diff --git a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java index e8fe0d8dd8..23d4f1e6ff 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java @@ -16,6 +16,7 @@ package org.springframework.security.crypto.bcrypt; +import java.nio.charset.StandardCharsets; import java.security.SecureRandom; import org.junit.jupiter.api.BeforeEach; @@ -25,6 +26,7 @@ import org.springframework.security.crypto.password.AbstractPasswordEncoderValid import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; +import static org.assertj.core.api.Assertions.assertThatNoException; /** * @author Dave Syer @@ -236,4 +238,23 @@ public class BCryptPasswordEncoderTests extends AbstractPasswordEncoderValidatio assertThat(getEncoder().matches(password73chars, encodedPassword73chars)).isTrue(); } + /** + * Fixes gh-18133 + * @author StringManolo + */ + @Test + void passwordLargerThan72BytesShouldThrowIllegalArgumentException() { + BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); + String singleByteChars = "a".repeat(68); + String password72Bytes = singleByteChars + "😀"; + assertThat(password72Bytes.length()).isEqualTo(70); + assertThat(password72Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(72); + assertThatNoException().isThrownBy(() -> encoder.encode(password72Bytes)); + String singleByteCharsTooLong = "a".repeat(69); + String password73Bytes = singleByteCharsTooLong + "😀"; + assertThat(password73Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(73); + assertThatIllegalArgumentException().isThrownBy(() -> encoder.encode(password73Bytes)) + .withMessageContaining("password cannot be more than 72 bytes"); + } + }