Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Polish userNotFoundEncodedPassword 

Ensure that if passwordEncoder is set that userNotFoundEncodedPassword
is encoded again if already set.

Issue: gh-4915
This commit is contained in:
Rob Winch 2018-01-24 10:42:09 -06:00
parent fd78d055aa
commit 6ba225b62d
2 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
View File

@ -149,6 +149,7 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
Assert.notNull(passwordEncoder, "passwordEncoder cannot be null");
this.passwordEncoder = passwordEncoder;
this.userNotFoundEncodedPassword = null;
}
protected PasswordEncoder getPasswordEncoder() {

30
core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java
View File

@ -50,6 +50,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache;
import org.springframework.security.core.userdetails.cache.NullUserCache;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@ -280,6 +281,35 @@ public class DaoAuthenticationProviderTests {
}
}
@Test
public void testAuthenticateFailsWithInvalidUsernameAndChangePasswordEncoder() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
"INVALID_USER", "koala");
DaoAuthenticationProvider provider = createProvider();
assertThat(provider.isHideUserNotFoundExceptions()).isTrue();
provider.setUserDetailsService(new MockAuthenticationDaoUserrod());
provider.setUserCache(new MockUserCache());
try {
provider.authenticate(token);
fail("Should have thrown BadCredentialsException");
}
catch (BadCredentialsException expected) {
}
provider.setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
try {
provider.authenticate(token);
fail("Should have thrown BadCredentialsException");
}
catch (BadCredentialsException expected) {
}
}
@Test
public void testAuthenticateFailsWithMixedCaseUsernameIfDefaultChanged() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(