Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

InMemoryUserDetailsManager.updatePassword case-insenstive 

Previously updatePassword was case sensitive which was
inconsistent with the rest of the class.

This commit updates updatePassword to be case insensitive.

Fixes: gh-6039
This commit is contained in:
dperezcabrera 2018-11-09 18:10:59 +01:00 committed by Rob Winch
parent 3a6582d2a6
commit 898d005a53
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java
View File

@ -143,7 +143,7 @@ public class InMemoryUserDetailsManager implements UserDetailsManager,
@Override @Override
public UserDetails updatePassword(UserDetails user, String newPassword) { public UserDetails updatePassword(UserDetails user, String newPassword) {
String username = user.getUsername(); String username = user.getUsername();
MutableUserDetails mutableUser = this.users.get(username); MutableUserDetails mutableUser = this.users.get(username.toLowerCase());
mutableUser.setPassword(newPassword); mutableUser.setPassword(newPassword);
return mutableUser; return mutableUser;
} }

12
core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java
View File

@ -18,6 +18,7 @@ package org.springframework.security.provisioning;
import org.junit.Test; import org.junit.Test;
import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.core.userdetails.PasswordEncodedUser;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import static org.assertj.core.api.Assertions.*; import static org.assertj.core.api.Assertions.*;
@ -37,4 +38,15 @@ public class InMemoryUserDetailsManagerTests {
this.manager.updatePassword(this.user, newPassword); this.manager.updatePassword(this.user, newPassword);
assertThat(this.manager.loadUserByUsername(this.user.getUsername()).getPassword()).isEqualTo(newPassword); assertThat(this.manager.loadUserByUsername(this.user.getUsername()).getPassword()).isEqualTo(newPassword);
} }
@Test
public void changePasswordWhenUsernameIsNotInLowercase() {
UserDetails userNotLowerCase = User.withUserDetails(PasswordEncodedUser.user())
.username("User")
.build();
String newPassword = "newPassword";
this.manager.updatePassword(userNotLowerCase, newPassword);
assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword()).isEqualTo(newPassword);
}
} }