DelegatingPasswordEncoder handles null encodedPassword

Fixes: gh-4872
8 years ago · f558b5016c
2 changed files with 8 additions and 0 deletions
--- a/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java
@ -200,6 +200,9 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
				@@ -200,6 +200,9 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
 	}

 	private String extractId(String prefixEncodedPassword) {
+		if (prefixEncodedPassword == null) {
+			return null;
+		}
 		int start = prefixEncodedPassword.indexOf(PREFIX);
 		if(start != 0) {
 			return null;
--- a/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java
@ -177,4 +177,9 @@ public class DelegatingPasswordEncoderTests {
				@@ -177,4 +177,9 @@ public class DelegatingPasswordEncoderTests {
 		verify(this.invalidId).matches(this.rawPassword, this.encodedPassword);
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
+
+	@Test(expected = IllegalStateException.class)
+	public void matchesWhenRawPasswordNotNullAndEncodedPasswordNullThenThrowsIllegalStateException() {
+		this.passwordEncoder.matches(this.rawPassword, null);
+	}
 }