Fix password encoder injection

loolzaaa · loolzaaa · commit 4806b2bb2f9f · 2022-10-04T09:53:18.000+05:00
diff --git a/src/main/java/ru/loolzaaa/authserver/config/security/BasicSecurityConfig.java b/src/main/java/ru/loolzaaa/authserver/config/security/BasicSecurityConfig.java
@@ -30,9 +30,12 @@ public class BasicSecurityConfig {
 
     private final BasicUsersProperties basicUsersProperties;
 
+    @Qualifier("basicPasswordEncoder")
+    private final PasswordEncoder passwordEncoder;
+
     @Bean
     @Qualifier("basicUserDetailsService")
-    public InMemoryUserDetailsManager inMemoryUserDetailsManager(PasswordEncoder passwordEncoder) {
+    public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
         if (basicUsersProperties.getUsers().isEmpty()) {
             log.warn("\n\n\tThere is no basic users in properties. Some API unavailable!\n");
         }
@@ -56,11 +59,11 @@ public InMemoryUserDetailsManager inMemoryUserDetailsManager(PasswordEncoder pas
 
     @Order(1)
     @Bean
-    public SecurityFilterChain basicFilterChain(HttpSecurity http, PasswordEncoder passwordEncoder) throws Exception {
+    public SecurityFilterChain basicFilterChain(HttpSecurity http) throws Exception {
         final String basicMvcMatcherPattern = "/api/fast/**";
         final String basicPrepareLogoutMatcherPattern = "/api/fast/prepare_logout";
         http
-                .userDetailsService(inMemoryUserDetailsManager(passwordEncoder))
+                .userDetailsService(inMemoryUserDetailsManager())
                 .antMatcher(basicMvcMatcherPattern)
                 .csrf().disable()
                 .sessionManagement(session -> session
diff --git a/src/main/java/ru/loolzaaa/authserver/config/security/SecurityConfig.java b/src/main/java/ru/loolzaaa/authserver/config/security/SecurityConfig.java
@@ -44,7 +44,6 @@ PasswordEncoder jwtPasswordEncoder() {
         return new CustomPBKDF2PasswordEncoder();
     }
 
-    @Profile("!noop")
     @Primary
     @Qualifier("basicPasswordEncoder")
     @Bean
@@ -53,6 +52,7 @@ PasswordEncoder basicPasswordEncoder() {
     }
 
     @Profile("noop")
+    @Qualifier("jwtPasswordEncoder")
     @Bean
     PasswordEncoder noopPasswordEncoder() {
         return new NoopCustomPasswordEncoder();

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,6 @@ PasswordEncoder jwtPasswordEncoder() {`
`44`	`44`	`return new CustomPBKDF2PasswordEncoder();`
`45`	`45`	`}`
`46`	`46`
`47`		`- @Profile("!noop")`
`48`	`47`	`@Primary`
`49`	`48`	`@Qualifier("basicPasswordEncoder")`
`50`	`49`	`@Bean`
`@@ -53,6 +52,7 @@ PasswordEncoder basicPasswordEncoder() {`
`53`	`52`	`}`
`54`	`53`
`55`	`54`	`@Profile("noop")`
	`55`	`+ @Qualifier("jwtPasswordEncoder")`
`56`	`56`	`@Bean`
`57`	`57`	`PasswordEncoder noopPasswordEncoder() {`
`58`	`58`	`return new NoopCustomPasswordEncoder();`