Merge pull request #312 from twenty-three-23/feature/TT-346-filter-chain

twenty-three-23 · Aug 17, 2024 · c4d8688 · c4d8688
2 parents b7c8134 + 81db7d4
commit c4d8688
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/src/main/java/com/twentythree/peech/common/utils/JWTUtils.java b/src/main/java/com/twentythree/peech/common/utils/JWTUtils.java
@@ -132,7 +132,6 @@ public String resolveToken(HttpServletRequest request) {
     public Claims validateAccessToken(String token) throws JWTAuthenticationException {
         try {
             Jws<Claims> claimsJws = parseAccessToken(token);
-            System.out.println(claimsJws);
             return claimsJws.getPayload();
         } catch (SignatureException e) {
             log.error("JWT Token Signature is invalid", e);

diff --git a/src/main/java/com/twentythree/peech/security/config/SecurityConfig.java b/src/main/java/com/twentythree/peech/security/config/SecurityConfig.java
@@ -48,7 +48,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         authorize.requestMatchers(swagger).permitAll()
                                 .requestMatchers(defaultPermitAll).permitAll()
                                 .requestMatchers(HttpMethod.POST,"/api/v1.1/user").permitAll()
-                                .requestMatchers(HttpMethod.PATCH,"/api/v1.1/user").permitAll()
                                 .anyRequest().authenticated())
                 .exceptionHandling(e -> e.
                         authenticationEntryPoint(jwtAuthEntryPoint)

diff --git a/src/main/java/com/twentythree/peech/security/jwt/JWTUserDetailsService.java b/src/main/java/com/twentythree/peech/security/jwt/JWTUserDetailsService.java
@@ -6,11 +6,14 @@
 import com.twentythree.peech.user.entity.UserEntity;
 import com.twentythree.peech.user.repository.UserRepository;
 import com.twentythree.peech.user.value.SignUpFinished;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 
 @Component
@@ -26,8 +29,15 @@ public JWTUserDetails loadUserByUsername(String username) throws UsernameNotFoun
 
         UserEntity userEntity = userRepository.findById(userId)
                 .orElseThrow(() -> new UsernameNotFoundException("유저를 찾을 수 없습니다. userId: " + userId));
-        // User가 Pending이면 에러 발생
-        if (userEntity.getSignUpFinished() == SignUpFinished.PENDING) {
+
+        HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();
+        // http 메서드와 uri 뽑아오기
+        String httpMethod = request.getMethod();
+        String uri = request.getRequestURI();
+
+        // User가 Pending이면 에러 발생 단, 요청 request가 PATCH /api/v1/users/{userId} 일 경우에는 에러 발생하지 않음
+        if (userEntity.getSignUpFinished() == SignUpFinished.PENDING
+                && !httpMethod.equals("PATCH") && !uri.contains("/api/v1/users/" + userId)) {
             throw new JWTAuthenticationException(LoginExceptionCode.SIGNUP_FINISHED_NOT_YET);
         }
         return JWTUserDetails.create(userEntity);