diff --git a/src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java b/src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java index d36cca024..7c6f4ec04 100644 --- a/src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java +++ b/src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java @@ -10,6 +10,7 @@ import jakarta.servlet.http.HttpServletResponse; import java.util.Arrays; import lombok.RequiredArgsConstructor; +import org.springframework.boot.web.server.Cookie.SameSite; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseCookie; import org.springframework.stereotype.Component; @@ -46,7 +47,7 @@ private void setRefreshTokenCookie( .path(PATH) .maxAge(maxAge) .domain(properties.cookieDomain()) - .sameSite(properties.sameSite()) + .sameSite(SameSite.LAX.attributeValue()) .build(); response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); } @@ -72,4 +73,3 @@ public String getRefreshToken(HttpServletRequest request) { return refreshToken; } } - diff --git a/src/main/java/com/example/solidconnection/auth/controller/config/RefreshTokenCookieProperties.java b/src/main/java/com/example/solidconnection/auth/controller/config/RefreshTokenCookieProperties.java index 1fa47d884..ce6588f14 100644 --- a/src/main/java/com/example/solidconnection/auth/controller/config/RefreshTokenCookieProperties.java +++ b/src/main/java/com/example/solidconnection/auth/controller/config/RefreshTokenCookieProperties.java @@ -1,21 +1,10 @@ package com.example.solidconnection.auth.controller.config; import org.springframework.boot.context.properties.ConfigurationProperties; -import org.springframework.boot.web.server.Cookie.SameSite; @ConfigurationProperties(prefix = "token.refresh") public record RefreshTokenCookieProperties( String cookieDomain ) { - public String sameSite() { - if (isDomainSet()) { - return SameSite.STRICT.attributeValue(); // 도메인을 지정한 경우 SameSite=Strict - } - return SameSite.NONE.attributeValue(); // 도메인을 지정하지 않은 경우 SameSite=None - } - - private boolean isDomainSet() { - return cookieDomain != null && !cookieDomain.isBlank(); - } } diff --git a/src/main/resources/secret b/src/main/resources/secret index 0e9f5d0ce..bb3bf0f41 160000 --- a/src/main/resources/secret +++ b/src/main/resources/secret @@ -1 +1 @@ -Subproject commit 0e9f5d0cefabab1ab9a306099b457225ce5d641e +Subproject commit bb3bf0f4122d10ddacab279a368cf9f06d6f6dbd diff --git a/src/test/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManagerTest.java b/src/test/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManagerTest.java index 677cd5854..a5924b860 100644 --- a/src/test/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManagerTest.java +++ b/src/test/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManagerTest.java @@ -19,6 +19,7 @@ import org.junit.jupiter.params.provider.ValueSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.boot.web.server.Cookie.SameSite; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -34,13 +35,11 @@ class RefreshTokenCookieManagerTest { @MockBean private RefreshTokenCookieProperties refreshTokenCookieProperties; - private final String sameSite = "Strict"; private final String domain = "example.com"; @BeforeEach void setUp() { given(refreshTokenCookieProperties.cookieDomain()).willReturn(domain); - given(refreshTokenCookieProperties.sameSite()).willReturn(sameSite); } @Test @@ -62,7 +61,7 @@ void setUp() { () -> assertThat(header).contains("Path=/"), () -> assertThat(header).contains("Max-Age=" + TokenType.REFRESH.getExpireTime() / 1000), () -> assertThat(header).contains("Domain=" + domain), - () -> assertThat(header).contains("SameSite=" + sameSite) + () -> assertThat(header).contains("SameSite=" + SameSite.LAX.attributeValue()) ); } @@ -84,7 +83,7 @@ void setUp() { () -> assertThat(header).contains("Path=/"), () -> assertThat(header).contains("Max-Age=0"), () -> assertThat(header).contains("Domain=" + domain), - () -> assertThat(header).contains("SameSite=" + sameSite) + () -> assertThat(header).contains("SameSite=" + SameSite.LAX.attributeValue()) ); } diff --git a/src/test/java/com/example/solidconnection/auth/controller/config/RefreshTokenCookiePropertiesTest.java b/src/test/java/com/example/solidconnection/auth/controller/config/RefreshTokenCookiePropertiesTest.java deleted file mode 100644 index 0a62541b1..000000000 --- a/src/test/java/com/example/solidconnection/auth/controller/config/RefreshTokenCookiePropertiesTest.java +++ /dev/null @@ -1,35 +0,0 @@ -package com.example.solidconnection.auth.controller.config; - -import static org.assertj.core.api.Assertions.assertThat; - -import org.junit.jupiter.api.DisplayName; -import org.junit.jupiter.api.Test; -import org.springframework.boot.web.server.Cookie.SameSite; - -@DisplayName("리프레시 토큰 쿠키 설정 테스트") -class RefreshTokenCookiePropertiesTest { - - @Test - void Domain을_지정했으면_SameSite가_Strict() { - // given - RefreshTokenCookieProperties properties = new RefreshTokenCookieProperties("example.com"); - - // when - String sameSite = properties.sameSite(); - - // then - assertThat(sameSite).isEqualTo(SameSite.STRICT.attributeValue()); - } - - @Test - void Domain을_지정하지_않았으면_SameSite가_None() { - // given - RefreshTokenCookieProperties properties = new RefreshTokenCookieProperties(null); - - // when - String sameSite = properties.sameSite(); - - // then - assertThat(sameSite).isEqualTo(SameSite.NONE.attributeValue()); - } -}