fix: 토큰 재발급 로직 수정 (#289)

* refactor: 함수 분리

- subject의 기준이 SiteUser의 id가 아니게 바뀌더라도 변경 부분이 최소화되게 한다.
- SiteUser의 subject를 사용하는 곳은 accessToken과 refreshToken를 관리하는 AuthTokenProvider 의 영역이므로 이 위치에 함수를 생성한다.

* chore: 사용하지 않는 함수 삭제

* refactor: 가독성을 위해 함수 위치 변경

- parseSubject 가 parseSubjectIgnoringExpiration 보다 먼저 읽히도록

* refactor: 재발급 로직 수정

- subject가 아니라 엑세스 토큰으로 리프레시 토큰을 찾도록

* refactor: 리프레시 토큰 기간 연장

- 참고: discussion #292

* refactor: 액세스 토큰 재발급 로직 수정

* test: authServiceTest 작성

Author: nayonsoso

src/main/java/com/example/solidconnection/auth/controller/AuthController.java

@@ -3,6 +3,7 @@
 import com.example.solidconnection.auth.dto.EmailSignInRequest;
 import com.example.solidconnection.auth.dto.EmailSignUpTokenRequest;
 import com.example.solidconnection.auth.dto.EmailSignUpTokenResponse;
+import com.example.solidconnection.auth.dto.ReissueRequest;
 import com.example.solidconnection.auth.dto.ReissueResponse;
 import com.example.solidconnection.auth.dto.SignInResponse;
 import com.example.solidconnection.auth.dto.SignUpRequest;
@@ -114,13 +115,9 @@ public ResponseEntity<Void> quit(
 
     @PostMapping("/reissue")
     public ResponseEntity<ReissueResponse> reissueToken(
-            Authentication authentication
+            ReissueRequest reissueRequest
     ) {
-        String token = authentication.getCredentials().toString();
-        if (token == null) {
-            throw new CustomException(ErrorCode.AUTHENTICATION_FAILED, "토큰이 없습니다.");
-        }
-        ReissueResponse reissueResponse = authService.reissue(token);
+        ReissueResponse reissueResponse = authService.reissue(reissueRequest);
         return ResponseEntity.ok(reissueResponse);
     }
 }

src/main/java/com/example/solidconnection/auth/domain/TokenType.java

@@ -5,16 +5,16 @@
 @Getter
 public enum TokenType {
 
-    ACCESS("ACCESS:", 1000 * 60 * 60), // 1hour
-    REFRESH("REFRESH:", 1000 * 60 * 60 * 24 * 7), // 7days
+    ACCESS("ACCESS:", 1000L * 60 * 60), // 1hour
+    REFRESH("REFRESH:", 1000L * 60 * 60 * 24 * 90), // 90days
     BLACKLIST("BLACKLIST:", ACCESS.expireTime),
-    SIGN_UP("SIGN_UP:", 1000 * 60 * 10), // 10min
+    SIGN_UP("SIGN_UP:", 1000L * 60 * 10), // 10min
     ;
 
     private final String prefix;
-    private final int expireTime;
+    private final long expireTime;
 
-    TokenType(String prefix, int expireTime) {
+    TokenType(String prefix, long expireTime) {
         this.prefix = prefix;
         this.expireTime = expireTime;
     }

src/main/java/com/example/solidconnection/auth/dto/ReissueRequest.java

@@ -0,0 +1,8 @@
+package com.example.solidconnection.auth.dto;
+
+import jakarta.validation.constraints.NotBlank;
+
+public record ReissueRequest(
+        @NotBlank(message = "리프레시 토큰과 함께 요청해주세요.")
+        String refreshToken) {
+}

src/main/java/com/example/solidconnection/auth/service/AuthService.java

@@ -1,23 +1,28 @@
 package com.example.solidconnection.auth.service;
 
 
+import com.example.solidconnection.auth.dto.ReissueRequest;
 import com.example.solidconnection.auth.dto.ReissueResponse;
+import com.example.solidconnection.config.security.JwtProperties;
 import com.example.solidconnection.custom.exception.CustomException;
 import com.example.solidconnection.siteuser.domain.SiteUser;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import java.time.LocalDate;
+import java.util.Objects;
 import java.util.Optional;
 
 import static com.example.solidconnection.custom.exception.ErrorCode.REFRESH_TOKEN_EXPIRED;
+import static com.example.solidconnection.util.JwtUtils.parseSubject;
 
