SEC-2122: Fix broken integration tests.

Modified BCryptPasswordEncoder to no longer throw an IllegalArgumentException when the encoded password is empty or the incorrect format for bcrypt. Instead it now logs a warning that non bcrypt data was found. The Dms integration tests were failing after being changed to use bcrypt and this fixes the issue.
2013-05-21 23:13:08 +01:00 · 2013-05-21 23:13:08 +01:00 · 743960d2d8
parent d8727638ab
commit 743960d2d8
2 changed files with 13 additions and 15 deletions
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@ -17,6 +17,8 @@ package org.springframework.security.crypto.bcrypt;

 import java.security.SecureRandom;
 import java.util.regex.Pattern;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;

 import org.springframework.security.crypto.password.PasswordEncoder;

@ -30,6 +32,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 */
 public class BCryptPasswordEncoder implements PasswordEncoder {
    private Pattern BCRYPT_PATTERN = Pattern.compile("\\A\\$2a?\\$\\d\\d\\$[./0-9A-Za-z]{53}");
+    private final Log logger = LogFactory.getLog(getClass());

    private final int strength;

@ -74,11 +77,13 @@ public class BCryptPasswordEncoder implements PasswordEncoder {

    public boolean matches(CharSequence rawPassword, String encodedPassword) {
        if (encodedPassword == null || encodedPassword.length() == 0) {
-            throw new IllegalArgumentException("Encoded password cannot be null or empty");
+            logger.warn("Empty encoded password");
+            return false;
        }

        if (!BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
-            throw new IllegalArgumentException("Encoded password does not look like BCrypt");
+            logger.warn("Encoded password does not look like BCrypt");
+            return false;
        }

        return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
--- a/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
@ -66,27 +66,20 @@ public class BCryptPasswordEncoderTests {
        assertTrue(encoder.matches("password", result));
    }

-    @Test(expected = IllegalArgumentException.class)
-    public void barfsOnNullEncodedValue() {
+    @Test
+    public void doesntMatchNullEncodedValue() {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        assertFalse(encoder.matches("password", null));
    }

-    @Test(expected = IllegalArgumentException.class)
-    public void barfsOnEmptyEncodedValue() {
+    @Test
+    public void doesntMatchEmptyEncodedValue() {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        assertFalse(encoder.matches("password", ""));
    }

-    @Test(expected = IllegalArgumentException.class)
-    public void barfsOnShortEncodedValue() {
-        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
-        String result = encoder.encode("password");
-        assertFalse(encoder.matches("password", result.substring(0, 4)));
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void barfsOnBogusEncodedValue() {
+    @Test
+    public void doesntMatchBogusEncodedValue() {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        assertFalse(encoder.matches("password", "012345678901234567890123456789"));
    }