Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
github
/
spring-security
spogulis no https://github.com/spring-projects/spring-security
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

BCryptPasswordEncoder rawPassword cannot be null

Closes gh-8317
Alan Czajkowski 5 gadi atpakaļ
vecāks
39e09e4ca5
revīzija
4b2afdf825
2 mainītis faili ar 20 papildinājumiem un 0 dzēšanām
Apvienotais skats Rādīt salīdzināšanas statistiku
  1. 8 0
      crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
  2. 12 0
      crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java

+ 8 - 0
crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
Parādīt failu 

@@ -99,6 +99,10 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 
 	}
 
 	}
 
 
 
 	public String encode(CharSequence rawPassword) {
 
 	public String encode(CharSequence rawPassword) {
 
+		if (rawPassword == null) {
 
+			throw new IllegalArgumentException("rawPassword cannot be null");
 
+		}
 
+
 
 		String salt;
 
 		String salt;
 
 		if (random != null) {
 
 		if (random != null) {
 
 			salt = BCrypt.gensalt(version.getVersion(), strength, random);
 
 			salt = BCrypt.gensalt(version.getVersion(), strength, random);
 
@@ -109,6 +113,10 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 
 	}
 
 	}
 
 
 
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 
 	public boolean matches(CharSequence rawPassword, String encodedPassword) {
 
+		if (rawPassword == null) {
 
+			throw new IllegalArgumentException("rawPassword cannot be null");
 
+		}
 
+
 
 		if (encodedPassword == null || encodedPassword.length() == 0) {
 
 		if (encodedPassword == null || encodedPassword.length() == 0) {
 
 			logger.warn("Empty encoded password");
 
 			logger.warn("Empty encoded password");
 
 			return false;
 
 			return false;

+ 12 - 0
crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java
Parādīt failu 

@@ -200,4 +200,16 @@ public class BCryptPasswordEncoderTests {
 
 		encoder.upgradeEncoding("not-a-bcrypt-password");
 
 		encoder.upgradeEncoding("not-a-bcrypt-password");
 
 	}
 
 	}
 
 
 
+	@Test(expected = IllegalArgumentException.class)
 
+	public void encodeNullRawPassword() {
 
+		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
 
+		encoder.encode(null);
 
+	}
 
+
 
+	@Test(expected = IllegalArgumentException.class)
 
+	public void matchNullRawPassword() {
 
+		BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
 
+		encoder.matches(null, "does-not-matter");
 
+	}
 
+
 
 }
 
 }