Describe the bug
InMemoryUserDetailsManager.changePassword(...) cannot change the password of a user whose username contains uppercase letters.
The manager keys its internal user map on the lower-cased username in every other method (createUser, updateUser, deleteUser, userExists, loadUserByUsername, updatePassword), but changePassword(...) looks the current user up with the raw Authentication.getName().
To Reproduce
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(
User.withUsername("User").password("{noop}password").roles("USER").build());
// authenticate as "User" (e.g. place a UsernamePasswordAuthenticationToken("User", ...) in the SecurityContext)
manager.changePassword("password", "newPassword");
// throws IllegalStateException: Current user doesn't exist in database.The user is stored under the key "user", but changePassword calls users.get("User"), which returns null.
Expected behavior
The password is changed, consistent with every other method on the manager, which treat the username case-insensitively.
I will submit a PR with a regression test.
Describe the bug
InMemoryUserDetailsManager.changePassword(...)cannot change the password of a user whose username contains uppercase letters.The manager keys its internal user map on the lower-cased username in every other method (
createUser,updateUser,deleteUser,userExists,loadUserByUsername,updatePassword), butchangePassword(...)looks the current user up with the rawAuthentication.getName().To Reproduce
The user is stored under the key
"user", butchangePasswordcallsusers.get("User"), which returnsnull.Expected behavior
The password is changed, consistent with every other method on the manager, which treat the username case-insensitively.
I will submit a PR with a regression test.