 @RequiredArgsConstructor
 @Service
 public class AuthService {
 
     private final AuthTokenProvider authTokenProvider;
+    private final JwtProperties jwtProperties;
 
     /*
      * 로그아웃 한다.
@@ -40,13 +45,15 @@ public void quit(SiteUser siteUser) {
 
     /*
      * 액세스 토큰을 재발급한다.
-     * - 리프레시 토큰이 만료되었거나, 존재하지 않는다면 예외 응답을 반환한다.
-     * - 리프레시 토큰이 존재한다면, 액세스 토큰을 재발급한다.
+     * - 요청된 리프레시 토큰과 동일한 subject 의 토큰이 저장되어 있으며 값이 일치할 경우, 액세스 토큰을 재발급한다.
+     * - 그렇지 않으면 예외를 반환한다.
      * */
-    public ReissueResponse reissue(String subject) {
-        // 리프레시 토큰 만료 확인
-        Optional<String> optionalRefreshToken = authTokenProvider.findRefreshToken(subject);
-        if (optionalRefreshToken.isEmpty()) {
+    public ReissueResponse reissue(ReissueRequest reissueRequest) {
+        // 리프레시 토큰 확인
+        String requestedRefreshToken = reissueRequest.refreshToken();
+        String subject = parseSubject(requestedRefreshToken, jwtProperties.secret());
+        Optional<String> savedRefreshToken = authTokenProvider.findRefreshToken(subject);
+        if (!Objects.equals(requestedRefreshToken, savedRefreshToken.orElse(null))) {
             throw new CustomException(REFRESH_TOKEN_EXPIRED);
         }
         // 액세스 토큰 재발급

src/main/java/com/example/solidconnection/auth/service/AuthTokenProvider.java

@@ -8,8 +8,6 @@
 
 import java.util.Optional;
 
-import static com.example.solidconnection.util.JwtUtils.parseSubjectIgnoringExpiration;
-
 @Component
 public class AuthTokenProvider extends TokenProvider {
 
@@ -18,7 +16,7 @@ public AuthTokenProvider(JwtProperties jwtProperties, RedisTemplate<String, Stri
     }
 
     public String generateAccessToken(SiteUser siteUser) {
-        String subject = siteUser.getId().toString();
+        String subject = getSubject(siteUser);
         return generateToken(subject, TokenType.ACCESS);
     }
 
@@ -27,7 +25,7 @@ public String generateAccessToken(String subject) {
     }
 
     public String generateAndSaveRefreshToken(SiteUser siteUser) {
-        String subject = siteUser.getId().toString();
+        String subject = getSubject(siteUser);
         String refreshToken = generateToken(subject, TokenType.REFRESH);
         return saveToken(refreshToken, TokenType.REFRESH);
     }
@@ -47,7 +45,7 @@ public Optional<String> findBlackListToken(String subject) {
         return Optional.ofNullable(redisTemplate.opsForValue().get(blackListTokenKey));
     }
 
-    public String getEmail(String token) {
-        return parseSubjectIgnoringExpiration(token, jwtProperties.secret());
+    private String getSubject(SiteUser siteUser) {
+        return siteUser.getId().toString();
     }
 }

src/main/java/com/example/solidconnection/util/JwtUtils.java

@@ -28,19 +28,19 @@ public static String parseTokenFromRequest(HttpServletRequest request) {
         return token.substring(TOKEN_PREFIX.length());
     }
 
-    public static String parseSubjectIgnoringExpiration(String token, String secretKey) {
+    public static String parseSubject(String token, String secretKey) {
         try {
             return parseClaims(token, secretKey).getSubject();
-        } catch (ExpiredJwtException e) {
-            return e.getClaims().getSubject();
         } catch (Exception e) {
             throw new CustomException(INVALID_TOKEN);
         }
     }
 
