TestOneTimeTokenGenerationSuccessHandler.lastToken to non-static variable

rwinch · rwinch · commit 751b5580a129 · 2025-01-23T12:43:22.000-06:00
Previously there were race conditions on the static member lastToken of TestOneTimeTokenGenerationSuccessHandler. This is because the tests run in parallel and one test may override the other tests lastToken and thus make the assertion on it incorrect. This commit changes lastToken to be a non-static variable to ensure that each test has it's own lastToken for asserting the expected value. Closes gh-16471
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurerTests.java
@@ -72,7 +72,7 @@ void oneTimeTokenWhenCorrectTokenThenCanAuthenticate() throws Exception {
 		this.mvc.perform(post("/ott/generate").param("username", "user").with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/login/ott"));
 
-		String token = TestOneTimeTokenGenerationSuccessHandler.lastToken.getTokenValue();
+		String token = getLastToken().getTokenValue();
 
 		this.mvc.perform(post("/login/ott").param("token", token).with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/"), authenticated());
@@ -84,7 +84,7 @@ void oneTimeTokenWhenDifferentAuthenticationUrlsThenCanAuthenticate() throws Exc
 		this.mvc.perform(post("/generateurl").param("username", "user").with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/redirected"));
 
-		String token = TestOneTimeTokenGenerationSuccessHandler.lastToken.getTokenValue();
+		String token = getLastToken().getTokenValue();
 
 		this.mvc.perform(post("/loginprocessingurl").param("token", token).with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/authenticated"), authenticated());
@@ -96,7 +96,7 @@ void oneTimeTokenWhenCorrectTokenUsedTwiceThenSecondTimeFails() throws Exception
 		this.mvc.perform(post("/ott/generate").param("username", "user").with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/login/ott"));
 
-		String token = TestOneTimeTokenGenerationSuccessHandler.lastToken.getTokenValue();
+		String token = getLastToken().getTokenValue();
 
 		this.mvc.perform(post("/login/ott").param("token", token).with(csrf()))
 			.andExpectAll(status().isFound(), redirectedUrl("/"), authenticated());
@@ -194,25 +194,37 @@ Please provide it as a bean or pass it to the oneTimeTokenLogin() DSL.
 					""");
 	}
 
+	private OneTimeToken getLastToken() {
+		OneTimeToken lastToken = this.spring.getContext()
+			.getBean(TestOneTimeTokenGenerationSuccessHandler.class).lastToken;
+		return lastToken;
+	}
+
 	@Configuration(proxyBeanMethods = false)
 	@EnableWebSecurity
 	@Import(UserDetailsServiceConfig.class)
 	static class OneTimeTokenDefaultConfig {
 
 		@Bean
-		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain securityFilterChain(HttpSecurity http,
+				OneTimeTokenGenerationSuccessHandler ottSuccessHandler) throws Exception {
 			// @formatter:off
 			http
 					.authorizeHttpRequests((authz) -> authz
 							.anyRequest().authenticated()
 					)
 					.oneTimeTokenLogin((ott) -> ott
-							.tokenGenerationSuccessHandler(new TestOneTimeTokenGenerationSuccessHandler())
+							.tokenGenerationSuccessHandler(ottSuccessHandler)
 					);
 			// @formatter:on
 			return http.build();
 		}
 
+		@Bean
+		TestOneTimeTokenGenerationSuccessHandler ottSuccessHandler() {
+			return new TestOneTimeTokenGenerationSuccessHandler();
+		}
+
 	}
 
 	@Configuration(proxyBeanMethods = false)
@@ -221,22 +233,28 @@ SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 	static class OneTimeTokenDifferentUrlsConfig {
 
 		@Bean
-		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain securityFilterChain(HttpSecurity http,
+				OneTimeTokenGenerationSuccessHandler ottSuccessHandler) throws Exception {
 			// @formatter:off
 			http
 					.authorizeHttpRequests((authz) -> authz
 							.anyRequest().authenticated()
 					)
 					.oneTimeTokenLogin((ott) -> ott
 							.tokenGeneratingUrl("/generateurl")
-							.tokenGenerationSuccessHandler(new TestOneTimeTokenGenerationSuccessHandler("/redirected"))
+							.tokenGenerationSuccessHandler(ottSuccessHandler)
 							.loginProcessingUrl("/loginprocessingurl")
 							.authenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/authenticated"))
 					);
 			// @formatter:on
 			return http.build();
 		}
 
