diff --git a/src/main/java/com/example/solidconnection/auth/controller/AuthController.java b/src/main/java/com/example/solidconnection/auth/controller/AuthController.java index cbcd29627..f5a30bb2f 100644 --- a/src/main/java/com/example/solidconnection/auth/controller/AuthController.java +++ b/src/main/java/com/example/solidconnection/auth/controller/AuthController.java @@ -3,7 +3,6 @@ import com.example.solidconnection.auth.dto.EmailSignInRequest; import com.example.solidconnection.auth.dto.EmailSignUpTokenRequest; import com.example.solidconnection.auth.dto.EmailSignUpTokenResponse; -import com.example.solidconnection.auth.dto.ReissueRequest; import com.example.solidconnection.auth.dto.ReissueResponse; import com.example.solidconnection.auth.dto.SignInResponse; import com.example.solidconnection.auth.dto.SignUpRequest; @@ -19,6 +18,7 @@ import com.example.solidconnection.common.exception.ErrorCode; import com.example.solidconnection.common.resolver.AuthorizedUser; import com.example.solidconnection.siteuser.domain.AuthType; +import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import jakarta.validation.Valid; import lombok.RequiredArgsConstructor; @@ -118,10 +118,10 @@ public ResponseEntity quit( @PostMapping("/reissue") public ResponseEntity reissueToken( - @AuthorizedUser long siteUserId, - @Valid @RequestBody ReissueRequest reissueRequest + HttpServletRequest request ) { - ReissueResponse reissueResponse = authService.reissue(siteUserId, reissueRequest); + String refreshToken = refreshTokenCookieManager.getRefreshToken(request); + ReissueResponse reissueResponse = authService.reissue(refreshToken); return ResponseEntity.ok(reissueResponse); } diff --git a/src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java b/src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java index b0a172e2a..d36cca024 100644 --- a/src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java +++ b/src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java @@ -1,8 +1,14 @@ package com.example.solidconnection.auth.controller; +import static com.example.solidconnection.common.exception.ErrorCode.REFRESH_TOKEN_NOT_EXISTS; + import com.example.solidconnection.auth.controller.config.RefreshTokenCookieProperties; import com.example.solidconnection.auth.domain.TokenType; +import com.example.solidconnection.common.exception.CustomException; +import jakarta.servlet.http.Cookie; +import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import java.util.Arrays; import lombok.RequiredArgsConstructor; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseCookie; @@ -44,4 +50,26 @@ private void setRefreshTokenCookie( .build(); response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); } + + public String getRefreshToken(HttpServletRequest request) { + // 쿠키가 없거나 비어있는 경우 예외 발생 + Cookie[] cookies = request.getCookies(); + if (cookies == null || cookies.length == 0) { + throw new CustomException(REFRESH_TOKEN_NOT_EXISTS); + } + + // refreshToken 쿠키가 없는 경우 예외 발생 + Cookie refreshTokenCookie = Arrays.stream(cookies) + .filter(cookie -> COOKIE_NAME.equals(cookie.getName())) + .findFirst() + .orElseThrow(() -> new CustomException(REFRESH_TOKEN_NOT_EXISTS)); + + // 쿠키 값이 비어있는 경우 예외 발생 + String refreshToken = refreshTokenCookie.getValue(); + if (refreshToken == null || refreshToken.isBlank()) { + throw new CustomException(REFRESH_TOKEN_NOT_EXISTS); + } + return refreshToken; + } } + diff --git a/src/main/java/com/example/solidconnection/auth/dto/ReissueRequest.java b/src/main/java/com/example/solidconnection/auth/dto/ReissueRequest.java deleted file mode 100644 index 417ed32b0..000000000 --- a/src/main/java/com/example/solidconnection/auth/dto/ReissueRequest.java +++ /dev/null @@ -1,9 +0,0 @@ -package com.example.solidconnection.auth.dto; - -import jakarta.validation.constraints.NotBlank; - -public record ReissueRequest( - @NotBlank(message = "리프레시 토큰과 함께 요청해주세요.") - String refreshToken) { - -} diff --git a/src/main/java/com/example/solidconnection/auth/service/AuthService.java b/src/main/java/com/example/solidconnection/auth/service/AuthService.java index 0d54c7672..01c162002 100644 --- a/src/main/java/com/example/solidconnection/auth/service/AuthService.java +++ b/src/main/java/com/example/solidconnection/auth/service/AuthService.java @@ -3,7 +3,6 @@ import static com.example.solidconnection.common.exception.ErrorCode.REFRESH_TOKEN_EXPIRED; import static com.example.solidconnection.common.exception.ErrorCode.USER_NOT_FOUND; -import com.example.solidconnection.auth.dto.ReissueRequest; import com.example.solidconnection.auth.dto.ReissueResponse; import com.example.solidconnection.auth.token.TokenBlackListService; import com.example.solidconnection.common.exception.CustomException; @@ -28,12 +27,8 @@ public class AuthService { * - 리프레시 토큰을 삭제한다. * */ public void signOut(String token) { - Subject subject = authTokenProvider.parseSubject(token); - long siteUserId = Long.parseLong(subject.value()); - SiteUser siteUser = siteUserRepository.findById(siteUserId) - .orElseThrow(() -> new CustomException(USER_NOT_FOUND)); - - AccessToken accessToken = authTokenProvider.generateAccessToken(subject, siteUser.getRole()); + SiteUser siteUser = authTokenProvider.parseSiteUser(token); + AccessToken accessToken = authTokenProvider.generateAccessToken(siteUser); authTokenProvider.deleteRefreshTokenByAccessToken(accessToken); tokenBlackListService.addToBlacklist(accessToken); } @@ -58,17 +53,14 @@ public void quit(long siteUserId, String token) { * - 유효한 리프레시토큰이면, 액세스 토큰을 재발급한다. * - 그렇지 않으면 예외를 발생시킨다. * */ - public ReissueResponse reissue(long siteUserId, ReissueRequest reissueRequest) { + public ReissueResponse reissue(String requestedRefreshToken) { // 리프레시 토큰 확인 - String requestedRefreshToken = reissueRequest.refreshToken(); if (!authTokenProvider.isValidRefreshToken(requestedRefreshToken)) { throw new CustomException(REFRESH_TOKEN_EXPIRED); } // 액세스 토큰 재발급 - SiteUser siteUser = siteUserRepository.findById(siteUserId) - .orElseThrow(() -> new CustomException(USER_NOT_FOUND)); - Subject subject = authTokenProvider.parseSubject(requestedRefreshToken); - AccessToken newAccessToken = authTokenProvider.generateAccessToken(subject, siteUser.getRole()); + SiteUser siteUser = authTokenProvider.parseSiteUser(requestedRefreshToken); + AccessToken newAccessToken = authTokenProvider.generateAccessToken(siteUser); return ReissueResponse.from(newAccessToken); } } diff --git a/src/main/java/com/example/solidconnection/auth/service/AuthTokenProvider.java b/src/main/java/com/example/solidconnection/auth/service/AuthTokenProvider.java index 6f335256e..8e55f77d4 100644 --- a/src/main/java/com/example/solidconnection/auth/service/AuthTokenProvider.java +++ b/src/main/java/com/example/solidconnection/auth/service/AuthTokenProvider.java @@ -1,8 +1,12 @@ package com.example.solidconnection.auth.service; +import static com.example.solidconnection.common.exception.ErrorCode.USER_NOT_FOUND; + import com.example.solidconnection.auth.domain.TokenType; +import com.example.solidconnection.common.exception.CustomException; import com.example.solidconnection.siteuser.domain.Role; import com.example.solidconnection.siteuser.domain.SiteUser; +import com.example.solidconnection.siteuser.repository.SiteUserRepository; import java.util.Map; import java.util.Objects; import lombok.RequiredArgsConstructor; @@ -17,15 +21,21 @@ public class AuthTokenProvider { private final RedisTemplate redisTemplate; private final TokenProvider tokenProvider; + private final SiteUserRepository siteUserRepository; - public AccessToken generateAccessToken(Subject subject, Role role) { + public AccessToken generateAccessToken(SiteUser siteUser) { + Subject subject = toSubject(siteUser); + Role role = siteUser.getRole(); String token = tokenProvider.generateToken( - subject.value(), Map.of(ROLE_CLAIM_KEY, role.name()), TokenType.ACCESS + subject.value(), + Map.of(ROLE_CLAIM_KEY, role.name()), + TokenType.ACCESS ); return new AccessToken(subject, role, token); } - public RefreshToken generateAndSaveRefreshToken(Subject subject) { + public RefreshToken generateAndSaveRefreshToken(SiteUser siteUser) { + Subject subject = toSubject(siteUser); String token = tokenProvider.generateToken(subject.value(), TokenType.REFRESH); tokenProvider.saveToken(token, TokenType.REFRESH); return new RefreshToken(subject, token); @@ -49,9 +59,11 @@ public void deleteRefreshTokenByAccessToken(AccessToken accessToken) { redisTemplate.delete(refreshTokenKey); } - public Subject parseSubject(String token) { + public SiteUser parseSiteUser(String token) { String subject = tokenProvider.parseSubject(token); - return new Subject(subject); + long siteUserId = Long.parseLong(subject); + return siteUserRepository.findById(siteUserId) + .orElseThrow(() -> new CustomException(USER_NOT_FOUND)); } public Subject toSubject(SiteUser siteUser) { diff --git a/src/main/java/com/example/solidconnection/auth/service/SignInService.java b/src/main/java/com/example/solidconnection/auth/service/SignInService.java index 2b6a57cbe..16ec4c484 100644 --- a/src/main/java/com/example/solidconnection/auth/service/SignInService.java +++ b/src/main/java/com/example/solidconnection/auth/service/SignInService.java @@ -15,9 +15,8 @@ public class SignInService { @Transactional public SignInResponse signIn(SiteUser siteUser) { resetQuitedAt(siteUser); - Subject subject = authTokenProvider.toSubject(siteUser); - AccessToken accessToken = authTokenProvider.generateAccessToken(subject, siteUser.getRole()); - RefreshToken refreshToken = authTokenProvider.generateAndSaveRefreshToken(subject); + AccessToken accessToken = authTokenProvider.generateAccessToken(siteUser); + RefreshToken refreshToken = authTokenProvider.generateAndSaveRefreshToken(siteUser); return SignInResponse.of(accessToken, refreshToken); } diff --git a/src/main/java/com/example/solidconnection/common/exception/ErrorCode.java b/src/main/java/com/example/solidconnection/common/exception/ErrorCode.java index defb0230f..4d135416e 100644 --- a/src/main/java/com/example/solidconnection/common/exception/ErrorCode.java +++ b/src/main/java/com/example/solidconnection/common/exception/ErrorCode.java @@ -56,6 +56,7 @@ public enum ErrorCode { ACCESS_TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED.value(), "액세스 토큰이 만료되었습니다. 재발급 api를 호출해주세요."), REFRESH_TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED.value(), "리프레시 토큰이 만료되었습니다. 다시 로그인을 진행해주세요."), ACCESS_DENIED(HttpStatus.FORBIDDEN.value(), "접근 권한이 없습니다."), + REFRESH_TOKEN_NOT_EXISTS(HttpStatus.BAD_REQUEST.value(), "리프레시 토큰이 존재하지 않습니다."), PASSWORD_MISMATCH(HttpStatus.BAD_REQUEST.value(), "비밀번호가 일치하지 않습니다."), PASSWORD_NOT_CHANGED(HttpStatus.BAD_REQUEST.value(), "현재 비밀번호와 새 비밀번호가 동일합니다."), PASSWORD_NOT_CONFIRMED(HttpStatus.BAD_REQUEST.value(), "새 비밀번호가 일치하지 않습니다."), diff --git a/src/test/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManagerTest.java b/src/test/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManagerTest.java index 91ff13cfa..677cd5854 100644 --- a/src/test/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManagerTest.java +++ b/src/test/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManagerTest.java @@ -1,23 +1,33 @@ package com.example.solidconnection.auth.controller; import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatCode; import static org.junit.jupiter.api.Assertions.assertAll; import static org.mockito.BDDMockito.given; import com.example.solidconnection.auth.controller.config.RefreshTokenCookieProperties; import com.example.solidconnection.auth.domain.TokenType; +import com.example.solidconnection.common.exception.CustomException; +import com.example.solidconnection.common.exception.ErrorCode; import com.example.solidconnection.support.TestContainerSpringBootTest; +import