Skip to content

Commit 533e8c7

Browse files
marcusdacoregiomarcusdacoregio
committed
Fix GenerateOneTimeTokenRequestResolver ignored if username param not present
1 parent ba2619c commit 533e8c7

File tree

2 files changed

+18
-6
lines changed

2 files changed

+18
-6
lines changed

web/src/main/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenFilter.java

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,6 @@
3030
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
3131
import org.springframework.security.web.util.matcher.RequestMatcher;
3232
import org.springframework.util.Assert;
33-
import org.springframework.util.StringUtils;
3433
import org.springframework.web.filter.OncePerRequestFilter;
3534

3635
/**
@@ -68,11 +67,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
6867
filterChain.doFilter(request, response);
6968
return;
7069
}
71-
String username = request.getParameter("username");
72-
if (!StringUtils.hasText(username)) {
73-
filterChain.doFilter(request, response);
74-
return;
75-
}
7670
GenerateOneTimeTokenRequest generateRequest = this.requestResolver.resolve(request);
7771
OneTimeToken ott = this.tokenService.generate(generateRequest);
7872
if (generateRequest == null) {

web/src/test/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenFilterTests.java

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,4 +113,22 @@ public void setWhenRequestMatcherNullThenIllegalArgumentException() {
113113
// @formatter:on
114114
}
115115

116+
@Test
117+
void filterWhenUsernameFormParamIsEmptyButRequestResolverCanResolveThenSuccess()
118+
throws ServletException, IOException {
119+
GenerateOneTimeTokenRequestResolver requestResolver = mock();
120+
given(this.oneTimeTokenService.generate(ArgumentMatchers.any(GenerateOneTimeTokenRequest.class)))
121+
.willReturn((new DefaultOneTimeToken(TOKEN, USERNAME, Instant.now())));
122+
given(requestResolver.resolve(this.request)).willReturn(new GenerateOneTimeTokenRequest(USERNAME));
123+
124+
GenerateOneTimeTokenFilter filter = new GenerateOneTimeTokenFilter(this.oneTimeTokenService,
125+
this.successHandler);
126+
filter.setRequestResolver(requestResolver);
127+
128+
filter.doFilter(this.request, this.response, this.filterChain);
129+
130+
verify(this.oneTimeTokenService).generate(ArgumentMatchers.any(GenerateOneTimeTokenRequest.class));
131+
assertThat(this.response.getRedirectedUrl()).isEqualTo("/login/ott");
132+
}
133+
116134
}

0 commit comments

Comments
 (0)