diff --git a/src/main/java/run/halo/app/core/extension/service/UserServiceImpl.java b/src/main/java/run/halo/app/core/extension/service/UserServiceImpl.java index f039daa68d..45c05d4014 100644 --- a/src/main/java/run/halo/app/core/extension/service/UserServiceImpl.java +++ b/src/main/java/run/halo/app/core/extension/service/UserServiceImpl.java @@ -5,6 +5,7 @@ import java.util.Objects; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; +import org.springframework.util.StringUtils; import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; import run.halo.app.core.extension.Role; @@ -42,7 +43,14 @@ public Mono updatePassword(String username, String newPassword) { @Override public Mono updateWithRawPassword(String username, String rawPassword) { return getUser(username) - .filter(user -> !passwordEncoder.matches(rawPassword, user.getSpec().getPassword())) + .filter(user -> { + if (!StringUtils.hasText(user.getSpec().getPassword())) { + // Check if the old password is set before, or the passwordEncoder#matches + // will complain an error due to null password. + return true; + } + return !passwordEncoder.matches(rawPassword, user.getSpec().getPassword()); + }) .flatMap(user -> { user.getSpec().setPassword(passwordEncoder.encode(rawPassword)); return client.update(user); diff --git a/src/test/java/run/halo/app/core/extension/service/UserServiceImplTest.java b/src/test/java/run/halo/app/core/extension/service/UserServiceImplTest.java index c7431363a6..3433967ff0 100644 --- a/src/test/java/run/halo/app/core/extension/service/UserServiceImplTest.java +++ b/src/test/java/run/halo/app/core/extension/service/UserServiceImplTest.java @@ -229,19 +229,18 @@ void shouldUpdatePasswordWithDifferentPassword() { @Test void shouldUpdatePasswordIfNoPasswordBefore() { - var oldUser = createUser(""); + var oldUser = createUser(null); var newUser = createUser("new-password"); when(client.get(User.class, "fake-user")).thenReturn(Mono.just(oldUser)); when(client.update(oldUser)).thenReturn(Mono.just(newUser)); - when(passwordEncoder.matches("new-password", "")).thenReturn(false); when(passwordEncoder.encode("new-password")).thenReturn("encoded-new-password"); StepVerifier.create(userService.updateWithRawPassword("fake-user", "new-password")) .expectNext(newUser) .verifyComplete(); - verify(passwordEncoder).matches("new-password", ""); + verify(passwordEncoder, never()).matches("new-password", null); verify(passwordEncoder).encode("new-password"); verify(client).update(argThat(extension -> { var user = (User) extension;