jakarta.servlet.http.Cookie; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @DisplayName("리프레시 토큰 쿠키 매니저 테스트") @TestContainerSpringBootTest class RefreshTokenCookieManagerTest { + private static final String REFRESH_TOKEN_COOKIE_NAME = "refreshToken"; + @Autowired private RefreshTokenCookieManager cookieManager; @@ -46,7 +56,7 @@ void setUp() { String header = response.getHeader("Set-Cookie"); assertAll( () -> assertThat(header).isNotNull(), - () -> assertThat(header).contains("refreshToken=" + refreshToken), + () -> assertThat(header).contains(REFRESH_TOKEN_COOKIE_NAME + "=" + refreshToken), () -> assertThat(header).contains("HttpOnly"), () -> assertThat(header).contains("Secure"), () -> assertThat(header).contains("Path=/"), @@ -68,14 +78,67 @@ void setUp() { String header = response.getHeader("Set-Cookie"); assertAll( () -> assertThat(header).isNotNull(), - () -> assertThat(header).contains("refreshToken="), + () -> assertThat(header).contains(REFRESH_TOKEN_COOKIE_NAME + "="), () -> assertThat(header).contains("HttpOnly"), () -> assertThat(header).contains("Secure"), () -> assertThat(header).contains("Path=/"), () -> assertThat(header).contains("Max-Age=0"), - () -> assertThat(header).contains("SameSite=Strict"), () -> assertThat(header).contains("Domain=" + domain), () -> assertThat(header).contains("SameSite=" + sameSite) ); } + + @Nested + class 쿠키에서_리프레시_토큰을_추출한다 { + + @Test + void 리프레시_토큰이_있으면_정상_반환한다() { + // given + MockHttpServletRequest request = new MockHttpServletRequest(); + String refreshToken = "test-refresh-token"; + request.setCookies(new Cookie(REFRESH_TOKEN_COOKIE_NAME, refreshToken)); + + // when + String retrievedToken = cookieManager.getRefreshToken(request); + + // then + assertThat(retrievedToken).isEqualTo(refreshToken); + } + + @Test + void 쿠키가_없으면_예외가_발생한다() { + // given + MockHttpServletRequest request = new MockHttpServletRequest(); + + // when & then + assertThatCode(() -> cookieManager.getRefreshToken(request)) + .isInstanceOf(CustomException.class) + .hasMessageContaining(ErrorCode.REFRESH_TOKEN_NOT_EXISTS.getMessage()); + } + + @Test + void 리프레시_토큰_쿠키가_없으면_예외가_발생한다() { + // given + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setCookies(new Cookie("otherCookie", "some-value")); + + // when & then + assertThatCode(() -> cookieManager.getRefreshToken(request)) + .isInstanceOf(CustomException.class) + .hasMessageContaining(ErrorCode.REFRESH_TOKEN_NOT_EXISTS.getMessage()); + } + + @ParameterizedTest + @ValueSource(strings = {"", " "}) + void 리프레시_토큰_쿠키가_비어있으면_예외가_발생한다(String token) { + // given + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setCookies(new Cookie(REFRESH_TOKEN_COOKIE_NAME, token)); + + // when & then + assertThatCode(() -> cookieManager.getRefreshToken(request)) + .isInstanceOf(CustomException.class) + .hasMessageContaining(ErrorCode.REFRESH_TOKEN_NOT_EXISTS.getMessage()); + } + } } diff --git a/src/test/java/com/example/solidconnection/auth/service/AuthServiceTest.java b/src/test/java/com/example/solidconnection/auth/service/AuthServiceTest.java index 707c3dbbb..caedec489 100644 --- a/src/test/java/com/example/solidconnection/auth/service/AuthServiceTest.java +++ b/src/test/java/com/example/solidconnection/auth/service/AuthServiceTest.java @@ -6,7 +6,6 @@ import static org.junit.jupiter.api.Assertions.assertAll; import com.example.solidconnection.auth.domain.TokenType; -import com.example.solidconnection.auth.dto.ReissueRequest; import com.example.solidconnection.auth.dto.ReissueResponse; import com.example.solidconnection.auth.token.TokenBlackListService; import com.example.solidconnection.common.exception.CustomException; @@ -45,14 +44,12 @@ class AuthServiceTest { private SiteUserRepository siteUserRepository; private SiteUser siteUser; - private Subject subject; private AccessToken accessToken; @BeforeEach void setUp() { siteUser = siteUserFixture.