Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-15 16:42:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

BCryptPasswordEncoder rawPassword cannot be null

Browse Source 
Closes gh-8317
This commit is contained in:
Alan Czajkowski 2020-04-04 12:46:11 -04:00 committed by Rob Winch
parent 2d71297b7e
commit d1909ec9c8
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
View File

@ -99,6 +99,10 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
} }
public String encode(CharSequence rawPassword) { public String encode(CharSequence rawPassword) {
if (rawPassword == null) {
throw new IllegalArgumentException("rawPassword cannot be null");
}
String salt; String salt;
if (random != null) { if (random != null) {
salt = BCrypt.gensalt(version.getVersion(), strength, random); salt = BCrypt.gensalt(version.getVersion(), strength, random);
@ -109,6 +113,10 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
} }
public boolean matches(CharSequence rawPassword, String encodedPassword) { public boolean matches(CharSequence rawPassword, String encodedPassword) {
if (rawPassword == null) {
throw new IllegalArgumentException("rawPassword cannot be null");
}
if (encodedPassword == null || encodedPassword.length() == 0) { if (encodedPassword == null || encodedPassword.length() == 0) {
logger.warn("Empty encoded password"); logger.warn("Empty encoded password");
return false; return false;

12
crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
View File

@ -200,4 +200,16 @@ public class BCryptPasswordEncoderTests {
encoder.upgradeEncoding("not-a-bcrypt-password"); encoder.upgradeEncoding("not-a-bcrypt-password");
} }
@Test(expected = IllegalArgumentException.class)
public void encodeNullRawPassword() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
encoder.encode(null);
}
@Test(expected = IllegalArgumentException.class)
public void matchNullRawPassword() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
encoder.matches(null, "does-not-matter");
}
} }