+		@Bean
+		TestOneTimeTokenGenerationSuccessHandler ottSuccessHandler() {
+			return new TestOneTimeTokenGenerationSuccessHandler("/redirected");
+		}
+
 	}
 
 	@Configuration(proxyBeanMethods = false)
@@ -245,20 +263,26 @@ SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 	static class OneTimeTokenFormLoginConfig {
 
 		@Bean
-		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		SecurityFilterChain securityFilterChain(HttpSecurity http,
+				OneTimeTokenGenerationSuccessHandler ottSuccessHandler) throws Exception {
 			// @formatter:off
 			http
 					.authorizeHttpRequests((authz) -> authz
 							.anyRequest().authenticated()
 					)
 					.formLogin(Customizer.withDefaults())
 					.oneTimeTokenLogin((ott) -> ott
-							.tokenGenerationSuccessHandler(new TestOneTimeTokenGenerationSuccessHandler())
+							.tokenGenerationSuccessHandler(ottSuccessHandler)
 					);
 			// @formatter:on
 			return http.build();
 		}
 
+		@Bean
+		TestOneTimeTokenGenerationSuccessHandler ottSuccessHandler() {
+			return new TestOneTimeTokenGenerationSuccessHandler();
+		}
+
 	}
 
 	@Configuration(proxyBeanMethods = false)
@@ -282,7 +306,7 @@ SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
 	static class TestOneTimeTokenGenerationSuccessHandler implements OneTimeTokenGenerationSuccessHandler {
 
-		private static OneTimeToken lastToken;
+		private OneTimeToken lastToken;
 
 		private final OneTimeTokenGenerationSuccessHandler delegate;
 
@@ -297,7 +321,7 @@ static class TestOneTimeTokenGenerationSuccessHandler implements OneTimeTokenGen
 		@Override
 		public void handle(HttpServletRequest request, HttpServletResponse response, OneTimeToken oneTimeToken)
 				throws IOException, ServletException {
-			lastToken = oneTimeToken;
+			this.lastToken = oneTimeToken;
 			this.delegate.handle(request, response, oneTimeToken);
 		}
 
diff --git a/config/src/test/kotlin/org/springframework/security/config/annotation/web/OneTimeTokenLoginDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/OneTimeTokenLoginDslTests.kt
@@ -69,7 +69,7 @@ class OneTimeTokenLoginDslTests {
                 .redirectedUrl("/login/ott")
         )
 
-        val token = TestOneTimeTokenGenerationSuccessHandler.lastToken?.tokenValue
+        val token = getLastToken().tokenValue
 
         this.mockMvc.perform(
             MockMvcRequestBuilders.post("/login/ott").param("token", token)
@@ -91,7 +91,7 @@ class OneTimeTokenLoginDslTests {
         )
             .andExpectAll(MockMvcResultMatchers.status().isFound(), MockMvcResultMatchers.redirectedUrl("/redirected"))
 
-        val token = TestOneTimeTokenGenerationSuccessHandler.lastToken?.tokenValue
+        val token = getLastToken().tokenValue
 
         this.mockMvc.perform(
             MockMvcRequestBuilders.post("/loginprocessingurl").param("token", token)
@@ -104,48 +104,64 @@ class OneTimeTokenLoginDslTests {
             )
     }
 
+    private fun getLastToken(): OneTimeToken {
+        val lastToken: OneTimeToken = spring.context
+            .getBean(TestOneTimeTokenGenerationSuccessHandler::class.java).lastToken!!
+        return lastToken
+    }
+
     @Configuration
     @EnableWebSecurity
     @Import(UserDetailsServiceConfig::class)
     open class OneTimeTokenConfig {
 
         @Bean
-        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {
             // @formatter:off
             http {
                 authorizeHttpRequests {
                     authorize(anyRequest, authenticated)
                 }
                 oneTimeTokenLogin {
-                    oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler()
+                    oneTimeTokenGenerationSuccessHandler = ottSuccessHandler
                 }
             }
             // @formatter:on
             return http.build()
         }
+
+        @Bean
+        open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {
+            return TestOneTimeTokenGenerationSuccessHandler()
+        }
     }
 
