From 898d005a53de8ad421d1d705516f5f5000235036 Mon Sep 17 00:00:00 2001
From: dperezcabrera <dperezcabrera@gmail.com>
Date: Fri, 9 Nov 2018 18:10:59 +0100
Subject: [PATCH] InMemoryUserDetailsManager.updatePassword case-insenstive

Previously updatePassword was case sensitive which was
inconsistent with the rest of the class.

This commit updates updatePassword to be case insensitive.

Fixes: gh-6039
---
 .../provisioning/InMemoryUserDetailsManager.java     |  2 +-
 .../InMemoryUserDetailsManagerTests.java             | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
index 55c462cde4..7367bc9c02 100644
--- a/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
+++ b/core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
@@ -143,7 +143,7 @@ public class InMemoryUserDetailsManager implements UserDetailsManager,
 	@Override
 	public UserDetails updatePassword(UserDetails user, String newPassword) {
 		String username = user.getUsername();
-		MutableUserDetails mutableUser = this.users.get(username);
+		MutableUserDetails mutableUser = this.users.get(username.toLowerCase());
 		mutableUser.setPassword(newPassword);
 		return mutableUser;
 	}
diff --git a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
index 9f58cc5385..41f0560ea0 100644
--- a/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
+++ b/core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
@@ -18,6 +18,7 @@ package org.springframework.security.provisioning;
 
 import org.junit.Test;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import static org.assertj.core.api.Assertions.*;
@@ -37,4 +38,15 @@ public class InMemoryUserDetailsManagerTests {
 		this.manager.updatePassword(this.user, newPassword);
 		assertThat(this.manager.loadUserByUsername(this.user.getUsername()).getPassword()).isEqualTo(newPassword);
 	}
+
+	@Test
+	public void changePasswordWhenUsernameIsNotInLowercase() {
+		UserDetails userNotLowerCase = User.withUserDetails(PasswordEncodedUser.user())
+				.username("User")
+				.build();
+
+		String newPassword = "newPassword";
+		this.manager.updatePassword(userNotLowerCase, newPassword);
+		assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword()).isEqualTo(newPassword);
+	}
 }