✨ implement refresh token #113

HaiSeong · 2024-07-27T14:03:23Z

이름이나 패키지 변경으로 file changed 수가 많습니다.
생각보다 변경된건 많지 않아요.

로그인 or 회원가입시
- 클라이언트가 google Id token을 바디에 담아 요청
- refresh token과 access token을 바디에 담아서 응답
회원 인증 기능 필요시
- 사용자가 authorization header에 "Bearer {access token}" 을 담아 같이 요청
- 유효한 토큰인 경우 인자에 @LoginUser UserInfo userInfo에 정보가 담김
access token 만료시
- 만료된 access token으로 회원 인증 기능을 요청하면 401 반환
- 클라이언트는 refresh api를 호출
  - 이때 refresh token을 바디에 담아 보냄
  - access token과 refresh token을 다시 만들어서 보내줌

github-actions · 2024-07-27T14:04:40Z

Overall Project	91.99%	🍏
Files changed	100%	🍏

File	Coverage
GoogleLoginResponse.java	100%	🍏
TokenRefreshRequest.java	100%	🍏
TokenRefreshResponse.java	100%	🍏
GoogleSignUpResponse.java	100%	🍏
LoginController.java	100%	🍏
JwtTokenManager.java	100%	🍏
TokenType.java	100%	🍏
TokenExtractor.java	100%	🍏
TokenPayload.java	100%	🍏
LoginService.java	96.65%	🍏
LoginUserArgumentResolver.java	80.95%	🍏

github-actions · 2024-07-27T16:09:51Z

Overall Project	91.99%	🍏
Files changed	100%	🍏

File	Coverage
GoogleLoginResponse.java	100%	🍏
TokenRefreshRequest.java	100%	🍏
TokenRefreshResponse.java	100%	🍏
GoogleSignUpResponse.java	100%	🍏
LoginController.java	100%	🍏
JwtTokenManager.java	100%	🍏
TokenType.java	100%	🍏
TokenExtractor.java	100%	🍏
TokenPayload.java	100%	🍏
LoginService.java	96.65%	🍏
LoginUserArgumentResolver.java	80.95%	🍏

HaiSeong · 2024-07-27T16:10:03Z

✨ implement refresh token #113

geoje

properties 가시성만 조금 손 본다면 모든게 좋습니다~~ 주말동안 고생허셨어요!!

geoje · 2024-07-29T05:28:57Z

backend/src/main/resources/application.yaml

@@ -7,6 +7,12 @@ jasypt:
  encryptor:
    password: ${JASYPT_PASSWORD}

+jwt:
+  access-token:
+    expire-in-millis: 86400000


Duration 클래스로 가독성을 높여 보는 것은 어떻까요? 86400000ms 가 1d 랑 같은 값인 것 같아요.

그리고 받을 때는 타입이 long 이 아닌 Duration 으로 받으면 될 것 같아요!

https://www.baeldung.com/configuration-properties-in-spring-boot#1-duration

오 좋은데요! long을 쓰니 무조건 ms 단위로 썼는데 훨신 좋아보여요!

geoje · 2024-07-29T05:29:12Z

backend/src/main/resources/application.yaml

+  access-token:
+    expire-in-millis: 86400000
+  refresh-token:
+    expire-in-millis: 2419200000


Duration 사용 마찬가지 입니다!

해결했습니다!
1d, 30d로 변경했슴당

geoje · 2024-07-29T05:36:21Z

backend/src/main/java/net/pengcook/authentication/domain/JwtTokenManager.java


    public JwtTokenManager(
            @Value("${jwt.secret}") String secret,
-            @Value("${jwt.expire-in-millis}") long tokenExpirationMills
+            @Value("${jwt.access-token.expire-in-millis}") long accessTokenExpirationMills,
+            @Value("${jwt.refresh-token.expire-in-millis}") long refreshTokenExpirationMills


properties 에 코멘트 남겨놓은 것을 추가하면 여기에 타입으로 long 이 아닌 Duration 을 줄 수 있을 것 같아요!

