From 19e5bfbdb0013fda98cbd172a939031fa70533da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=A1=B0=EC=9D=80=EB=B9=84?= <69096886+eunbc@users.noreply.github.com> Date: Thu, 11 Jan 2024 21:39:25 +0900 Subject: [PATCH] =?UTF-8?q?fix:=20oauth=20=EB=A1=9C=EA=B7=B8=EC=9D=B8?= =?UTF-8?q?=EC=8B=9C=20refreshToken=20=EC=A0=95=EB=B3=B4=20=EC=A0=80?= =?UTF-8?q?=EC=9E=A5=20(#226)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: oauth 로그인시 refreshToken 정보 저장 * fix: Oauth 멤버도 토큰 갱신이 가능하도록 수정 --------- Co-authored-by: marooo326 --- .../service/CustomAuthenticationProvider.java | 11 +++++--- .../service/MemberUserDetailsService.java | 3 -- .../OAuth2AuthenticationSuccessHandler.java | 13 +++++++-- .../security/service/UserDetailsImpl.java | 28 +++++++++++++++++-- 4 files changed, 42 insertions(+), 13 deletions(-) diff --git a/core/core-security/src/main/java/com/pgms/coresecurity/security/service/CustomAuthenticationProvider.java b/core/core-security/src/main/java/com/pgms/coresecurity/security/service/CustomAuthenticationProvider.java index d843a74e..19289ee8 100644 --- a/core/core-security/src/main/java/com/pgms/coresecurity/security/service/CustomAuthenticationProvider.java +++ b/core/core-security/src/main/java/com/pgms/coresecurity/security/service/CustomAuthenticationProvider.java @@ -5,7 +5,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Component; @@ -34,11 +33,15 @@ public Authentication authenticate(Authentication authentication) throws Authent String password = authentication.getCredentials().toString(); String accountType = authentication.getDetails().toString(); - UserDetails userDetails; + UserDetailsImpl userDetails; if (accountType.equals("member")) { - userDetails = memberUserDetailsService.loadUserByUsername(email); + userDetails = (UserDetailsImpl)memberUserDetailsService.loadUserByUsername(email); } else { - userDetails = adminUserDetailsService.loadUserByUsername(email); + userDetails = (UserDetailsImpl)adminUserDetailsService.loadUserByUsername(email); + } + + if (userDetails.getProvider() != null) { + throw new SecurityCustomException(MemberErrorCode.NOT_ALLOWED_BY_PROVIDER); } if (!passwordEncoder.matches(password, userDetails.getPassword())) { diff --git a/core/core-security/src/main/java/com/pgms/coresecurity/security/service/MemberUserDetailsService.java b/core/core-security/src/main/java/com/pgms/coresecurity/security/service/MemberUserDetailsService.java index 99faa439..ad97dcaa 100644 --- a/core/core-security/src/main/java/com/pgms/coresecurity/security/service/MemberUserDetailsService.java +++ b/core/core-security/src/main/java/com/pgms/coresecurity/security/service/MemberUserDetailsService.java @@ -24,9 +24,6 @@ public class MemberUserDetailsService implements UserDetailsService { public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { Member member = memberRepository.findByEmail(email) .orElseThrow(() -> new SecurityCustomException(MemberErrorCode.MEMBER_NOT_FOUND)); - if (member.isLoginByProvider()) { - throw new SecurityCustomException(MemberErrorCode.NOT_ALLOWED_BY_PROVIDER); - } return UserDetailsImpl.from(member); } } diff --git a/core/core-security/src/main/java/com/pgms/coresecurity/security/service/OAuth2AuthenticationSuccessHandler.java b/core/core-security/src/main/java/com/pgms/coresecurity/security/service/OAuth2AuthenticationSuccessHandler.java index 457093ae..f195c199 100644 --- a/core/core-security/src/main/java/com/pgms/coresecurity/security/service/OAuth2AuthenticationSuccessHandler.java +++ b/core/core-security/src/main/java/com/pgms/coresecurity/security/service/OAuth2AuthenticationSuccessHandler.java @@ -14,6 +14,8 @@ import com.pgms.coredomain.domain.member.Member; import com.pgms.coredomain.domain.member.enums.Provider; +import com.pgms.coredomain.domain.member.redis.RefreshToken; +import com.pgms.coredomain.domain.member.redis.RefreshTokenRepository; import com.pgms.coredomain.domain.member.repository.MemberRepository; import com.pgms.coresecurity.security.jwt.JwtTokenProvider; import com.pgms.coresecurity.security.util.HttpResponseUtil; @@ -31,6 +33,7 @@ public class OAuth2AuthenticationSuccessHandler implements AuthenticationSuccess private final MemberRepository memberRepository; private final JwtTokenProvider jwtTokenProvider; + private final RefreshTokenRepository refreshTokenRepository; @Override @Transactional @@ -53,11 +56,15 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo userDetails.getAuthorities()); // 토큰 생성 후 반환 + String accessToken = jwtTokenProvider.generateAccessToken((UserDetailsImpl)authenticated.getPrincipal()); + String refreshToken = jwtTokenProvider.generateRefreshToken(); + Map body = new HashMap<>(); - body.put("accessToken", jwtTokenProvider.generateAccessToken((UserDetailsImpl)authenticated.getPrincipal())); - body.put("refreshToken", jwtTokenProvider.generateRefreshToken()); + body.put("accessToken", accessToken); + body.put("refreshToken", refreshToken); - // TODO redis에 토큰 정보 저장 + refreshTokenRepository.save(new RefreshToken(refreshToken, accessToken, "member", + ((UserDetailsImpl)authenticated.getPrincipal()).getEmail())); HttpResponseUtil.setSuccessResponse(response, HttpStatus.OK, body); } diff --git a/core/core-security/src/main/java/com/pgms/coresecurity/security/service/UserDetailsImpl.java b/core/core-security/src/main/java/com/pgms/coresecurity/security/service/UserDetailsImpl.java index cf9ce598..17547387 100644 --- a/core/core-security/src/main/java/com/pgms/coresecurity/security/service/UserDetailsImpl.java +++ b/core/core-security/src/main/java/com/pgms/coresecurity/security/service/UserDetailsImpl.java @@ -10,12 +10,11 @@ import com.fasterxml.jackson.annotation.JsonIgnore; import com.pgms.coredomain.domain.member.Admin; import com.pgms.coredomain.domain.member.Member; +import com.pgms.coredomain.domain.member.enums.Provider; -import lombok.AllArgsConstructor; import lombok.Getter; @Getter -@AllArgsConstructor public class UserDetailsImpl implements UserDetails { private Long id; @@ -23,6 +22,23 @@ public class UserDetailsImpl implements UserDetails { @JsonIgnore private String password; private Collection authorities; + private Provider provider; + + public UserDetailsImpl(Long id, String email, String password, Collection authorities) { + this.id = id; + this.email = email; + this.password = password; + this.authorities = authorities; + } + + public UserDetailsImpl(Long id, String email, String password, Collection authorities, + Provider provider) { + this.id = id; + this.email = email; + this.password = password; + this.authorities = authorities; + this.provider = provider; + } public static UserDetails from(Admin admin) { List authorities = admin.getRole() != null ? @@ -35,7 +51,13 @@ public static UserDetails from(Member member) { List authorities = member.getRole() != null ? List.of(new SimpleGrantedAuthority(member.getRole().name())) : null; - return new UserDetailsImpl(member.getId(), member.getEmail(), member.getPassword(), authorities); + return new UserDetailsImpl( + member.getId(), + member.getEmail(), + member.getPassword(), + authorities, + member.getProvider() + ); } @Override