From e8c71df899cefe9bc9554e3ad501fe8a2a941f61 Mon Sep 17 00:00:00 2001
From: Rob Winch <362503+rwinch@users.noreply.github.com>
Date: Tue, 1 Oct 2024 08:59:52 -0500
Subject: [PATCH] Use private Inner JdbcOneTimeTokenService classes

Issue gh-15735
---
 .../ott/JdbcOneTimeTokenService.java          |  4 +-
 .../ott/JdbcOneTimeTokenServiceTests.java     | 51 +++++++------------
 2 files changed, 19 insertions(+), 36 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/authentication/ott/JdbcOneTimeTokenService.java b/core/src/main/java/org/springframework/security/authentication/ott/JdbcOneTimeTokenService.java
index 66eda461e8..ee108cb105 100644
--- a/core/src/main/java/org/springframework/security/authentication/ott/JdbcOneTimeTokenService.java
+++ b/core/src/main/java/org/springframework/security/authentication/ott/JdbcOneTimeTokenService.java
@@ -224,7 +224,7 @@ public final class JdbcOneTimeTokenService implements OneTimeTokenService, Dispo
 	 * @author Max Batischev
 	 * @since 6.4
 	 */
-	public static class OneTimeTokenParametersMapper implements Function<OneTimeToken, List<SqlParameterValue>> {
+	private static class OneTimeTokenParametersMapper implements Function<OneTimeToken, List<SqlParameterValue>> {
 
 		@Override
 		public List<SqlParameterValue> apply(OneTimeToken oneTimeToken) {
@@ -244,7 +244,7 @@ public final class JdbcOneTimeTokenService implements OneTimeTokenService, Dispo
 	 * @author Max Batischev
 	 * @since 6.4
 	 */
-	public static class OneTimeTokenRowMapper implements RowMapper<OneTimeToken> {
+	private static class OneTimeTokenRowMapper implements RowMapper<OneTimeToken> {
 
 		@Override
 		public OneTimeToken mapRow(ResultSet rs, int rowNum) throws SQLException {
diff --git a/core/src/test/java/org/springframework/security/authentication/ott/JdbcOneTimeTokenServiceTests.java b/core/src/test/java/org/springframework/security/authentication/ott/JdbcOneTimeTokenServiceTests.java
index 028dc3ade5..3a325adaca 100644
--- a/core/src/test/java/org/springframework/security/authentication/ott/JdbcOneTimeTokenServiceTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ott/JdbcOneTimeTokenServiceTests.java
@@ -17,27 +17,25 @@
 package org.springframework.security.authentication.ott;
 
 import java.time.Clock;
+import java.time.Duration;
 import java.time.Instant;
 import java.time.ZoneOffset;
 import java.time.temporal.ChronoUnit;
-import java.util.List;
 
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
-import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
 import org.springframework.jdbc.core.JdbcOperations;
 import org.springframework.jdbc.core.JdbcTemplate;
-import org.springframework.jdbc.core.PreparedStatementSetter;
-import org.springframework.jdbc.core.SqlParameterValue;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabase;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType;
-import org.springframework.util.CollectionUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
 
 /**
  * Tests for {@link JdbcOneTimeTokenService}.
@@ -58,8 +56,6 @@ public class JdbcOneTimeTokenServiceTests {
 
 	private JdbcOneTimeTokenService oneTimeTokenService;
 
-	private final JdbcOneTimeTokenService.OneTimeTokenParametersMapper oneTimeTokenParametersMapper = new JdbcOneTimeTokenService.OneTimeTokenParametersMapper();
-
 	@BeforeEach
 	void setUp() {
 		this.db = createDb();
@@ -115,7 +111,8 @@ public class JdbcOneTimeTokenServiceTests {
 	void generateThenTokenValueShouldBeValidUuidAndProvidedUsernameIsUsed() {
 		OneTimeToken oneTimeToken = this.oneTimeTokenService.generate(new GenerateOneTimeTokenRequest(USERNAME));
 
