Add passwordEncoder to UserBuilder

Fixes gh-4677
2017-10-20 13:56:03 -05:00 · 2017-10-20 13:56:03 -05:00 · a0fb324e1d
parent b66ea9ab94
commit a0fb324e1d
2 changed files with 51 additions and 1 deletions
--- a/core/src/main/java/org/springframework/security/core/userdetails/User.java
+++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java
@ -26,6 +26,7 @@ import java.util.List;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
+import java.util.function.Function;

 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.CredentialsContainer;
@ -285,6 +286,7 @@ public class User implements UserDetails, CredentialsContainer {
 		private boolean accountLocked;
 		private boolean credentialsExpired;
 		private boolean disabled;
+		private Function<String,String> passwordEncoder = password -> password;

 		/**
 		 * Creates a new instance
@ -314,10 +316,25 @@ public class User implements UserDetails, CredentialsContainer {
 		 */
 		public UserBuilder password(String password) {
 			Assert.notNull(password, "password cannot be null");
-			this.password = password;
+			String encodedPassword = this.passwordEncoder.apply(password);
+			this.password = encodedPassword;
 			return this;
 		}

+		/**
+		 * Encodes the current password (if non-null) and any future passwords supplied
+		 * to {@link #password(String)}.
+		 *
+		 * @param encoder the encoder to use
+		 * @return the {@link UserBuilder} for method chaining (i.e. to populate
+		 * additional attributes for this user)
+		 */
+		public UserBuilder passwordEncoder(Function<String,String> encoder) {
+			Assert.notNull(encoder, "encoder cannot be null");
+			this.passwordEncoder = encoder;
+			return this.password == null ? this : password(this.password);
+		}
+
 		/**
 		 * Populates the roles. This method is a shortcut for calling
 		 * {@link #authorities(String...)}, but automatically prefixes each entry with
--- a/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
+++ b/core/src/test/java/org/springframework/security/core/userdetails/UserTests.java
@ -177,4 +177,37 @@ public class UserTests {
 		assertThat(actual.isCredentialsNonExpired()).isEqualTo(expected.isCredentialsNonExpired());
 		assertThat(actual.isEnabled()).isEqualTo(expected.isEnabled());
 	}
+
+	@Test
+	public void withUserWhenDetailsPasswordEncoderThenEncodes() {
+		UserDetails userDetails = User.withUsername("user").password("password").roles("USER").build();
+
+		UserDetails withEncodedPassword = User.withUserDetails(userDetails)
+			.passwordEncoder(p -> p + "encoded")
+			.build();
+
+		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
+	}
+
+	@Test
+	public void withUsernameWhenPasswordEncoderAndPasswordThenEncodes() {
+		UserDetails withEncodedPassword = User.withUsername("user")
+			.password("password")
+			.passwordEncoder(p -> p + "encoded")
+			.roles("USER")
+			.build();
+
+		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
+	}
+
+	@Test
+	public void withUsernameWhenPasswordAndPasswordEncoderThenEncodes() {
+		UserDetails withEncodedPassword = User.withUsername("user")
+			.passwordEncoder(p -> p + "encoded")
+			.password("password")
+			.roles("USER")
+			.build();
+
+		assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded");
+	}
 }