diff --git a/src/main/java/com/example/solidconnection/config/security/AuthenticationManagerConfig.java b/src/main/java/com/example/solidconnection/config/security/AuthenticationManagerConfig.java index 785283d7d..e4af023b7 100644 --- a/src/main/java/com/example/solidconnection/config/security/AuthenticationManagerConfig.java +++ b/src/main/java/com/example/solidconnection/config/security/AuthenticationManagerConfig.java @@ -1,6 +1,5 @@ package com.example.solidconnection.config.security; -import com.example.solidconnection.custom.security.provider.ExpiredTokenAuthenticationProvider; import com.example.solidconnection.custom.security.provider.SiteUserAuthenticationProvider; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; @@ -13,13 +12,11 @@ public class AuthenticationManagerConfig { private final SiteUserAuthenticationProvider siteUserAuthenticationProvider; - private final ExpiredTokenAuthenticationProvider expiredTokenAuthenticationProvider; @Bean public AuthenticationManager authenticationManager() { return new ProviderManager( - siteUserAuthenticationProvider, - expiredTokenAuthenticationProvider + siteUserAuthenticationProvider ); } } diff --git a/src/main/java/com/example/solidconnection/config/web/WebMvcConfig.java b/src/main/java/com/example/solidconnection/config/web/WebMvcConfig.java index 6d16694cc..7f56e320f 100644 --- a/src/main/java/com/example/solidconnection/config/web/WebMvcConfig.java +++ b/src/main/java/com/example/solidconnection/config/web/WebMvcConfig.java @@ -2,7 +2,6 @@ import com.example.solidconnection.custom.resolver.AuthorizedUserResolver; import com.example.solidconnection.custom.resolver.CustomPageableHandlerMethodArgumentResolver; -import com.example.solidconnection.custom.resolver.ExpiredTokenResolver; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Configuration; import org.springframework.web.method.support.HandlerMethodArgumentResolver; @@ -15,14 +14,12 @@ public class WebMvcConfig implements WebMvcConfigurer { private final AuthorizedUserResolver authorizedUserResolver; - private final ExpiredTokenResolver expiredTokenResolver; private final CustomPageableHandlerMethodArgumentResolver customPageableHandlerMethodArgumentResolver; @Override public void addArgumentResolvers(List resolvers) { resolvers.addAll(List.of( authorizedUserResolver, - expiredTokenResolver, customPageableHandlerMethodArgumentResolver )); } diff --git a/src/main/java/com/example/solidconnection/custom/exception/JwtExpiredTokenException.java b/src/main/java/com/example/solidconnection/custom/exception/JwtExpiredTokenException.java deleted file mode 100644 index b0a52e9fa..000000000 --- a/src/main/java/com/example/solidconnection/custom/exception/JwtExpiredTokenException.java +++ /dev/null @@ -1,10 +0,0 @@ -package com.example.solidconnection.custom.exception; - -import org.springframework.security.core.AuthenticationException; - -public class JwtExpiredTokenException extends AuthenticationException { - - public JwtExpiredTokenException(String msg) { - super(msg); - } -} diff --git a/src/main/java/com/example/solidconnection/custom/resolver/ExpiredToken.java b/src/main/java/com/example/solidconnection/custom/resolver/ExpiredToken.java deleted file mode 100644 index 5de4ad95a..000000000 --- a/src/main/java/com/example/solidconnection/custom/resolver/ExpiredToken.java +++ /dev/null @@ -1,12 +0,0 @@ -package com.example.solidconnection.custom.resolver; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -// todo: 사용되지 않음, 다른 PR에서 삭제하고 더 효율적인 구조를 고민해봐야 함 -@Target({ElementType.PARAMETER}) -@Retention(RetentionPolicy.RUNTIME) -public @interface ExpiredToken { -} diff --git a/src/main/java/com/example/solidconnection/custom/resolver/ExpiredTokenResolver.java b/src/main/java/com/example/solidconnection/custom/resolver/ExpiredTokenResolver.java deleted file mode 100644 index 7547a1d61..000000000 --- a/src/main/java/com/example/solidconnection/custom/resolver/ExpiredTokenResolver.java +++ /dev/null @@ -1,35 +0,0 @@ -package