Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-24 11:01:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '7.0.x'

Browse Source
This commit is contained in:
Josh Cummings 2026-03-23 18:13:15 -06:00
commit 2a8976f2f0
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/src/main/java/org/springframework/security/web/server/authentication/ott/ServerOneTimeTokenAuthenticationConverter.java
View File

@ -50,7 +50,8 @@ public final class ServerOneTimeTokenAuthenticationConverter implements ServerAu
Assert.notNull(exchange, "exchange cannot be null");
if (isFormEncodedRequest(exchange.getRequest())) {
return exchange.getFormData()
.map((data) -> OneTimeTokenAuthenticationToken.unauthenticated(data.getFirst(TOKEN)));
.mapNotNull((data) -> data.getFirst(TOKEN))
.map((data) -> OneTimeTokenAuthenticationToken.unauthenticated(data));
}
String token = resolveTokenFromRequest(exchange.getRequest());
if (!StringUtils.hasText(token)) {

12
web/src/test/java/org/springframework/security/web/server/authentication/ott/ServerOneTimeTokenAuthenticationConverterTests.java
View File

@ -72,6 +72,18 @@ public class ServerOneTimeTokenAuthenticationConverterTests {
assertThat(authentication).isNull();
}
// gh-18973
@Test
void convertWhenNoTokenFormParameterThenNull() {
MockServerHttpRequest request = MockServerHttpRequest.post("/")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.body("username=Max");
Authentication authentication = this.converter.convert(MockServerWebExchange.from(request)).block();
assertThat(authentication).isNull();
}
@Test
void convertWhenTokenEncodedFormParameterThenReturnOneTimeTokenAuthenticationToken() {
// @formatter:off