spring boot using BcryptPasswordEncoder , the passwords are not matching

Question

Spring boot application, user want to change the password after login but i the function is not changing the password.

    @PostMapping("/settings/passwordupdate")
    public String PasswordUpdate(@RequestParam("oldPassword") String oldPassword,
            @RequestParam("newPassword") String newPassword, Principal principal) {

         
        String userName = principal.getName();
        User currentUser = serviceUserDetail.findByUserName(userName);
        final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        System.out.println(newPassword + " ||||  " + passwordEncoder.encode(currentUser.getPassword()));    
        if (passwordEncoder.matches(oldPassword, passwordEncoder.encode(currentUser.getPassword()))) {
             
            System.out.print("match");
            
        } else {
            System.out.print("not match");
        }
        return "redirect:/";
    }

the result is

pass ||||  $2a$10$Y3JMpBg/3l4SHJY/X8XRS.O3vLxr64iLLoLY3r933irwsnrvCIr2q
not match---------------

while i can login via the password "pass" which means the password is okey

Answer 1

You cannot match the new password with the old password encoded again. You can match the old password in the parameter with the current password.

You can try it like this:

if (passwordEncoder.matches(oldPassword, currentUser.getPassword())) {
    String encodedNewPassword = passwordEncoder.encode(newPassword);
    // Store encoded new password..
}

See also BCryptPasswordEncoder.matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)