geoje · 2024-07-29T05:50:17Z

backend/src/test/java/net/pengcook/authentication/controller/LoginControllerTest.java

@@ -48,7 +49,17 @@ void loginWithGoogleWithEmailAlreadyRegistered() throws FirebaseAuthException {
        when(firebaseToken.getEmail()).thenReturn(email);
        when(firebaseAuth.verifyIdToken(idToken)).thenReturn(firebaseToken);

-        GoogleLoginResponse actual = RestAssured.given().log().all()
+        GoogleLoginResponse actual = RestAssured.given(spec).log().all()
+                .filter(document(DEFAULT_RESTDOCS_PATH,


document 메서드의 2, 3번째 인자로 description 과 summary가 있는데 API Docs 사용자인 안드로이드 측에서 사용하기 쉽도록 내용을 추가해주는건 어떨까요?!

추가 했습니다!

다만 이슈가 조금 있습니다.

@Test @DisplayName("이미 가입된 계정으로 로그인하면 이미 가입되었다고 알리고 access token과 refresh token을 반환한다.") void loginWithGoogleWithEmailAlreadyRegistered() throws FirebaseAuthException { String email = "[email protected]"; String idToken = "test.id.token"; FirebaseToken firebaseToken = mock(FirebaseToken.class); when(firebaseToken.getEmail()).thenReturn(email); when(firebaseAuth.verifyIdToken(idToken)).thenReturn(firebaseToken); GoogleLoginResponse actual = RestAssured.given(spec).log().all() .filter(document(DEFAULT_RESTDOCS_PATH, "이미 가입된 계정으로 로그인하여 토큰을 반환합니다.", "구글 로그인 API", requestFields( fieldWithPath("idToken").description("Google ID Token") ), responseFields( fieldWithPath("accessToken").description("JWT Access Token"), fieldWithPath("refreshToken").description("JWT Refresh Token"), fieldWithPath("registered").description("사용자 등록 여부") ) )) .contentType(ContentType.JSON) .body(new GoogleLoginRequest(idToken)) .when().post("/api/oauth/google/login") .then().log().all() .statusCode(200) .extract() .as(GoogleLoginResponse.class); assertAll( () -> assertThat(actual.accessToken()).isNotNull(), () -> assertThat(actual.refreshToken()).isNotNull(), () -> assertThat(actual.registered()).isTrue() ); } @Test @DisplayName("처음 로그인하면 가입되어 있지 않음을 알리고 access token과 refresh token을 반환하지 않는다.") void loginWithGoogleWithEmailNotRegistered() throws FirebaseAuthException { String email = "[email protected]"; String idToken = "test.id.token"; FirebaseToken firebaseToken = mock(FirebaseToken.class); when(firebaseToken.getEmail()).thenReturn(email); when(firebaseAuth.verifyIdToken(idToken)).thenReturn(firebaseToken); GoogleLoginResponse actual = RestAssured.given(spec).log().all() .filter(document(DEFAULT_RESTDOCS_PATH, "처음 로그인하여 등록되지 않은 계정을 알립니다.", "구글 로그인 API", requestFields( fieldWithPath("idToken").description("Google ID Token") ), responseFields( fieldWithPath("accessToken").description("JWT Access Token").optional(), fieldWithPath("refreshToken").description("JWT Refresh Token").optional(), fieldWithPath("registered").description("사용자 등록 여부") ) )) .contentType(ContentType.JSON) .body(new GoogleLoginRequest(idToken)) .when().post("/api/oauth/google/login") .then().log().all() .statusCode(200) .extract() .as(GoogleLoginResponse.class); assertAll( () -> assertThat(actual.accessToken()).isNull(), () -> assertThat(actual.refreshToken()).isNull(), () -> assertThat(actual.registered()).isFalse() ); }

이렇게 한 메서드에 두가지 테스트가 있을때 description이 달라지게 되는데 뒤에 실행되는 테스트의 description으로 덮어씌워지는것 같습니다.