-		OneTimeToken persistedOneTimeToken = selectOneTimeToken(oneTimeToken.getTokenValue());
+		OneTimeToken persistedOneTimeToken = this.oneTimeTokenService
+			.consume(new OneTimeTokenAuthenticationToken(oneTimeToken.getTokenValue()));
 		assertThat(persistedOneTimeToken).isNotNull();
 		assertThat(persistedOneTimeToken.getUsername()).isNotNull();
 		assertThat(persistedOneTimeToken.getTokenValue()).isNotNull();
@@ -134,7 +131,8 @@ public class JdbcOneTimeTokenServiceTests {
 		assertThat(consumedOneTimeToken.getUsername()).isNotNull();
 		assertThat(consumedOneTimeToken.getTokenValue()).isNotNull();
 		assertThat(consumedOneTimeToken.getExpiresAt()).isNotNull();
-		OneTimeToken persistedOneTimeToken = selectOneTimeToken(consumedOneTimeToken.getTokenValue());
+		OneTimeToken persistedOneTimeToken = this.oneTimeTokenService
+			.consume(new OneTimeTokenAuthenticationToken(consumedOneTimeToken.getTokenValue()));
 		assertThat(persistedOneTimeToken).isNull();
 	}
 
@@ -162,15 +160,19 @@ public class JdbcOneTimeTokenServiceTests {
 
 	@Test
 	void cleanupExpiredTokens() {
-		OneTimeToken token1 = new DefaultOneTimeToken("123", USERNAME, Instant.now().minusSeconds(300));
-		OneTimeToken token2 = new DefaultOneTimeToken("456", USERNAME, Instant.now().minusSeconds(300));
-		saveToken(token1);
-		saveToken(token2);
+		Clock clock = mock(Clock.class);
+		Instant fiveMinutesAgo = Instant.now().minus(Duration.ofMinutes(5));
+		given(clock.instant()).willReturn(fiveMinutesAgo);
+		this.oneTimeTokenService.setClock(clock);
+		OneTimeToken token1 = this.oneTimeTokenService.generate(new GenerateOneTimeTokenRequest(USERNAME));
+		OneTimeToken token2 = this.oneTimeTokenService.generate(new GenerateOneTimeTokenRequest(USERNAME));
 
 		this.oneTimeTokenService.cleanupExpiredTokens();
 
-		OneTimeToken deletedOneTimeToken1 = selectOneTimeToken("123");
-		OneTimeToken deletedOneTimeToken2 = selectOneTimeToken("456");
+		OneTimeToken deletedOneTimeToken1 = this.oneTimeTokenService
+			.consume(new OneTimeTokenAuthenticationToken(token1.getTokenValue()));
+		OneTimeToken deletedOneTimeToken2 = this.oneTimeTokenService
+			.consume(new OneTimeTokenAuthenticationToken(token2.getTokenValue()));
 		assertThat(deletedOneTimeToken1).isNull();
 		assertThat(deletedOneTimeToken2).isNull();
 	}
@@ -186,23 +188,4 @@ public class JdbcOneTimeTokenServiceTests {
 		this.oneTimeTokenService.setCleanupCron(null);
 	}
 
-	private void saveToken(OneTimeToken oneTimeToken) {
-		List<SqlParameterValue> parameters = this.oneTimeTokenParametersMapper.apply(oneTimeToken);
-		PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters.toArray());
-		this.jdbcOperations.update("INSERT INTO one_time_tokens (token_value, username, expires_at) VALUES (?, ?, ?)",
-				pss);
-	}
-
-	private OneTimeToken selectOneTimeToken(String tokenValue) {
-		// @formatter:off
-		List<OneTimeToken> result = this.jdbcOperations.query(
-				"select token_value, username, expires_at from one_time_tokens where token_value = ?",
-				new JdbcOneTimeTokenService.OneTimeTokenRowMapper(), tokenValue);
-		if (CollectionUtils.isEmpty(result)) {
-			return null;
-		}
-		return result.get(0);
-		// @formatter:on
-	}
-
 }