start = prefixEncodedPassword.indexOf(SUFFIX);
return prefixEncodedPassword.substring(start + 1);

10
crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java
View File

@ -42,4 +42,14 @@ public interface PasswordEncoder {
*/
boolean matches(CharSequence rawPassword, String encodedPassword);
/**
* Returns true if the encoded password should be encoded again for better security,
* else false. The default implementation always returns false.
* @param encodedPassword the encoded password to check
* @return true if the encoded password should be encoded again for better security,
* else false.
*/
default boolean upgradeEncoding(String encodedPassword) {
return false;
}
}

25
crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
View File

@ -198,4 +198,29 @@ public class DelegatingPasswordEncoderTests {
public void matchesWhenRawPasswordNotNullAndEncodedPasswordNullThenThrowsIllegalArgumentException() {
this.passwordEncoder.matches(this.rawPassword, null);
}
@Test
public void upgradeEncodingWhenEncodedPasswordNullThenTrue() {
assertThat(this.passwordEncoder.upgradeEncoding(null)).isTrue();
}
@Test
public void upgradeEncodingWhenNullIdThenTrue() {
assertThat(this.passwordEncoder.upgradeEncoding(this.encodedPassword)).isTrue();
}
@Test
public void upgradeEncodingWhenIdInvalidFormatThenTrue() {
assertThat(this.passwordEncoder.upgradeEncoding("{bcrypt"+ this.encodedPassword)).isTrue();
}
@Test
public void upgradeEncodingWhenSameIdThenFalse() {
assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isFalse();
}
@Test
public void upgradeEncodingWhenDifferentIdThenTrue() {
assertThat(this.passwordEncoder.upgradeEncoding(this.noopEncodedPassword)).isTrue();
}
}