Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[fix] refreshToken 설계 오류 #54

Merged
merged 2 commits into from
Jan 12, 2024
Merged

[fix] refreshToken 설계 오류 #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
34f82bb
[fix] add Transactional to test token provide api
tkdwns414 Jan 11, 2024
521f202
[fix] change logic to treat token differently by type
tkdwns414 Jan 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions src/main/java/org/pingle/pingleserver/controller/AuthController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
import org.pingle.pingleserver.constant.Constants;
import org.pingle.pingleserver.dto.common.ApiResponse;
import org.pingle.pingleserver.dto.request.LoginRequest;
import org.pingle.pingleserver.dto.request.ReissueRequest;
import org.pingle.pingleserver.dto.response.JwtTokenResponse;
import org.pingle.pingleserver.dto.type.SuccessMessage;
import org.pingle.pingleserver.service.AuthService;
Expand All @@ -29,8 +28,8 @@ public ApiResponse<JwtTokenResponse> login(

@PostMapping("/reissue")
public ApiResponse<JwtTokenResponse> reissue(
@Valid @RequestBody ReissueRequest request){
return ApiResponse.success(SuccessMessage.OK, authService.reissue(request));
@NotNull @RequestHeader(Constants.AUTHORIZATION_HEADER) String refreshToken){
return ApiResponse.success(SuccessMessage.OK, authService.reissue(refreshToken));
}

@PostMapping("/logout")
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/pingle/pingleserver/controller/TestController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@
import org.pingle.pingleserver.domain.User;
import org.pingle.pingleserver.dto.response.JwtTokenResponse;
import org.pingle.pingleserver.exception.CustomException;
import org.pingle.pingleserver.dto.response.JwtTokenResponse;
import org.pingle.pingleserver.dto.type.ErrorMessage;
import org.pingle.pingleserver.repository.UserRepository;
import org.pingle.pingleserver.utils.JwtUtil;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
Expand All @@ -25,6 +25,7 @@ public class TestController {
private final JwtUtil jwtUtil;
private final UserRepository userRepository;

@Transactional
@GetMapping("/token/{userId}")
public JwtTokenResponse testToken(@PathVariable Long userId) {
User user = userRepository.findById(userId)
Expand Down
6 changes: 0 additions & 6 deletions src/main/java/org/pingle/pingleserver/dto/request/ReissueRequest.java
View file
Open in desktop

This file was deleted.

9 changes: 5 additions & 4 deletions src/main/java/org/pingle/pingleserver/dto/type/ErrorMessage.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,11 @@ public enum ErrorMessage {
EXPIRED_APPLE_IDENTITY_TOKEN(HttpStatus.BAD_REQUEST, "만료된 Apple Identity Token입니다."),
CREATE_PUBLIC_KEY_EXCEPTION(HttpStatus.BAD_REQUEST, "Apple Public verify에 실패했습니다."),
// JWT Error
INVALID_JWT_TOKEN(HttpStatus.UNAUTHORIZED, "유효하지 않은 JWT 토큰입니다."),
EXPIRED_JWT_TOKEN(HttpStatus.UNAUTHORIZED, "만료된 JWT 토큰입니다."),
UNSUPPORTED_JWT_TOKEN(HttpStatus.UNAUTHORIZED, "지원하지 않는 JWT 토큰입니다."),
JWT_TOKEN_IS_EMPTY(HttpStatus.UNAUTHORIZED, "JWT 토큰이 비어있습니다."),
INVALID_JWT_TOKEN(HttpStatus.UNAUTHORIZED, "유효하지 않은 토큰입니다."),
EXPIRED_JWT_TOKEN(HttpStatus.UNAUTHORIZED, "만료된 토큰입니다."),
UNSUPPORTED_JWT_TOKEN(HttpStatus.UNAUTHORIZED, "지원하지 않는 토큰입니다."),
JWT_TOKEN_IS_EMPTY(HttpStatus.UNAUTHORIZED, "토큰이 비어있습니다."),
INVALID_TOKEN_TYPE(HttpStatus.UNAUTHORIZED, "유효하지 않은 토큰 타입입니다."),
// Invalid Argument Error 400
BAD_REQUEST(HttpStatus.BAD_REQUEST, "잘못된 요청입니다."),
ALREADY_REGISTERED_USER(HttpStatus.BAD_REQUEST, "이미 가입된 사용자입니다."),
Expand Down
8 changes: 7 additions & 1 deletion src/main/java/org/pingle/pingleserver/security/filter/JwtAuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.pingle.pingleserver.constant.Constants;
import org.pingle.pingleserver.dto.type.ErrorMessage;
import org.pingle.pingleserver.exception.CustomException;
import org.pingle.pingleserver.security.info.UserAuthentication;
import org.pingle.pingleserver.utils.JwtUtil;
import org.springframework.security.core.context.SecurityContextHolder;
Expand All @@ -33,7 +35,11 @@ protected void doFilterInternal(@NonNull HttpServletRequest request, @NonNull Ht

if (StringUtils.hasText(token)) {
Claims claims = jwtUtil.getTokenBody(token);
Long userId = claims.get("uid", Long.class);
Long userId = claims.get(Constants.USER_ID_CLAIM_NAME, Long.class);
if (claims.get(Constants.USER_ROLE_CLAIM_NAME, String.class) == null) {
if (!request.getRequestURI().equals("/v1/auth/reissue"))
throw new CustomException(ErrorMessage.INVALID_TOKEN_TYPE);
}
UserAuthentication authentication = new UserAuthentication(userId, null, null);
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
Expand Down
21 changes: 17 additions & 4 deletions src/main/java/org/pingle/pingleserver/service/AuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
package org.pingle.pingleserver.service;

import io.jsonwebtoken.Claims;
import lombok.RequiredArgsConstructor;
import org.pingle.pingleserver.constant.Constants;
import org.pingle.pingleserver.domain.User;
import org.pingle.pingleserver.domain.enums.Provider;
import org.pingle.pingleserver.domain.enums.URole;
import org.pingle.pingleserver.dto.request.ReissueRequest;
import org.pingle.pingleserver.exception.CustomException;
import org.pingle.pingleserver.oauth.dto.SocialInfoDto;
import org.pingle.pingleserver.dto.request.LoginRequest;
Expand Down Expand Up @@ -35,9 +36,13 @@ public JwtTokenResponse login(String providerToken, LoginRequest request) {
}

@Transactional
public JwtTokenResponse reissue(ReissueRequest request) {
jwtUtil.getTokenBody(request.refreshToken());
User user = userRepository.findByRefreshTokenAndIsDeleted(request.refreshToken(), false)
public JwtTokenResponse reissue(String token) {
String refreshToken = getToken(token);
Claims claims = jwtUtil.getTokenBody(refreshToken);
if (claims.get(Constants.USER_ROLE_CLAIM_NAME, String.class) != null) {
throw new CustomException(ErrorMessage.INVALID_TOKEN_TYPE);
}
User user = userRepository.findByRefreshTokenAndIsDeleted(refreshToken, false)
.orElseThrow(() -> new CustomException(ErrorMessage.USER_NOT_FOUND));
return generateTokensWithUpdateRefreshToken(user);
}
Expand Down Expand Up @@ -82,4 +87,12 @@ private JwtTokenResponse generateTokensWithUpdateRefreshToken(User user){
return jwtTokenResponse;
}

private String getToken(String token){
if (token.startsWith(Constants.BEARER_PREFIX)){
return token.substring(Constants.BEARER_PREFIX.length());
} else {
return token;
}
}

}