Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-26 09:24:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

DelegatingPasswordEncoder handles null encodedPassword

Browse Source 
Fixes: gh-4872
This commit is contained in:
Rob Winch 2017-11-27 10:51:30 -06:00
parent e377dcf81b
commit f558b5016c
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
View File

@ -200,6 +200,9 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
}
private String extractId(String prefixEncodedPassword) {
if (prefixEncodedPassword == null) {
return null;
}
int start = prefixEncodedPassword.indexOf(PREFIX);
if(start != 0) {
return null;

5
crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
View File

@ -177,4 +177,9 @@ public class DelegatingPasswordEncoderTests {
verify(this.invalidId).matches(this.rawPassword, this.encodedPassword);
verifyZeroInteractions(this.bcrypt, this.noop);
}
@Test(expected = IllegalStateException.class)
public void matchesWhenRawPasswordNotNullAndEncodedPasswordNullThenThrowsIllegalStateException() {
this.passwordEncoder.matches(this.rawPassword, null);
}
}