com.example.solidconnection.custom.resolver; - -import com.example.solidconnection.custom.security.authentication.ExpiredTokenAuthentication; -import lombok.RequiredArgsConstructor; -import org.springframework.core.MethodParameter; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Component; -import org.springframework.web.bind.support.WebDataBinderFactory; -import org.springframework.web.context.request.NativeWebRequest; -import org.springframework.web.method.support.HandlerMethodArgumentResolver; -import org.springframework.web.method.support.ModelAndViewContainer; - -// todo: 사용되지 않음, 다른 PR에서 삭제하고 더 효율적인 구조를 고민해봐야 함 -@Component -@RequiredArgsConstructor -public class ExpiredTokenResolver implements HandlerMethodArgumentResolver { - - @Override - public boolean supportsParameter(MethodParameter parameter) { - return parameter.hasParameterAnnotation(ExpiredToken.class) - && parameter.getParameterType().equals(ExpiredTokenAuthentication.class); - } - - @Override - public Object resolveArgument(MethodParameter parameter, - ModelAndViewContainer mavContainer, - NativeWebRequest webRequest, - WebDataBinderFactory binderFactory) throws Exception { - try { - return SecurityContextHolder.getContext().getAuthentication(); - } catch (Exception e) { - return null; - } - } -} diff --git a/src/main/java/com/example/solidconnection/custom/security/authentication/ExpiredTokenAuthentication.java b/src/main/java/com/example/solidconnection/custom/security/authentication/ExpiredTokenAuthentication.java deleted file mode 100644 index 061484674..000000000 --- a/src/main/java/com/example/solidconnection/custom/security/authentication/ExpiredTokenAuthentication.java +++ /dev/null @@ -1,19 +0,0 @@ -package com.example.solidconnection.custom.security.authentication; - -// todo: 사용되지 않음, 다른 PR에서 삭제하고 더 효율적인 구조를 고민해봐야 함 -public class ExpiredTokenAuthentication extends JwtAuthentication { - - public ExpiredTokenAuthentication(String token) { - super(token, null); - setAuthenticated(false); - } - - public ExpiredTokenAuthentication(String token, String subject) { - super(token, subject); - setAuthenticated(false); - } - - public String getSubject() { - return (String) getPrincipal(); - } -} diff --git a/src/main/java/com/example/solidconnection/custom/security/filter/JwtAuthenticationFilter.java b/src/main/java/com/example/solidconnection/custom/security/filter/JwtAuthenticationFilter.java index 3f5bce556..d9d8efd65 100644 --- a/src/main/java/com/example/solidconnection/custom/security/filter/JwtAuthenticationFilter.java +++ b/src/main/java/com/example/solidconnection/custom/security/filter/JwtAuthenticationFilter.java @@ -1,7 +1,5 @@ package com.example.solidconnection.custom.security.filter; -import com.example.solidconnection.config.security.JwtProperties; -import com.example.solidconnection.custom.security.authentication.ExpiredTokenAuthentication; import com.example.solidconnection.custom.security.authentication.JwtAuthentication; import com.example.solidconnection.custom.security.authentication.SiteUserAuthentication; import jakarta.servlet.FilterChain; @@ -18,7 +16,6 @@ import java.io.IOException; -import static com.example.solidconnection.util.JwtUtils.isExpired; import static com.example.solidconnection.util.JwtUtils.parseTokenFromRequest; @@ -26,7 +23,6 @@ @RequiredArgsConstructor public class JwtAuthenticationFilter extends OncePerRequestFilter { - private final JwtProperties jwtProperties; private final AuthenticationManager authenticationManager; @Override @@ -47,9 +43,6 @@ public void doFilterInternal(@NonNull HttpServletRequest request, } private JwtAuthentication createAuthentication(String token) { - if (isExpired(token, jwtProperties.secret())) { - return new ExpiredTokenAuthentication(token); - } return new SiteUserAuthentication(token); } } diff --git a/src/main/java/com/example/solidconnection/custom/security/provider/ExpiredTokenAuthenticationProvider.java b/src/main/java/com/example/solidconnection/custom/security/provider/ExpiredTokenAuthenticationProvider.java