Merge branch '6.5.x'

crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java

@@ -16,6 +16,7 @@
 
 package org.springframework.security.crypto.bcrypt;
 
+import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 
 import org.junit.jupiter.api.BeforeEach;
@@ -25,6 +26,7 @@ import org.springframework.security.crypto.password.AbstractPasswordEncoderValid
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.assertj.core.api.Assertions.assertThatNoException;
 
 /**
  * @author Dave Syer
@@ -236,4 +238,23 @@ public class BCryptPasswordEncoderTests extends AbstractPasswordEncoderValidatio
 		assertThat(getEncoder().matches(password73chars, encodedPassword73chars)).isTrue();
 	}
 
+	/**
+	 * Fixes gh-18133
+	 * @author StringManolo
+	 */
+	@Test
+	void passwordLargerThan72BytesShouldThrowIllegalArgumentException() {
+		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+		String singleByteChars = "a".repeat(68);
+		String password72Bytes = singleByteChars + "😀";
+		assertThat(password72Bytes.length()).isEqualTo(70);
+		assertThat(password72Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(72);
+		assertThatNoException().isThrownBy(() -> encoder.encode(password72Bytes));
+		String singleByteCharsTooLong = "a".repeat(69);
+		String password73Bytes = singleByteCharsTooLong + "😀";
+		assertThat(password73Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(73);
+		assertThatIllegalArgumentException().isThrownBy(() -> encoder.encode(password73Bytes))
+			.withMessageContaining("password cannot be more than 72 bytes");
+	}
+
 }