fix: 토큰만 사용 되는 API 요청에 대한 로그아웃 블랙리스트 검증 로직 추가

petqua · Mar 31, 2024 · eea6e24 · eea6e24
1 parent 45c86b7
commit eea6e24
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 14 deletions.
diff --git a/src/main/kotlin/com/petqua/presentation/auth/AuthExtractor.kt b/src/main/kotlin/com/petqua/presentation/auth/AuthExtractor.kt
@@ -61,9 +61,7 @@ class AuthExtractor(
             memberRepository.existActiveByIdOrThrow(accessTokenClaims.memberId) {
                 MemberException(NOT_FOUND_MEMBER)
             }
-            throwExceptionWhen(blackListTokenCacheStorage.isBlackListed(accessTokenClaims.memberId, token)) {
-                AuthException(UNABLE_ACCESS_TOKEN)
-            }
+            validateBlackListed(accessTokenClaims.memberId, token)
             return accessTokenClaims
         } catch (e: ExpiredJwtException) {
             throw AuthException(EXPIRED_ACCESS_TOKEN)
@@ -73,4 +71,29 @@ class AuthExtractor(
             throw AuthException(INVALID_ACCESS_TOKEN)
         }
     }
+
+    private fun validateBlackListed(memberId: Long, token: String) {
+        throwExceptionWhen(blackListTokenCacheStorage.isBlackListed(memberId, token)) {
+            AuthException(UNABLE_ACCESS_TOKEN)
+        }
+    }
+
+    fun validateBlacklistTokenRegardlessExpiration(token: String) {
+        val accessTokenClaims = getAccessTokenClaimsRegardlessExpiration(token)
+        validateBlackListed(accessTokenClaims.memberId, token)
+    }
+
+    private fun getAccessTokenClaimsRegardlessExpiration(token: String): AccessTokenClaims {
+        return try {
+            AccessTokenClaims.from(jwtProvider.getPayload(token))
+        } catch (e: ExpiredJwtException) {
+            val payload = mutableMapOf<String, String>()
+            e.claims.forEach { payload[it.key] = it.value.toString() }
+            AccessTokenClaims.from(payload)
+        } catch (e: JwtException) {
+            throw AuthException(INVALID_ACCESS_TOKEN)
+        } catch (e: NullPointerException) {
+            throw AuthException(INVALID_ACCESS_TOKEN)
+        }
+    }
 }
diff --git a/src/main/kotlin/com/petqua/presentation/auth/TokenArgumentResolver.kt b/src/main/kotlin/com/petqua/presentation/auth/TokenArgumentResolver.kt
@@ -28,6 +28,7 @@ class TokenArgumentResolver(
     ): AuthToken {
         val request = webRequest.getHttpServletRequestOrThrow()
         val accessToken = authExtractor.extractAccessToken(request)
+        authExtractor.validateBlacklistTokenRegardlessExpiration(accessToken)
         val refreshToken = authExtractor.extractRefreshToken(request)
         return AuthToken(accessToken, refreshToken)
     }

diff --git a/src/test/kotlin/com/petqua/presentation/auth/AuthControllerTest.kt b/src/test/kotlin/com/petqua/presentation/auth/AuthControllerTest.kt
@@ -135,21 +135,43 @@ class AuthControllerTest(
         }
 
         Given("로그아웃 된 인증정보로") {
-            val member = memberRepository.save(member())
-            val createAuthToken = authTokenProvider.createAuthToken(member, Date())
-            val accessToken = createAuthToken.accessToken
-            val refreshToken = createAuthToken.refreshToken
-            refreshTokenRepository.save(
-                RefreshToken(
-                    memberId = member.id,
-                    token = refreshToken
+            When("인증이 필요한 요청에 사용하는 경우") {
+                val member = memberRepository.save(member())
+                val createAuthToken = authTokenProvider.createAuthToken(member, Date())
+                val accessToken = createAuthToken.accessToken
+                val refreshToken = createAuthToken.refreshToken
+                refreshTokenRepository.save(
+                    RefreshToken(
+                        memberId = member.id,
+                        token = refreshToken
+                    )
                 )
-            )
-            requestSignOut(accessToken, refreshToken)
+                requestSignOut(accessToken, refreshToken)
 
-            When("인증이 필요한 요청에 사용하는 경우") {
                 val response = requestDeleteMember(accessToken)
+                Then("사용 할 수 없다") {
+                    val errorResponse = response.`as`(ExceptionResponse::class.java)
+                    assertSoftly(response) {
+                        statusCode shouldBe UNAUTHORIZED.value()
+                        errorResponse.message shouldBe UNABLE_ACCESS_TOKEN.errorMessage()
+                    }.statusCode shouldBe 401
+                }
+            }
+
+            When("로그인 연장 요청시에 사용하는 경우") {
+                val member = memberRepository.save(member())
+                val createAuthToken = authTokenProvider.createAuthToken(member, Date())
+                val accessToken = createAuthToken.accessToken
+                val refreshToken = createAuthToken.refreshToken
+                refreshTokenRepository.save(
+                    RefreshToken(
+                        memberId = member.id,
+                        token = refreshToken
+                    )
+                )
+                requestSignOut(accessToken, refreshToken)
 
+                val response = requestExtendLogin(accessToken, refreshToken)
                 Then("사용 할 수 없다") {
                     val errorResponse = response.`as`(ExceptionResponse::class.java)
                     assertSoftly(response) {