deleted file mode 100644 index 01b065a19..000000000 --- a/src/main/java/com/example/solidconnection/custom/security/provider/ExpiredTokenAuthenticationProvider.java +++ /dev/null @@ -1,35 +0,0 @@ -package com.example.solidconnection.custom.security.provider; - - -import com.example.solidconnection.config.security.JwtProperties; -import com.example.solidconnection.custom.security.authentication.ExpiredTokenAuthentication; -import com.example.solidconnection.custom.security.authentication.JwtAuthentication; -import lombok.RequiredArgsConstructor; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.stereotype.Component; - -import static com.example.solidconnection.util.JwtUtils.parseSubjectIgnoringExpiration; - -// todo: 사용되지 않음, 다른 PR에서 삭제하고 더 효율적인 구조를 고민해봐야 함 -@Component -@RequiredArgsConstructor -public class ExpiredTokenAuthenticationProvider implements AuthenticationProvider { - - private final JwtProperties jwtProperties; - - @Override - public Authentication authenticate(Authentication auth) throws AuthenticationException { - JwtAuthentication jwtAuth = (JwtAuthentication) auth; - String token = jwtAuth.getToken(); - String subject = parseSubjectIgnoringExpiration(token, jwtProperties.secret()); - - return new ExpiredTokenAuthentication(token, subject); - } - - @Override - public boolean supports(Class authentication) { - return ExpiredTokenAuthentication.class.isAssignableFrom(authentication); - } -} diff --git a/src/main/java/com/example/solidconnection/util/JwtUtils.java b/src/main/java/com/example/solidconnection/util/JwtUtils.java index d295f2a3e..a5c96d092 100644 --- a/src/main/java/com/example/solidconnection/util/JwtUtils.java +++ b/src/main/java/com/example/solidconnection/util/JwtUtils.java @@ -7,8 +7,6 @@ import jakarta.servlet.http.HttpServletRequest; import org.springframework.stereotype.Component; -import java.util.Date; - import static com.example.solidconnection.custom.exception.ErrorCode.INVALID_TOKEN; @Component @@ -35,30 +33,6 @@ public static String parseSubject(String token, String secretKey) { throw new CustomException(INVALID_TOKEN); } } - - public static String parseSubjectIgnoringExpiration(String token, String secretKey) { - try { - return parseClaims(token, secretKey).getSubject(); - } catch (ExpiredJwtException e) { - return e.getClaims().getSubject(); - } catch (Exception e) { - throw new CustomException(INVALID_TOKEN); - } - } - - public static boolean isExpired(String token, String secretKey) { - try { - Date expiration = Jwts.parser() - .setSigningKey(secretKey) - .parseClaimsJws(token) - .getBody() - .getExpiration(); - return expiration.before(new Date()); - } catch (Exception e) { - return true; - } - } - public static Claims parseClaims(String token, String secretKey) throws ExpiredJwtException { return Jwts.parser() .setSigningKey(secretKey) diff --git a/src/test/java/com/example/solidconnection/custom/resolver/ExpiredTokenResolverTest.java b/src/test/java/com/example/solidconnection/custom/resolver/ExpiredTokenResolverTest.java deleted file mode 100644 index a0393dbc7..000000000 --- a/src/test/java/com/example/solidconnection/custom/resolver/ExpiredTokenResolverTest.java +++ /dev/null @@ -1,43 +0,0 @@ -package com.example.solidconnection.custom.resolver; - -import com.example.solidconnection.custom.security.authentication.ExpiredTokenAuthentication; -import com.example.solidconnection.support.TestContainerSpringBootTest; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.DisplayName; -import org.junit.jupiter.api.Test; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.context.SecurityContextHolder; - -import static org.assertj.core.api.Assertions.assertThat; - -@TestContainerSpringBootTest -@DisplayName("만료된 토큰 argument resolver 테스트") -class ExpiredTokenResolverTest { - - @BeforeEach - void setUp() { - SecurityContextHolder.clearContext(); - } - - @Autowired - private ExpiredTokenResolver expiredTokenResolver; - - @Test - void