이 경우에 두가지 디스크립션이 모두 필요하면 어떻게 해야할까요?

@hyxrxn @geoje

geoje · 2024-07-29T05:51:43Z

backend/src/test/java/net/pengcook/authentication/controller/LoginControllerTest.java

@@ -59,12 +70,13 @@ void loginWithGoogleWithEmailAlreadyRegistered() throws FirebaseAuthException {

        assertAll(


토큰이 보통 해싱 기반으로 작동되는 것으로 아는데, 길이가 똑같지 않나요?
NotNull 체크 뿐만 아니라 길이 체크도 하면 테스트의 신뢰도가 훨씬 올라갈 것 같아요!

제 생각에 페이로드에 담기는 정보의 양에 따라 토큰의 길이가 가변적일것 같습니다.

다만 말씀하신대로 테스트의 신뢰도를 위해서 토큰의 형식을 보여주는지 여부는 필요할것 같네요!

geoje · 2024-07-29T05:52:17Z

backend/src/test/java/net/pengcook/authentication/controller/LoginControllerTest.java

@@ -73,7 +85,17 @@ void loginWithGoogleWithEmailNotRegistered() throws FirebaseAuthException {
        when(firebaseToken.getEmail()).thenReturn(email);
        when(firebaseAuth.verifyIdToken(idToken)).thenReturn(firebaseToken);

-        GoogleLoginResponse actual = RestAssured.given().log().all()
+        GoogleLoginResponse actual = RestAssured.given(spec).log().all()
+                .filter(document(DEFAULT_RESTDOCS_PATH,


여기도 description summary >_<

geoje · 2024-07-29T05:52:25Z

backend/src/test/java/net/pengcook/authentication/controller/LoginControllerTest.java

@@ -84,6 +106,7 @@ void loginWithGoogleWithEmailNotRegistered() throws FirebaseAuthException {

        assertAll(
                () -> assertThat(actual.accessToken()).isNull(),
+                () -> assertThat(actual.refreshToken()).isNull(),
                () -> assertThat(actual.registered()).isFalse()


길이체크...?!?! :)

geoje · 2024-07-29T09:12:05Z

backend/src/test/java/net/pengcook/authentication/resolver/LoginUserArgumentResolverTest.java

+import org.springframework.web.context.request.NativeWebRequest;
+
+@SpringBootTest
+class LoginUserArgumentResolverTest {


ArgumentResolver 를 테스트할 수도 있겠군요! 👍

github-actions · 2024-07-30T17:09:21Z

Overall Project	92.53%	🍏
Files changed	100%	🍏

File	Coverage
GoogleLoginResponse.java	100%	🍏
TokenRefreshRequest.java	100%	🍏
TokenRefreshResponse.java	100%	🍏
GoogleSignUpResponse.java	100%	🍏
UserController.java	100%	🍏
LoginController.java	100%	🍏
JwtTokenManager.java	100%	🍏
TokenType.java	100%	🍏
TokenExtractor.java	100%	🍏
TokenPayload.java	100%	🍏
LoginUserArgumentResolver.java	97.62%	🍏
LoginService.java	96.65%	🍏

github-actions · 2024-07-30T17:36:44Z

Overall Project	92.64%	🍏
Files changed	100%	🍏

File	Coverage
UserService.java	100%	🍏
GoogleLoginResponse.java	100%	🍏
TokenRefreshRequest.java	100%	🍏
TokenRefreshResponse.java	100%	🍏
GoogleSignUpResponse.java	100%	🍏
UserController.java	100%	🍏
LoginController.java	100%	🍏
JwtTokenManager.java	100%	🍏
TokenType.java	100%	🍏
TokenExtractor.java	100%	🍏
TokenPayload.java	100%	🍏
UsernameCheckResponse.java	100%	🍏
LoginUserArgumentResolver.java	97.62%	🍏
LoginService.java	96.65%	🍏

HaiSeong · 2024-07-30T17:37:29Z

이제는 문서를 안줄 수가 없어 이 브랜치에 같이 올립니다.