     @EnableWebSecurity
     @Configuration(proxyBeanMethods = false)
     @Import(UserDetailsServiceConfig::class)
     open class OneTimeTokenDifferentUrlsConfig {
         @Bean
-        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {
             // @formatter:off
             http {
                 authorizeHttpRequests {
                     authorize(anyRequest, authenticated)
                 }
                 oneTimeTokenLogin {
                     tokenGeneratingUrl = "/generateurl"
-                    oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler("/redirected")
+                    oneTimeTokenGenerationSuccessHandler = ottSuccessHandler
                     loginProcessingUrl = "/loginprocessingurl"
                     authenticationSuccessHandler = SimpleUrlAuthenticationSuccessHandler("/authenticated")
                 }
             }
             // @formatter:on
             return http.build()
         }
+
+        @Bean
+        open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {
+            return TestOneTimeTokenGenerationSuccessHandler("/redirected")
+        }
     }
 
     @Configuration(proxyBeanMethods = false)
@@ -156,9 +172,10 @@ class OneTimeTokenLoginDslTests {
             InMemoryUserDetailsManager(PasswordEncodedUser.user(), PasswordEncodedUser.admin())
     }
 
-    private class TestOneTimeTokenGenerationSuccessHandler :
+    class TestOneTimeTokenGenerationSuccessHandler :
         OneTimeTokenGenerationSuccessHandler {
         private val delegate: OneTimeTokenGenerationSuccessHandler
+        var lastToken: OneTimeToken? = null
 
         constructor() {
             this.delegate =
@@ -175,12 +192,8 @@ class OneTimeTokenLoginDslTests {
         }
 