security_context_에_저장된_만료시간을_검증하지_않는_토큰을_반환한다() throws Exception { - // given - ExpiredTokenAuthentication authentication = new ExpiredTokenAuthentication("token"); - SecurityContextHolder.getContext().setAuthentication(authentication); - - // when - ExpiredTokenAuthentication expiredTokenAuthentication = (ExpiredTokenAuthentication) expiredTokenResolver.resolveArgument(null, null, null, null); - - // then - assertThat(expiredTokenAuthentication.getToken()).isEqualTo("token"); - } - - @Test - void security_context_에_저장된_만료시간을_검증하지_않는_토큰이_없으면_null_을_반환한다() throws Exception { - // when, then - assertThat(expiredTokenResolver.resolveArgument(null, null, null, null)).isNull(); - } -} diff --git a/src/test/java/com/example/solidconnection/custom/security/authentication/ExpiredTokenAuthenticationTest.java b/src/test/java/com/example/solidconnection/custom/security/authentication/ExpiredTokenAuthenticationTest.java deleted file mode 100644 index 9ef78d0c7..000000000 --- a/src/test/java/com/example/solidconnection/custom/security/authentication/ExpiredTokenAuthenticationTest.java +++ /dev/null @@ -1,64 +0,0 @@ -package com.example.solidconnection.custom.security.authentication; - -import io.jsonwebtoken.Jwts; -import io.jsonwebtoken.SignatureAlgorithm; -import org.junit.jupiter.api.DisplayName; -import org.junit.jupiter.api.Test; - -import java.util.Date; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertAll; - -@DisplayName("만료된 토큰 인증 정보 테스트") -class ExpiredTokenAuthenticationTest { - - @Test - void 인증_정보에_저장된_토큰을_반환한다() { - // given - String token = "token123"; - ExpiredTokenAuthentication auth = new ExpiredTokenAuthentication(token); - - // when - String result = auth.getToken(); - - // then - assertThat(result).isEqualTo(token); - } - - @Test - void 인증_정보에_저장된_토큰의_subject_를_반환한다() { - // given - String subject = "subject321"; - String token = createToken(subject); - ExpiredTokenAuthentication auth = new ExpiredTokenAuthentication(token, subject); - - // when - String result = auth.getSubject(); - - // then - assertThat(result).isEqualTo(subject); - } - - @Test - void 항상_isAuthenticated_는_false_를_반환한다() { - // given - ExpiredTokenAuthentication auth1 = new ExpiredTokenAuthentication("token"); - ExpiredTokenAuthentication auth2 = new ExpiredTokenAuthentication("token", "subject"); - - // when & then - assertAll( - () -> assertThat(auth1.isAuthenticated()).isFalse(), - () -> assertThat(auth2.isAuthenticated()).isFalse() - ); - } - - private String createToken(String subject) { - return Jwts.builder() - .setSubject(subject) - .setIssuedAt(new Date()) - .setExpiration(new Date(System.currentTimeMillis() + 1000)) - .signWith(SignatureAlgorithm.HS256, "secret") - .compact(); - } -} diff --git a/src/test/java/com/example/solidconnection/custom/security/filter/JwtAuthenticationFilterTest.java b/src/test/java/com/example/solidconnection/custom/security/filter/JwtAuthenticationFilterTest.java index cbca9c5f2..61e4c9170 100644 --- a/src/test/java/com/example/solidconnection/custom/security/filter/JwtAuthenticationFilterTest.java +++ b/src/test/java/com/example/solidconnection/custom/security/filter/JwtAuthenticationFilterTest.java @@ -1,7 +1,6 @@ package com.example.solidconnection.custom.security.filter; import com.example.solidconnection.config.security.JwtProperties; -import com.example.solidconnection.custom.security.authentication.ExpiredTokenAuthentication; import com.example.solidconnection.custom.security.authentication.SiteUserAuthentication; import com.example.solidconnection.custom.security.userdetails.SiteUserDetailsService; import com.example.solidconnection.support.TestContainerSpringBootTest; @@ -12,7 +11,6 @@ import jakarta.servlet.http.HttpServletResponse; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.DisplayName; -import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.mock.mockito.MockBean; @@ -36,7 +34,7 @@ class JwtAuthenticationFilterTest { @Autowired private JwtProperties jwtProperties; - @MockBean + @MockBean // 이 테스트코드에서 사용자를 조회할 필요는 없으므로 MockBean 으로 대체 private SiteUserDetailsService siteUserDetailsService; private HttpServletRequest request; @@ -63,40 +61,20 @@ void setUp() { then(filterChain).should().doFilter(request, response); } - @Nested - class 토큰이_있으면_컨텍스트에_저장한다 { - - @Test - void 유효한_토큰을_컨텍스트에_저장한다() throws Exception { - // given - Date validExpiration = new Date(System.currentTimeMillis() + 1000); - String token = createTokenWithExpiration(validExpiration); - request = createRequestWithToken(token); - - // when - jwtAuthenticationFilter.doFilterInternal(request, response, filterChain); - - // then - assertThat(SecurityContextHolder.getContext().getAuthentication()) - .isExactlyInstanceOf(SiteUserAuthentication.class); - then(filterChain).should().doFilter(request, response); - } - - @Test - void 만료된_토큰을_컨텍스트에_저장한다() throws Exception { - // given - Date invalidExpiration = new Date(System.currentTimeMillis() - 1000); - String token = createTokenWithExpiration(invalidExpiration); - request = createRequestWithToken(token); - - // when - jwtAuthenticationFilter.doFilterInternal(request, response, filterChain); - - // then - assertThat(SecurityContextHolder.getContext().getAuthentication()) - .isExactlyInstanceOf(ExpiredTokenAuthentication.class); - then(filterChain).should().doFilter(request, response); - } + @Test + void 토큰이_있으면_컨텍스트에_저장한다() throws Exception { + // given + Date validExpiration = new Date(System.currentTimeMillis() + 1000); + String token = createTokenWithExpiration(validExpiration); + request = createRequestWithToken(token); + + // when + jwtAuthenticationFilter.doFilterInternal(request, response, filterChain); + + // then + assertThat(SecurityContextHolder.getContext().getAuthentication()) + .isExactlyInstanceOf(SiteUserAuthentication.class); + then(filterChain).should().doFilter(request, response); } private String createTokenWithExpiration(Date expiration) { diff --git a/src/test/java/com/example/solidconnection/custom/security/provider/ExpiredTokenAuthenticationProviderTest.java b/src/test/java/com/example/solidconnection/custom/security/provider/ExpiredTokenAuthenticationProviderTest.java deleted file mode 100644 index ad6053359..000000000 --- a/src/test/java/com/example/solidconnection/custom/security/provider/ExpiredTokenAuthenticationProviderTest.java +++ /dev/null @@ -1,80 +0,0 @@ -package com.example.solidconnection.custom.security.provider; - -import com.example.solidconnection.config.security.JwtProperties; -import com.example.solidconnection.custom.exception.CustomException; -import com.example.solidconnection.custom.security.authentication.ExpiredTokenAuthentication; -import com.example.solidconnection.support.TestContainerSpringBootTest; -import io.jsonwebtoken.Jwts; -import io.jsonwebtoken.SignatureAlgorithm; -import org.junit.jupiter.api.DisplayName; -import org.junit.jupiter.api.Test; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; - -import java.net.PasswordAuthentication; -import java.util.Date; - -import static com.example.solidconnection.custom.exception.ErrorCode.INVALID_TOKEN; -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatCode; -import static org.junit.jupiter.api.Assertions.*; - -@TestContainerSpringBootTest -@DisplayName("만료된 토큰 provider 테스트") -class ExpiredTokenAuthenticationProviderTest { - - @Autowired - private ExpiredTokenAuthenticationProvider expiredTokenAuthenticationProvider; - - @Autowired - private JwtProperties jwtProperties; - - @Test - void 처리할_수_있는_타입인지를_반환한다() { - // given - Class supportedType = ExpiredTokenAuthentication.class; - Class notSupportedType = PasswordAuthentication.class; - - // when & then - assertAll( - () -> assertTrue(expiredTokenAuthenticationProvider.supports(supportedType)), - () -> assertFalse(expiredTokenAuthenticationProvider.supports(notSupportedType)) - ); - } - - @Test - void 만료된_토큰의_인증_정보를_반환한다() { - // given - String expiredToken = createExpiredToken(); - ExpiredTokenAuthentication ExpiredTokenAuthentication = new