Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add PasswordEncoder.upgradeEncoding

Browse Source 
Issue: gh-2778
This commit is contained in:
Rob Winch
2018-07-13 21:12:13 -05:00
parent 9cef054db7
commit 02b857d82a
5 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
+6
View File
@@ -216,6 +216,12 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
return prefixEncodedPassword.substring(start + 1, end);
}
@Override
public boolean upgradeEncoding(String encodedPassword) {
String id = extractId(encodedPassword);
return !this.idForEncode.equalsIgnoreCase(id);
}
private String extractEncodedPassword(String prefixEncodedPassword) {
int start = prefixEncodedPassword.indexOf(SUFFIX);
return prefixEncodedPassword.substring(start + 1);
crypto/src/main/java/org/springframework/security/crypto/password/PasswordEncoder.java
+10
View File
@@ -42,4 +42,14 @@ public interface PasswordEncoder {
*/
boolean matches(CharSequence rawPassword, String encodedPassword);
/**
* Returns true if the encoded password should be encoded again for better security,
* else false. The default implementation always returns false.
* @param encodedPassword the encoded password to check
* @return true if the encoded password should be encoded again for better security,
* else false.
*/
default boolean upgradeEncoding(String encodedPassword) {
return false;
}
}
crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
+25
View File
@@ -198,4 +198,29 @@ public class DelegatingPasswordEncoderTests {
public void matchesWhenRawPasswordNotNullAndEncodedPasswordNullThenThrowsIllegalArgumentException() {
this.passwordEncoder.matches(this.rawPassword, null);
}
@Test
public void upgradeEncodingWhenEncodedPasswordNullThenTrue() {
assertThat(this.passwordEncoder.upgradeEncoding(null)).isTrue();
}
@Test
public void upgradeEncodingWhenNullIdThenTrue() {
assertThat(this.passwordEncoder.upgradeEncoding(this.encodedPassword)).isTrue();
}
@Test
public void upgradeEncodingWhenIdInvalidFormatThenTrue() {
assertThat(this.passwordEncoder.upgradeEncoding("{bcrypt"+ this.encodedPassword)).isTrue();
}
@Test
public void upgradeEncodingWhenSameIdThenFalse() {
assertThat(this.passwordEncoder.upgradeEncoding(this.bcryptEncodedPassword)).isFalse();
}
@Test
public void upgradeEncodingWhenDifferentIdThenTrue() {
assertThat(this.passwordEncoder.upgradeEncoding(this.noopEncodedPassword)).isTrue();
}
}