사용자(); - subject = authTokenProvider.toSubject(siteUser); - accessToken = authTokenProvider.generateAccessToken(subject, siteUser.getRole()); + accessToken = authTokenProvider.generateAccessToken(siteUser); } @Test @@ -61,7 +58,7 @@ void setUp() { authService.signOut(accessToken.token()); // then - String refreshTokenKey = TokenType.REFRESH.addPrefix(subject.value()); + String refreshTokenKey = TokenType.REFRESH.addPrefix(accessToken.subject().value()); assertAll( () -> assertThat(redisTemplate.opsForValue().get(refreshTokenKey)).isNull(), () -> assertThat(tokenBlackListService.isTokenBlacklisted(accessToken.token())).isTrue() @@ -75,7 +72,7 @@ void setUp() { // then LocalDate tomorrow = LocalDate.now().plusDays(1); - String refreshTokenKey = TokenType.REFRESH.addPrefix(subject.value()); + String refreshTokenKey = TokenType.REFRESH.addPrefix(accessToken.subject().value()); SiteUser actualSitUser = siteUserRepository.findById(siteUser.getId()).orElseThrow(); assertAll( () -> assertThat(actualSitUser.getQuitedAt()).isEqualTo(tomorrow), @@ -90,26 +87,24 @@ class 토큰을_재발급한다 { @Test void 요청의_리프레시_토큰이_저장되어_있으면_액세스_토큰을_재발급한다() { // given - RefreshToken refreshToken = authTokenProvider.generateAndSaveRefreshToken(new Subject("subject")); - ReissueRequest reissueRequest = new ReissueRequest(refreshToken.token()); + RefreshToken refreshToken = authTokenProvider.generateAndSaveRefreshToken(siteUser); // when - ReissueResponse reissuedAccessToken = authService.reissue(siteUser.getId(), reissueRequest); + ReissueResponse reissuedAccessToken = authService.reissue(refreshToken.token()); - // then - 요청의 리프레시 토큰과 재발급한 액세스 토큰의 subject 가 동일해야 한다. - Subject expectedSubject = authTokenProvider.parseSubject(refreshToken.token()); - Subject actualSubject = authTokenProvider.parseSubject(reissuedAccessToken.accessToken()); - assertThat(actualSubject).isEqualTo(expectedSubject); + // then - 요청의 리프레시 토큰과 재발급한 액세스 토큰의 주체가 동일해야 한다. + SiteUser actualSiteUser = authTokenProvider.parseSiteUser(refreshToken.token()); + SiteUser expectedSiteUser = authTokenProvider.parseSiteUser(reissuedAccessToken.accessToken()); + assertThat(actualSiteUser.getId()).isEqualTo(expectedSiteUser.getId()); } @Test void 요청의_리프레시_토큰이_저장되어있지_않다면_예외가_발생한다() { // given String invalidRefreshToken = accessToken.token(); - ReissueRequest reissueRequest = new ReissueRequest(invalidRefreshToken); // when, then - assertThatCode(() -> authService.reissue(siteUser.getId(), reissueRequest)) + assertThatCode(() -> authService.reissue(invalidRefreshToken)) .isInstanceOf(CustomException.class) .hasMessage(REFRESH_TOKEN_EXPIRED.getMessage()); } diff --git a/src/test/java/com/example/solidconnection/auth/service/AuthTokenProviderTest.java b/src/test/java/com/example/solidconnection/auth/service/AuthTokenProviderTest.java index 6a7cc40a3..54dce4f68 100644 --- a/src/test/java/com/example/solidconnection/auth/service/AuthTokenProviderTest.java +++ b/src/test/java/com/example/solidconnection/auth/service/AuthTokenProviderTest.java @@ -4,7 +4,8 @@ import static org.junit.jupiter.api.Assertions.assertAll; import com.example.solidconnection.auth.domain.TokenType; -import com.example.solidconnection.siteuser.domain.Role; +import com.example.solidconnection.siteuser.domain.SiteUser; +import com.example.solidconnection.siteuser.fixture.SiteUserFixture; import com.example.solidconnection.support.TestContainerSpringBootTest; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.DisplayName; @@ -23,24 +24,27 @@ class AuthTokenProviderTest { @Autowired private RedisTemplate redisTemplate; - private Subject subject; + @Autowired + private SiteUserFixture siteUserFixture; + + private SiteUser siteUser; + private String expectedSubject; @BeforeEach void setUp() { - subject = new Subject("subject123"); + siteUser = siteUserFixture.