Polish

Formatting as well as adding a missing defer

Issue gh-15699

Author: jzheaux

config/src/test/java/org/springframework/security/config/web/server/OneTimeTokenLoginSpecTests.java

@@ -292,7 +292,8 @@ SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
 			http
 					.authorizeExchange((authorize) -> authorize
 							.anyExchange()
-							.authenticated())
+							.authenticated()
+					)
 					.oneTimeTokenLogin((ott) -> ott
 							.generatedOneTimeTokenHandler(new TestServerGeneratedOneTimeTokenHandler())
 					);
@@ -314,7 +315,8 @@ SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
 			http
 					.authorizeExchange((authorize) -> authorize
 							.anyExchange()
-							.authenticated())
+							.authenticated()
+					)
 					.oneTimeTokenLogin((ott) -> ott
 							.generateTokenUrl("/generateurl")
 							.generatedOneTimeTokenHandler(new TestServerGeneratedOneTimeTokenHandler("/redirected"))
@@ -339,7 +341,8 @@ SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
 			http
 					.authorizeExchange((authorize) -> authorize
 							.anyExchange()
-							.authenticated())
+							.authenticated()
+					)
 					.formLogin(Customizer.withDefaults())
 					.oneTimeTokenLogin((ott) -> ott
 							.generatedOneTimeTokenHandler(new TestServerGeneratedOneTimeTokenHandler())
@@ -362,7 +365,8 @@ SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
 			http
 					.authorizeExchange((authorize) -> authorize
 							.anyExchange()
-							.authenticated())
+							.authenticated()
+					)
 					.oneTimeTokenLogin(Customizer.withDefaults());
 			// @formatter:on
 			return http.build();

core/src/main/java/org/springframework/security/authentication/ott/reactive/OneTimeTokenReactiveAuthenticationManager.java

@@ -54,7 +54,7 @@ public Mono<Authentication> authenticate(Authentication authentication) {
 			return Mono.empty();
 		}
 		return this.oneTimeTokenService.consume(otpAuthenticationToken)
-			.switchIfEmpty(Mono.error(new InvalidOneTimeTokenException("Invalid token")))
+			.switchIfEmpty(Mono.defer(() -> Mono.error(new InvalidOneTimeTokenException("Invalid token"))))
 			.flatMap((consumed) -> this.userDetailsService.findByUsername(consumed.getUsername()))
 			.map(onSuccess(otpAuthenticationToken));
 	}

web/src/main/java/org/springframework/security/web/server/authentication/ott/GenerateOneTimeTokenWebFilter.java

@@ -58,8 +58,9 @@ public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		// @formatter:off
 		return this.matcher.matches(exchange)
 				.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
-				.flatMap((mathResult) -> exchange.getFormData())
-				.flatMap((data) -> Mono.justOrEmpty(data.getFirst(USERNAME)))
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
+				.then(exchange.getFormData())
+				.mapNotNull((data) -> data.getFirst(USERNAME))
 				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
 				.flatMap((username) -> this.oneTimeTokenService.generate(new GenerateOneTimeTokenRequest(username)))
 				.flatMap((token) -> this.generatedOneTimeTokenHandler.handle(exchange, token));