fix: status 401이 내려갈 때 쿠키 모두 삭제

BDD-CLUB · Dec 30, 2023 · ff9fe6e · ff9fe6e
1 parent 132ea83
commit ff9fe6e
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 5 deletions.
diff --git a/src/main/java/com/keeper/homepage/domain/auth/application/AuthCookieService.java b/src/main/java/com/keeper/homepage/domain/auth/application/AuthCookieService.java
@@ -39,9 +39,13 @@ private void setTokenInCookie(HttpServletResponse httpResponse, String token, in
     httpResponse.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
   }
 
-  public void setCookieExpired(String authId, HttpServletResponse response) {
+  public void setCookieExpiredWithRedis(String authId, HttpServletResponse response) {
+    setCookieExpired(response);
+    redisUtil.deleteData(authId);
+  }
+
+  public void setCookieExpired(HttpServletResponse response) {
     setTokenInCookie(response, "", 0, REFRESH_TOKEN.getTokenName());
     setTokenInCookie(response, "", 0, ACCESS_TOKEN.getTokenName());
-    redisUtil.deleteData(authId);
   }
 }
diff --git a/src/main/java/com/keeper/homepage/domain/auth/application/SignOutService.java b/src/main/java/com/keeper/homepage/domain/auth/application/SignOutService.java
@@ -12,6 +12,6 @@ public class SignOutService {
   private final AuthCookieService authCookieService;
 
   public void signOut(Member me, HttpServletResponse response) {
-    authCookieService.setCookieExpired(String.valueOf(me.getId()), response);
+    authCookieService.setCookieExpiredWithRedis(String.valueOf(me.getId()), response);
   }
 }
diff --git a/src/main/java/com/keeper/homepage/global/config/security/filter/RefreshTokenFilter.java b/src/main/java/com/keeper/homepage/global/config/security/filter/RefreshTokenFilter.java
@@ -53,6 +53,8 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
       HttpServletResponse httpResponse = (HttpServletResponse) response;
 
       authCookieService.setNewCookieInResponse(authId, roles, httpRequest.getHeader(USER_AGENT), httpResponse);
+    } else {
+      authCookieService.setCookieExpired((HttpServletResponse) response);
     }
 
     filterChain.doFilter(request, response);

diff --git a/src/test/java/com/keeper/homepage/domain/auth/api/SignOutControllerTest.java b/src/test/java/com/keeper/homepage/domain/auth/api/SignOutControllerTest.java
@@ -15,10 +15,12 @@
 import com.keeper.homepage.IntegrationTest;
 import com.keeper.homepage.domain.member.entity.Member;
 import jakarta.servlet.http.Cookie;
+import org.jetbrains.annotations.NotNull;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.springframework.test.web.servlet.ResultActions;
 
 class SignOutControllerTest extends IntegrationTest {
 
@@ -40,8 +42,7 @@ void should_successfullySignOut_when_validRequest() throws Exception {
           jwtTokenProvider.createAccessToken(ACCESS_TOKEN, member.getId(), ROLE_회원));
       Cookie refreshTokenCookie = new Cookie(REFRESH_TOKEN.getTokenName(),
           jwtTokenProvider.createAccessToken(REFRESH_TOKEN, member.getId(), ROLE_회원));
-      mockMvc.perform(post("/sign-out")
-              .cookie(accessTokenCookie, refreshTokenCookie))
+      callSignOutApi(accessTokenCookie, refreshTokenCookie)
           .andExpect(status().isNoContent())
           .andExpect(cookie().maxAge(ACCESS_TOKEN.getTokenName(), 0))
           .andExpect(cookie().maxAge(REFRESH_TOKEN.getTokenName(), 0))
@@ -53,5 +54,28 @@ void should_successfullySignOut_when_validRequest() throws Exception {
 
       assertThat(redisUtil.getData(String.valueOf(member.getId()), String.class)).isEmpty();
     }
+
+    @Test
+    @DisplayName("RT도 AT도 만료되었으면 로그아웃시에 쿠키는 지워져야 한다")
+    void should_tokenDeleted_when_expiredTokens() throws Exception {
+      // PK: 0
+      // ROLE: 회원
+      // expired: 2023년 1월 25일
+      String expiredRefreshToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIwIiwicm9sZXMiOiJST0xFX-2ajOybkCIsImlhdCI6MTY3NDYzMDk2MCwiZXhwIjoxNjc0NjMwOTYwfQ.qcAfEzhDulqsl6HCg8dziVlJoTPORpSUi5sjbCqTg_E";
+      Cookie expiredRefreshCookie = new Cookie(REFRESH_TOKEN.getTokenName(), expiredRefreshToken);
+      String expiredToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwicm9sZXMiOiJST0xFX-2ajOybkCIsImlhdCI6MTY3NDQ1MjM1NSwiZXhwIjoxNjc0NDUyMzU1fQ.FoRbgOGlzLwizp9jQNmM6pET4zA8TPXa56zZlsl6Al8";
+      Cookie expiredCookie = new Cookie(ACCESS_TOKEN.getTokenName(), expiredToken);
+
+      callSignOutApi(expiredCookie, expiredRefreshCookie)
+              .andExpect(status().isUnauthorized())
+              .andExpect(cookie().maxAge(ACCESS_TOKEN.getTokenName(), 0))
+              .andExpect(cookie().maxAge(REFRESH_TOKEN.getTokenName(), 0));
+    }
+
+    @NotNull
+    private ResultActions callSignOutApi(Cookie accessTokenCookie, Cookie refreshTokenCookie) throws Exception {
+      return mockMvc.perform(post("/sign-out")
+              .cookie(accessTokenCookie, refreshTokenCookie));
+    }
   }
 }