-    public static String parseSubject(String token, String secretKey) {
+    public static String parseSubjectIgnoringExpiration(String token, String secretKey) {
         try {
             return parseClaims(token, secretKey).getSubject();
+        } catch (ExpiredJwtException e) {
+            return e.getClaims().getSubject();
         } catch (Exception e) {
             throw new CustomException(INVALID_TOKEN);
         }

src/test/java/com/example/solidconnection/auth/service/AuthServiceTest.java

@@ -0,0 +1,108 @@
+package com.example.solidconnection.auth.service;
+
+import com.example.solidconnection.auth.domain.TokenType;
+import com.example.solidconnection.auth.dto.ReissueRequest;
+import com.example.solidconnection.auth.dto.ReissueResponse;
+import com.example.solidconnection.config.security.JwtProperties;
+import com.example.solidconnection.custom.exception.CustomException;
+import com.example.solidconnection.siteuser.domain.SiteUser;
+import com.example.solidconnection.siteuser.repository.SiteUserRepository;
+import com.example.solidconnection.support.TestContainerSpringBootTest;
+import com.example.solidconnection.type.PreparationStatus;
+import com.example.solidconnection.type.Role;
+import com.example.solidconnection.util.JwtUtils;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.time.LocalDate;
+
+import static com.example.solidconnection.custom.exception.ErrorCode.REFRESH_TOKEN_EXPIRED;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+
+@DisplayName("인증 서비스 테스트")
+@TestContainerSpringBootTest
+class AuthServiceTest {
+
+    @Autowired
+    private AuthService authService;
+
+    @Autowired
+    private AuthTokenProvider authTokenProvider;
+
+    @Autowired
+    private SiteUserRepository siteUserRepository;
+
+    @Autowired
+    private JwtProperties jwtProperties;
+
+    @Test
+    void 로그아웃한다() {
+        // given
+        String accessToken = "accessToken";
+
+        // when
+        authService.signOut(accessToken);
+
+        // then
+        assertThat(authTokenProvider.findBlackListToken(accessToken)).isNotNull();
+    }
+
+    @Test
+    void 탈퇴한다() {
+        // given
+        SiteUser siteUser = createSiteUser();
+
+        // when
+        authService.quit(siteUser);
+
+        // then
+        LocalDate tomorrow = LocalDate.now().plusDays(1);
+        assertThat(siteUser.getQuitedAt()).isEqualTo(tomorrow);
+    }
+
+    @Nested
+    class 토큰을_재발급한다 {
+
+        @Test
+        void 요청의_리프레시_토큰이_저장되어_있고_값이_일치면_액세스_토큰을_재발급한다() {
+            // given
+            SiteUser siteUser = createSiteUser();
+            String refreshToken = authTokenProvider.generateAndSaveRefreshToken(siteUser);
+            ReissueRequest reissueRequest = new ReissueRequest(refreshToken);
+
+            // when
+            ReissueResponse reissuedAccessToken = authService.reissue(reissueRequest);
+
+            // then
+            String actualSubject = JwtUtils.parseSubject(reissuedAccessToken.accessToken(), jwtProperties.secret());
+            String expectedSubject = JwtUtils.parseSubject(refreshToken, jwtProperties.secret());
+            assertThat(actualSubject).isEqualTo(expectedSubject);
+        }
+
+        @Test
+        void 요청의_리프레시_토큰이_저장되어있지_않다면_예외_응답을_반환한다() {
+            // given
+            String refreshToken = authTokenProvider.generateToken("subject", TokenType.REFRESH);
+            ReissueRequest reissueRequest = new ReissueRequest(refreshToken);
+
+            // when, then
+            assertThatCode(() -> authService.reissue(reissueRequest))
+                    .isInstanceOf(CustomException.class)
+                    .hasMessage(REFRESH_TOKEN_EXPIRED.getMessage());
+        }
+    }
+
+    private SiteUser createSiteUser() {
+        SiteUser siteUser = new SiteUser(
+                "test@example.com",
+                "nickname",
+                "profileImageUrl",
+                PreparationStatus.CONSIDERING,
+                Role.MENTEE
+        );
+        return siteUserRepository.save(siteUser);
+    }
+}