From f558b5016cb061b27c6fa0985626e653624a9f9c Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Mon, 27 Nov 2017 10:51:30 -0600 Subject: [PATCH] DelegatingPasswordEncoder handles null encodedPassword Fixes: gh-4872 --- .../security/crypto/password/DelegatingPasswordEncoder.java | 3 +++ .../crypto/password/DelegatingPasswordEncoderTests.java | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java index 256d18f2ae..b805029cb0 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java +++ b/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java @@ -200,6 +200,9 @@ public class DelegatingPasswordEncoder implements PasswordEncoder { } private String extractId(String prefixEncodedPassword) { + if (prefixEncodedPassword == null) { + return null; + } int start = prefixEncodedPassword.indexOf(PREFIX); if(start != 0) { return null; diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java index db8a8b4e82..9b44c02c73 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java @@ -177,4 +177,9 @@ public class DelegatingPasswordEncoderTests { verify(this.invalidId).matches(this.rawPassword, this.encodedPassword); verifyZeroInteractions(this.bcrypt, this.noop); } + + @Test(expected = IllegalStateException.class) + public void matchesWhenRawPasswordNotNullAndEncodedPasswordNullThenThrowsIllegalStateException() { + this.passwordEncoder.matches(this.rawPassword, null); + } }