Add Test to Confirm 72-byte BCrypt Password Limit
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled
Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled
Details
CI / Build (17, windows-latest) (push) Has been cancelled
Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled
Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled
Details
CI / Check Samples (push) Has been cancelled
Details
Deploy Docs / build (push) Has been cancelled
Details
CI / Deploy Artifacts (push) Has been cancelled
Details
CI / Deploy Docs (push) Has been cancelled
Details
CI / Deploy Schema (push) Has been cancelled
Details
CI / Perform Release (push) Has been cancelled
Details
CI / Send Notification (push) Has been cancelled
Details
CodeQL Advanced / codeql-analysis-call (push) Has been cancelled
Details
CI / Build (17, ubuntu-latest) (push) Has been cancelled
Details
CI / Build (17, windows-latest) (push) Has been cancelled
Details
CI / Test Against Snapshots (17, 17) (push) Has been cancelled
Details
CI / Test Against Snapshots (21-ea, 21) (push) Has been cancelled
Details
CI / Check Samples (push) Has been cancelled
Details
Deploy Docs / build (push) Has been cancelled
Details
CI / Deploy Artifacts (push) Has been cancelled
Details
CI / Deploy Docs (push) Has been cancelled
Details
CI / Deploy Schema (push) Has been cancelled
Details
CI / Perform Release (push) Has been cancelled
Details
CI / Send Notification (push) Has been cancelled
Details
Closes gh-18133
This commit is contained in:
Josh Cummings
parent
fed6df5167
commit
532d0bef14
|
|
@ -16,12 +16,14 @@
|
|||
|
||||
package org.springframework.security.crypto.bcrypt;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.assertj.core.api.Assertions.assertThatNoException;
|
||||
|
||||
/**
|
||||
* @author Dave Syer
|
||||
|
|
@ -253,4 +255,23 @@ public class BCryptPasswordEncoderTests {
|
|||
assertThat(encoder.matches(password73chars, encodedPassword73chars)).isTrue();
|
||||
}
|
||||
|
||||
/**
|
||||
* Fixes gh-18133
|
||||
* @author StringManolo
|
||||
*/
|
||||
@Test
|
||||
void passwordLargerThan72BytesShouldThrowIllegalArgumentException() {
|
||||
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
|
||||
String singleByteChars = "a".repeat(68);
|
||||
String password72Bytes = singleByteChars + "😀";
|
||||
assertThat(password72Bytes.length()).isEqualTo(70);
|
||||
assertThat(password72Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(72);
|
||||
assertThatNoException().isThrownBy(() -> encoder.encode(password72Bytes));
|
||||
String singleByteCharsTooLong = "a".repeat(69);
|
||||
String password73Bytes = singleByteCharsTooLong + "😀";
|
||||
assertThat(password73Bytes.getBytes(StandardCharsets.UTF_8).length).isEqualTo(73);
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> encoder.encode(password73Bytes))
|
||||
.withMessageContaining("password cannot be more than 72 bytes");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue