Skip to content

Commit

Permalink
BCryptPasswordEncoder rawPassword cannot be null
Browse files Browse the repository at this point in the history
Closes gh-8317
  • Loading branch information
alan-czajkowski authored and rwinch committed Apr 7, 2020
1 parent 39e09e4 commit 4b2afdf
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,10 @@ public BCryptPasswordEncoder(BCryptVersion version, int strength, SecureRandom r
}

public String encode(CharSequence rawPassword) {
if (rawPassword == null) {
throw new IllegalArgumentException("rawPassword cannot be null");
}

String salt;
if (random != null) {
salt = BCrypt.gensalt(version.getVersion(), strength, random);
Expand All @@ -109,6 +113,10 @@ public String encode(CharSequence rawPassword) {
}

public boolean matches(CharSequence rawPassword, String encodedPassword) {
if (rawPassword == null) {
throw new IllegalArgumentException("rawPassword cannot be null");
}

if (encodedPassword == null || encodedPassword.length() == 0) {
logger.warn("Empty encoded password");
return false;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -200,4 +200,16 @@ public void upgradeFromNonBCrypt() {
encoder.upgradeEncoding("not-a-bcrypt-password");
}

@Test(expected = IllegalArgumentException.class)
public void encodeNullRawPassword() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
encoder.encode(null);
}

@Test(expected = IllegalArgumentException.class)
public void matchNullRawPassword() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
encoder.matches(null, "does-not-matter");
}

}

0 comments on commit 4b2afdf

Please sign in to comment.