|
|
|
|
@ -16,12 +16,14 @@
@@ -16,12 +16,14 @@
|
|
|
|
|
|
|
|
|
|
package org.springframework.security.crypto.bcrypt; |
|
|
|
|
|
|
|
|
|
import java.nio.charset.StandardCharsets; |
|
|
|
|
import java.security.SecureRandom; |
|
|
|
|
|
|
|
|
|
import org.junit.jupiter.api.Test; |
|
|
|
|
|
|
|
|
|
import static org.assertj.core.api.Assertions.assertThat; |
|
|
|
|
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; |
|
|
|
|
import static org.assertj.core.api.Assertions.assertThatNoException; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* @author Dave Syer |
|
|
|
|
@ -253,4 +255,23 @@ public class BCryptPasswordEncoderTests {
@@ -253,4 +255,23 @@ public class BCryptPasswordEncoderTests {
|
|
|
|
|
assertThat(encoder.matches(password73chars, encodedPassword73chars)).isTrue(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Fixes gh-18133 |
|
|
|
|
* @author StringManolo |
|
|
|
|
*/ |
|
|
|
|
@Test |
|
|
|
|
void passwordLargerThan72BytesShouldThrowIllegalArgumentException() { |
|
|
|
|
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); |
|
|
|
|
String singleByteChars = "a".repeat(68); |
|
|
|
|
String password72Bytes = singleByteChars + "😀"; |
|
|
|
|
assertThat(password72Bytes.length()).isEqualTo(70); |
|
|
|
|
assertThat(password72Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(72); |
|
|
|
|
assertThatNoException().isThrownBy(() -> encoder.encode(password72Bytes)); |
|
|
|
|
String singleByteCharsTooLong = "a".repeat(69); |
|
|
|
|
String password73Bytes = singleByteCharsTooLong + "😀"; |
|
|
|
|
assertThat(password73Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(73); |
|
|
|
|
assertThatIllegalArgumentException().isThrownBy(() -> encoder.encode(password73Bytes)) |
|
|
|
|
.withMessageContaining("password cannot be more than 72 bytes"); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
Josh Cummings
1 month ago