케이엠의 요청으로 사용자 username 중복 검증 api를 만들었습니다.
@WithLoginUserTest 어노테이션이 Authorization Header를 두개 붙이는 버그 수정했습니다.

HaiSeong added 3 commits July 27, 2024 15:36

✨ implement login with refresh token

f4d685d

✨ create token refresh api

46af48d

✅ add test code for restdocs

d8cb2fc

HaiSeong added ✨ feature new feature BE Backend labels Jul 27, 2024

HaiSeong requested review from geoje and tackyu July 27, 2024 14:03

HaiSeong self-assigned this Jul 27, 2024

HaiSeong temporarily deployed to test July 27, 2024 14:03 — with GitHub Actions Inactive

HaiSeong mentioned this pull request Jul 27, 2024

🐛 restdocs dose not create documents #114

Closed

🐛 change static import

802c76e

HaiSeong temporarily deployed to test July 27, 2024 16:08 — with GitHub Actions Inactive

geoje approved these changes Jul 29, 2024

View reviewed changes

HaiSeong added 7 commits July 31, 2024 00:18

Merge remote-tracking branch 'origin/be/dev' into be/feat/69

3944945

♻️ refactor with Duration

774719d

📝 add description summary on login controller test

a5f2e44

♻️ change method name and add api docs

de63d2e

🐛 fix duplicated authorization header bug

7f82641

♻️ jwt pattern check test

156a5d9

♻️ improve test with random port

5f1cb4c

HaiSeong temporarily deployed to test July 30, 2024 17:07 — with GitHub Actions Inactive

✨ implement username check api

406a25c

HaiSeong temporarily deployed to test July 30, 2024 17:35 — with GitHub Actions Inactive

tackyu approved these changes Jul 30, 2024

View reviewed changes

HaiSeong merged commit 406a25c into be/dev Jul 31, 2024
1 check passed

HaiSeong temporarily deployed to test July 31, 2024 01:32 — with GitHub Actions Inactive

HaiSeong temporarily deployed to dev July 31, 2024 01:34 — with GitHub Actions Inactive

geoje deleted the be/feat/69 branch August 7, 2024 05:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

✨ implement refresh token #113

✨ implement refresh token #113

HaiSeong commented Jul 27, 2024

github-actions bot commented Jul 27, 2024

github-actions bot commented Jul 27, 2024

HaiSeong commented Jul 27, 2024

geoje left a comment

geoje Jul 29, 2024

HaiSeong Jul 30, 2024

geoje Jul 29, 2024

HaiSeong Jul 30, 2024

geoje Jul 29, 2024

geoje Jul 29, 2024

HaiSeong Jul 30, 2024

geoje Jul 29, 2024

HaiSeong Jul 30, 2024 •

edited

Loading

geoje Jul 29, 2024

geoje Jul 29, 2024

geoje Jul 29, 2024

github-actions bot commented Jul 30, 2024

github-actions bot commented Jul 30, 2024

HaiSeong commented Jul 30, 2024

		@@ -59,12 +70,13 @@ void loginWithGoogleWithEmailAlreadyRegistered() throws FirebaseAuthException {

		assertAll(

✨ implement refresh token #113

✨ implement refresh token #113

Conversation

HaiSeong commented Jul 27, 2024

github-actions bot commented Jul 27, 2024

github-actions bot commented Jul 27, 2024

HaiSeong commented Jul 27, 2024

geoje left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

HaiSeong Jul 30, 2024 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

github-actions bot commented Jul 30, 2024

github-actions bot commented Jul 30, 2024

HaiSeong commented Jul 30, 2024

HaiSeong Jul 30, 2024 •

edited

Loading