사용자(); + expectedSubject = siteUser.getId().toString(); } @Test void 액세스_토큰을_생성한다() { // when - Role expectedRole = Role.MENTEE; - AccessToken accessToken = authTokenProvider.generateAccessToken(subject, expectedRole); + AccessToken accessToken = authTokenProvider.generateAccessToken(siteUser); // then - String actualSubject = authTokenProvider.parseSubject(accessToken.token()).value(); assertAll( - () -> assertThat(actualSubject).isEqualTo(subject.value()), - () -> assertThat(accessToken.role()).isEqualTo(expectedRole), + () -> assertThat(accessToken.subject().value()).isEqualTo(expectedSubject), + () -> assertThat(accessToken.role()).isEqualTo(siteUser.getRole()), () -> assertThat(accessToken.token()).isNotNull() ); } @@ -51,14 +55,13 @@ class 리프레시_토큰을_제공한다 { @Test void 리프레시_토큰을_생성하고_저장한다() { // when - RefreshToken actualRefreshToken = authTokenProvider.generateAndSaveRefreshToken(subject); + RefreshToken actualRefreshToken = authTokenProvider.generateAndSaveRefreshToken(siteUser); // then - String actualSubject = authTokenProvider.parseSubject(actualRefreshToken.token()).value(); - String refreshTokenKey = TokenType.REFRESH.addPrefix(subject.value()); + String refreshTokenKey = TokenType.REFRESH.addPrefix(expectedSubject); String expectedRefreshToken = redisTemplate.opsForValue().get(refreshTokenKey); assertAll( - () -> assertThat(actualSubject).isEqualTo(subject.value()), + () -> assertThat(actualRefreshToken.subject().value()).isEqualTo(expectedSubject), () -> assertThat(actualRefreshToken.token()).isEqualTo(expectedRefreshToken) ); } @@ -66,8 +69,8 @@ class 리프레시_토큰을_제공한다 { @Test void 유효한_리프레시_토큰인지_확인한다() { // given - RefreshToken refreshToken = authTokenProvider.generateAndSaveRefreshToken(subject); - AccessToken fakeRefreshToken = authTokenProvider.generateAccessToken(subject, Role.MENTEE); + RefreshToken refreshToken = authTokenProvider.generateAndSaveRefreshToken(siteUser); + AccessToken fakeRefreshToken = authTokenProvider.generateAccessToken(siteUser); // when, then assertAll( @@ -79,27 +82,27 @@ class 리프레시_토큰을_제공한다 { @Test void 액세스_토큰에_해당하는_리프레시_토큰을_삭제한다() { // given - authTokenProvider.generateAndSaveRefreshToken(subject); - AccessToken accessToken = authTokenProvider.generateAccessToken(subject, Role.MENTEE); + authTokenProvider.generateAndSaveRefreshToken(siteUser); + AccessToken accessToken = authTokenProvider.generateAccessToken(siteUser); // when authTokenProvider.deleteRefreshTokenByAccessToken(accessToken); // then - String refreshTokenKey = TokenType.REFRESH.addPrefix(subject.value()); + String refreshTokenKey = TokenType.REFRESH.addPrefix(expectedSubject); assertThat(redisTemplate.opsForValue().get(refreshTokenKey)).isNull(); } } @Test - void 토큰으로부터_Subject_를_추출한다() { + void 토큰으로부터_SiteUser_를_추출한다() { // given - String accessToken = authTokenProvider.generateAccessToken(subject, Role.MENTEE).token(); + String accessToken = authTokenProvider.generateAccessToken(siteUser).token(); // when - Subject actualSubject = authTokenProvider.parseSubject(accessToken); + SiteUser actualSitUser = authTokenProvider.parseSiteUser(accessToken); // then - assertThat(actualSubject.value()).isEqualTo(subject.value()); + assertThat(actualSitUser.getId()).isEqualTo(siteUser.getId()); } } diff --git a/src/test/java/com/example/solidconnection/websocket/WebSocketStompIntegrationTest.java b/src/test/java/com/example/solidconnection/websocket/WebSocketStompIntegrationTest.java index c74d84534..978bfd717 100644 --- a/src/test/java/com/example/solidconnection/websocket/WebSocketStompIntegrationTest.java +++ b/src/test/java/com/example/solidconnection/websocket/WebSocketStompIntegrationTest.java @@ -80,7 +80,7 @@ public void handleTransportError(StompSession session, Throwable exception) { void 인증된_사용자는_핸드셰이크를_성공한다() throws Exception { // given SiteUser user = siteUserFixture.사용자(); - AccessToken accessToken = authTokenProvider.generateAccessToken(authTokenProvider.toSubject(user), user.getRole()); + AccessToken accessToken = authTokenProvider.generateAccessToken(user); WebSocketHttpHeaders handshakeHeaders = new WebSocketHttpHeaders(); handshakeHeaders.add("Authorization", "Bearer " + accessToken.token());