         override fun handle(request: HttpServletRequest, response: HttpServletResponse, oneTimeToken: OneTimeToken) {
-            lastToken = oneTimeToken
+            this.lastToken = oneTimeToken
             delegate.handle(request, response, oneTimeToken)
         }
-
-        companion object {
-            var lastToken: OneTimeToken? = null
-        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ class OneTimeTokenLoginDslTests {`
`69`	`69`	`.redirectedUrl("/login/ott")`
`70`	`70`	`)`
`71`	`71`
`72`		`- val token = TestOneTimeTokenGenerationSuccessHandler.lastToken?.tokenValue`
	`72`	`+ val token = getLastToken().tokenValue`
`73`	`73`
`74`	`74`	`this.mockMvc.perform(`
`75`	`75`	`MockMvcRequestBuilders.post("/login/ott").param("token", token)`
`@@ -91,7 +91,7 @@ class OneTimeTokenLoginDslTests {`
`91`	`91`	`)`
`92`	`92`	`.andExpectAll(MockMvcResultMatchers.status().isFound(), MockMvcResultMatchers.redirectedUrl("/redirected"))`
`93`	`93`
`94`		`- val token = TestOneTimeTokenGenerationSuccessHandler.lastToken?.tokenValue`
	`94`	`+ val token = getLastToken().tokenValue`
`95`	`95`
`96`	`96`	`this.mockMvc.perform(`
`97`	`97`	`MockMvcRequestBuilders.post("/loginprocessingurl").param("token", token)`
`@@ -104,48 +104,64 @@ class OneTimeTokenLoginDslTests {`
`104`	`104`	`)`
`105`	`105`	`}`
`106`	`106`
	`107`	`+ private fun getLastToken(): OneTimeToken {`
	`108`	`+ val lastToken: OneTimeToken = spring.context`
	`109`	`+ .getBean(TestOneTimeTokenGenerationSuccessHandler::class.java).lastToken!!`
	`110`	`+ return lastToken`
	`111`	`+ }`
	`112`	`+`
`107`	`113`	`@Configuration`
`108`	`114`	`@EnableWebSecurity`
`109`	`115`	`@Import(UserDetailsServiceConfig::class)`
`110`	`116`	`open class OneTimeTokenConfig {`
`111`	`117`
`112`	`118`	`@Bean`
`113`		`- open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {`
	`119`	`+ open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {`
`114`	`120`	`// @formatter:off`
`115`	`121`	`http {`
`116`	`122`	`authorizeHttpRequests {`
`117`	`123`	`authorize(anyRequest, authenticated)`
`118`	`124`	`}`
`119`	`125`	`oneTimeTokenLogin {`
`120`		`- oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler()`
	`126`	`+ oneTimeTokenGenerationSuccessHandler = ottSuccessHandler`
`121`	`127`	`}`
`122`	`128`	`}`
`123`	`129`	`// @formatter:on`
`124`	`130`	`return http.build()`
`125`	`131`	`}`
	`132`	`+`
	`133`	`+ @Bean`
	`134`	`+ open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {`
	`135`	`+ return TestOneTimeTokenGenerationSuccessHandler()`
	`136`	`+ }`
`126`	`137`	`}`
`127`	`138`
`128`	`139`	`@EnableWebSecurity`
`129`	`140`	`@Configuration(proxyBeanMethods = false)`
`130`	`141`	`@Import(UserDetailsServiceConfig::class)`
`131`	`142`	`open class OneTimeTokenDifferentUrlsConfig {`
`132`	`143`	`@Bean`
`133`		`- open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {`
	`144`	`+ open fun securityFilterChain(http: HttpSecurity, ottSuccessHandler: OneTimeTokenGenerationSuccessHandler): SecurityFilterChain {`
`134`	`145`	`// @formatter:off`
`135`	`146`	`http {`
`136`	`147`	`authorizeHttpRequests {`
`137`	`148`	`authorize(anyRequest, authenticated)`
`138`	`149`	`}`
`139`	`150`	`oneTimeTokenLogin {`
`140`	`151`	`tokenGeneratingUrl = "/generateurl"`
`141`		`- oneTimeTokenGenerationSuccessHandler = TestOneTimeTokenGenerationSuccessHandler("/redirected")`
	`152`	`+ oneTimeTokenGenerationSuccessHandler = ottSuccessHandler`
`142`	`153`	`loginProcessingUrl = "/loginprocessingurl"`
`143`	`154`	`authenticationSuccessHandler = SimpleUrlAuthenticationSuccessHandler("/authenticated")`
`144`	`155`	`}`
`145`	`156`	`}`
`146`	`157`	`// @formatter:on`
`147`	`158`	`return http.build()`
`148`	`159`	`}`
	`160`	`+`
	`161`	`+ @Bean`
	`162`	`+ open fun ottSuccessHandler(): TestOneTimeTokenGenerationSuccessHandler {`
	`163`	`+ return TestOneTimeTokenGenerationSuccessHandler("/redirected")`
	`164`	`+ }`
`149`	`165`	`}`
`150`	`166`
`151`	`167`	`@Configuration(proxyBeanMethods = false)`
`@@ -156,9 +172,10 @@ class OneTimeTokenLoginDslTests {`
`156`	`172`	`InMemoryUserDetailsManager(PasswordEncodedUser.user(), PasswordEncodedUser.admin())`
`157`	`173`	`}`
`158`	`174`
`159`		`- private class TestOneTimeTokenGenerationSuccessHandler :`
	`175`	`+ class TestOneTimeTokenGenerationSuccessHandler :`
`160`	`176`	`OneTimeTokenGenerationSuccessHandler {`
`161`	`177`	`private val delegate: OneTimeTokenGenerationSuccessHandler`
	`178`	`+ var lastToken: OneTimeToken? = null`
`162`	`179`
`163`	`180`	`constructor() {`
`164`	`181`	`this.delegate =`
`@@ -175,12 +192,8 @@ class OneTimeTokenLoginDslTests {`
`175`	`192`	`}`
`176`	`193`
`177`	`194`	`override fun handle(request: HttpServletRequest, response: HttpServletResponse, oneTimeToken: OneTimeToken) {`
`178`		`- lastToken = oneTimeToken`
	`195`	`+ this.lastToken = oneTimeToken`
`179`	`196`	`delegate.handle(request, response, oneTimeToken)`
`180`	`197`	`}`
`181`		`-`
`182`		`- companion object {`
`183`		`- var lastToken: OneTimeToken? = null`
`184`		`- }`
`185`	`198`	`}`
`186`	`199`	`}`