ExpiredTokenAuthentication(expiredToken); - - // when - Authentication result = expiredTokenAuthenticationProvider.authenticate(ExpiredTokenAuthentication); - - // then - assertAll( - () -> assertThat(result).isInstanceOf(ExpiredTokenAuthentication.class), - () -> assertThat(result.isAuthenticated()).isFalse() - ); - } - - @Test - void 유효하지_않은_토큰이면_예외_응답을_반환한다() { - // given - ExpiredTokenAuthentication ExpiredTokenAuthentication = new ExpiredTokenAuthentication("invalid token"); - - // when & then - assertThatCode(() -> expiredTokenAuthenticationProvider.authenticate(ExpiredTokenAuthentication)) - .isInstanceOf(CustomException.class) - .hasMessageContaining(INVALID_TOKEN.getMessage()); - } - - private String createExpiredToken() { - return Jwts.builder() - .setSubject("1") - .setIssuedAt(new Date()) - .setExpiration(new Date(System.currentTimeMillis() - 1000)) - .signWith(SignatureAlgorithm.HS256, jwtProperties.secret()) - .compact(); - } -} diff --git a/src/test/java/com/example/solidconnection/util/JwtUtilsTest.java b/src/test/java/com/example/solidconnection/util/JwtUtilsTest.java index 95bdd5a52..0c16de671 100644 --- a/src/test/java/com/example/solidconnection/util/JwtUtilsTest.java +++ b/src/test/java/com/example/solidconnection/util/JwtUtilsTest.java @@ -12,7 +12,6 @@ import java.util.Date; import static com.example.solidconnection.util.JwtUtils.parseSubject; -import static com.example.solidconnection.util.JwtUtils.parseSubjectIgnoringExpiration; import static com.example.solidconnection.util.JwtUtils.parseTokenFromRequest; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatCode; @@ -59,7 +58,7 @@ class 요청으로부터_토큰을_추출한다 { } @Nested - class 유효한_토큰으로부터_subject_를_추출한다 { + class 토큰으로부터_subject_를_추출한다 { @Test void 유효한_토큰의_subject_를_추출한다() { @@ -87,75 +86,6 @@ class 유효한_토큰으로부터_subject_를_추출한다 { } } - @Nested - class 만료된_토큰으로부터_subject_를_추출한다 { - - @Test - void 만료된_토큰의_subject_를_예외를_발생시키지_않고_추출한다() { - // given - String subject = "subject999"; - String token = createExpiredToken(subject); - - // when - String extractedSubject = parseSubjectIgnoringExpiration(token, jwtSecretKey); - - // then - assertThat(extractedSubject).isEqualTo(subject); - } - - @Test - void 유효하지_않은_토큰의_subject_를_추출하면_예외_응답을_반환한다() { - // given - String token = createExpiredUnsignedToken("hackers secret key"); - - // when & then - assertThatCode(() -> parseSubjectIgnoringExpiration(token, jwtSecretKey)) - .isInstanceOf(CustomException.class) - .hasMessage(ErrorCode.INVALID_TOKEN.getMessage()); - } - } - - - @Nested - class 토큰이_만료되었는지_확인한다 { - - @Test - void 서명된_토큰의_만료_여부를_반환한다() { - // given - String subject = "subject123"; - String validToken = createValidToken(subject); - String expiredToken = createExpiredToken(subject); - - // when - boolean isExpired1 = JwtUtils.isExpired(validToken, jwtSecretKey); - boolean isExpired2 = JwtUtils.isExpired(expiredToken, jwtSecretKey); - - // then - assertAll( - () -> assertThat(isExpired1).isFalse(), - () -> assertThat(isExpired2).isTrue() - ); - } - - @Test - void 서명되지_않은_토큰의_만료_여부를_반환한다() { - // given - String subject = "subject123"; - String validToken = createValidToken(subject); - String expiredToken = createExpiredToken(subject); - - // when - boolean isExpired1 = JwtUtils.isExpired(validToken, "wrong-secret-key"); - boolean isExpired2 = JwtUtils.isExpired(expiredToken, "wrong-secret-key"); - - // then - assertAll( - () -> assertThat(isExpired1).isTrue(), - () -> assertThat(isExpired2).isTrue() - ); - } - } - private String createValidToken(String subject) { return Jwts.builder() .setSubject(subject) @@ -173,13 +103,4 @@ private String createExpiredToken(String subject) { .signWith(SignatureAlgorithm.HS256, jwtSecretKey) .compact(); } - - private String createExpiredUnsignedToken(String jwtSecretKey) { - return Jwts.builder() - .setSubject("subject") - .setIssuedAt(new Date()) - .setExpiration(new Date(System.currentTimeMillis() - 1000)) - .signWith(SignatureAlgorithm.HS256, jwtSecretKey) - .compact(); - } }