Merge pull request #323 from twenty-three-23/TT-385-token-test

TT-385 reissue 요청시 안되는 문제 발생

src/main/java/com/twentythree/peech/auth/controller/AuthController.java

@@ -7,12 +7,11 @@
 
 @RestController
 @RequiredArgsConstructor
-@RequestMapping("/api/v1.1/auth")
 public class AuthController {
 
     private final ReissueAccessAndRefreshTokenService reissueAccessAndRefreshTokenService;
 
-    @PatchMapping("/reissue")
+    @PostMapping("api/v1.1/auth/reissue")
     public AccessAndRefreshToken reissueAccessToken(String refreshToken) {
         return reissueAccessAndRefreshTokenService.createNewToken(refreshToken);
     }

src/main/java/com/twentythree/peech/auth/service/ReissueAccessAndRefreshTokenService.java

@@ -2,10 +2,11 @@
 
 import com.twentythree.peech.common.utils.JWTUtils;
 import com.twentythree.peech.common.utils.UserRoleConvertUtils;
-import com.twentythree.peech.security.jwt.JWTAuthentication;
+import com.twentythree.peech.security.exception.JWTAuthenticationException;
+import com.twentythree.peech.security.exception.LoginExceptionCode;
+import com.twentythree.peech.security.jwt.JWTAuthenticationToken;
 import com.twentythree.peech.user.dto.AccessAndRefreshToken;
 import lombok.RequiredArgsConstructor;
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
@@ -20,19 +21,22 @@ public class ReissueAccessAndRefreshTokenService {
 
     public AccessAndRefreshToken createNewToken(String refreshToken) {
 
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication.getPrincipal();
+        try {
+            JWTAuthenticationToken authentication = (JWTAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
 
-        Long userId = jwtAuthentication.getUserId();
-        GrantedAuthority Authority = authentication.getAuthorities()
-                .stream().findFirst().orElseThrow(() -> new NoSuchElementException("No authorities found for the user"));
+            Long userId = authentication.getPrincipal().getUserId();
+            GrantedAuthority Authority = authentication.getAuthorities()
+                    .stream().findFirst().orElseThrow(() -> new NoSuchElementException("유저의 권한이 부여되지 않았습니다"));
 
-        String newAccessToken = jwtUtils.createAccessToken(userId, UserRoleConvertUtils
-                                                                .convertStringToUserRole(Authority.getAuthority()));
-        String newRefreshToken = jwtUtils.createRefreshToken(userId, UserRoleConvertUtils
-                                                                .convertStringToUserRole(Authority.getAuthority()));
+            String newAccessToken = jwtUtils.createAccessToken(userId, UserRoleConvertUtils
+                    .convertStringToUserRole(Authority.getAuthority()));
+            String newRefreshToken = jwtUtils.createRefreshToken(userId, UserRoleConvertUtils
+                    .convertStringToUserRole(Authority.getAuthority()));
 
-        return new AccessAndRefreshToken(newAccessToken, newRefreshToken);
+            return new AccessAndRefreshToken(newAccessToken, newRefreshToken);
+        }catch (Exception e){
+            throw new JWTAuthenticationException(LoginExceptionCode.LOGIN_EXCEPTION_CODE);
+        }
     }
 }
 

src/main/java/com/twentythree/peech/security/config/SecurityConfig.java

@@ -39,7 +39,7 @@ public SecurityConfig(JWTAuthenticationFilter jwtAuthenticationFilter,
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
         String[] swagger = { "/swagger-ui/**", "/v3/api-docs/**"};
-        String[] defaultPermitAll = {"/api/v1.1/auth/reissue","/actuator","/error", "/api/v1.1/app"};
+        String[] defaultPermitAll = {"/actuator","/error", "/api/v1.1/app"};
 
         http
                 .csrf(AbstractHttpConfigurer::disable)

src/main/java/com/twentythree/peech/security/dto/RequestInformationDTO.java

@@ -0,0 +1,13 @@
+package com.twentythree.peech.security.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@AllArgsConstructor
+@NoArgsConstructor
+@Getter
+public class RequestInformationDTO {
+    private String jwtToken;
+    private String requestURI;
+}

src/main/java/com/twentythree/peech/security/filter/JWTAuthenticationFilter.java

@@ -1,5 +1,6 @@
 package com.twentythree.peech.security.filter;
 
+import com.twentythree.peech.security.dto.RequestInformationDTO;
 import com.twentythree.peech.security.exception.JWTAuthenticationException;
 import com.twentythree.peech.security.jwt.JWTAuthentication;
 import com.twentythree.peech.security.jwt.JWTAuthenticationToken;
@@ -43,14 +44,16 @@ public JWTAuthenticationFilter(JWTUtils jwtUtils, JWTUserDetailsService jwtUserD
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
         // 토큰이 유효한지 확인
         if (SecurityContextHolder.getContext().getAuthentication() == null) {
-            String jwtToken = getJWTToken(request);
+            RequestInformationDTO requestInformation = getValidateInformation(request);
+
+            String jwtToken = requestInformation.getJwtToken();
 
             if (jwtToken != null) {
                 try {
                     Claims claims;
 
                     // 검증할 토큰
-                    if ("api/v1.1/auth/reissue".equals(request.getRequestURI())) {
+                    if ("/api/v1.1/auth/reissue".equals(requestInformation.getRequestURI())) {
                         claims = jwtUtils.validateRefreshToken(jwtToken);
                     } else {
                         claims = jwtUtils.validateAccessToken(jwtToken);
@@ -68,7 +71,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
                         JWTAuthentication jwtAuthentication = new JWTAuthentication(userDetailsId);
 
-                        JWTAuthenticationToken authenticationToken = new JWTAuthenticationToken(jwtAuthentication, userDetails.getAuthorities());
+                        JWTAuthenticationToken authenticationToken = new JWTAuthenticationToken(jwtAuthentication, authorities);
                         authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                         SecurityContextHolder.getContext().setAuthentication(authenticationToken);
                     }
@@ -86,15 +89,19 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
     }
 
-    private String getJWTToken(HttpServletRequest request) {
+    private RequestInformationDTO getValidateInformation(HttpServletRequest request) {
+        log.info("JWTAuthenticationFilter: getJWTToken");
+        String requestURI = request.getRequestURI();
+        System.out.println("requestURI = " + requestURI);
         String token = request.getHeader(header);
+        System.out.println("token = " + token);
         if (token != null) {
             String[] parts = token.split(" ");
             if (parts.length == 2) {
                 String scheme = parts[0];   // Bearer
                 String credentials = parts[1];
                 if (bearerRegex.matcher(scheme).matches()) {
-                    return credentials;
+                    return new RequestInformationDTO(credentials, requestURI);
                 }
             }
         }