diff --git a/backend/src/main/java/harustudy/backend/auth/AuthInterceptor.java b/backend/src/main/java/harustudy/backend/auth/AuthInterceptor.java index e9983bc3..9cfa7285 100644 --- a/backend/src/main/java/harustudy/backend/auth/AuthInterceptor.java +++ b/backend/src/main/java/harustudy/backend/auth/AuthInterceptor.java @@ -15,7 +15,6 @@ public class AuthInterceptor implements HandlerInterceptor { private final AuthService authService; - private final BearerAuthorizationParser bearerAuthorizationParser; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, @@ -24,7 +23,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons return true; } String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION); - String accessToken = bearerAuthorizationParser.parse(authorizationHeader); + String accessToken = BearerAuthorizationParser.parse(authorizationHeader); Long memberId = authService.parseMemberId(accessToken); request.setAttribute("memberId", memberId); return HandlerInterceptor.super.preHandle(request, response, handler); diff --git a/backend/src/main/java/harustudy/backend/auth/util/AccessTokenUtils.java b/backend/src/main/java/harustudy/backend/auth/util/AccessTokenUtils.java index 7fa9e9a6..57b71b51 100644 --- a/backend/src/main/java/harustudy/backend/auth/util/AccessTokenUtils.java +++ b/backend/src/main/java/harustudy/backend/auth/util/AccessTokenUtils.java @@ -5,8 +5,9 @@ import harustudy.backend.auth.exception.InvalidAccessTokenException; import java.nio.charset.StandardCharsets; import java.util.Date; +import lombok.AllArgsConstructor; import lombok.Getter; -import lombok.RequiredArgsConstructor; +import lombok.NoArgsConstructor; public class AccessTokenUtils { @@ -47,11 +48,12 @@ private static void validateExpiration(RawToken rawToken) { } @Getter - @RequiredArgsConstructor + @NoArgsConstructor + @AllArgsConstructor private static class RawToken { - private final Long subject; + private Long subject; - private final Date expireAt; + private Date expireAt; } } diff --git a/backend/src/main/java/harustudy/backend/auth/util/BearerAuthorizationParser.java b/backend/src/main/java/harustudy/backend/auth/util/BearerAuthorizationParser.java index 97825ddf..66b8069f 100644 --- a/backend/src/main/java/harustudy/backend/auth/util/BearerAuthorizationParser.java +++ b/backend/src/main/java/harustudy/backend/auth/util/BearerAuthorizationParser.java @@ -4,7 +4,6 @@ import java.util.Objects; import org.springframework.stereotype.Component; -@Component public class BearerAuthorizationParser { private static final String TOKEN_TYPE = "Bearer"; @@ -12,7 +11,7 @@ public class BearerAuthorizationParser { private static final int ACCESS_TOKEN_LOCATION = 1; private static final int HEADER_SIZE = 2; - public String parse(String authorizationHeader) { + public static String parse(String authorizationHeader) { validateIsNonNull(authorizationHeader); String[] split = authorizationHeader.split(" "); if (split.length != HEADER_SIZE || !split[TOKEN_TYPE_LOCATION].equals(TOKEN_TYPE)) { @@ -21,7 +20,7 @@ public String parse(String authorizationHeader) { return split[ACCESS_TOKEN_LOCATION]; } - private void validateIsNonNull(String authorizationHeader) { + private static void validateIsNonNull(String authorizationHeader) { if (Objects.isNull(authorizationHeader)) { throw new InvalidAuthorizationHeaderException(); } diff --git a/backend/src/test/java/harustudy/backend/auth/util/AesTokenProviderTest.java b/backend/src/test/java/harustudy/backend/auth/util/AesTokenProviderTest.java index daf60372..35c404bc 100644 --- a/backend/src/test/java/harustudy/backend/auth/util/AesTokenProviderTest.java +++ b/backend/src/test/java/harustudy/backend/auth/util/AesTokenProviderTest.java @@ -2,39 +2,34 @@ import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy; -import harustudy.backend.auth.config.TokenConfig; +import com.fasterxml.jackson.databind.ObjectMapper; import harustudy.backend.auth.exception.InvalidAccessTokenException; import org.assertj.core.api.SoftAssertions; import org.junit.jupiter.api.DisplayNameGeneration; import org.junit.jupiter.api.DisplayNameGenerator.ReplaceUnderscores; import org.junit.jupiter.api.Test; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; @SuppressWarnings("NonAsciiCharacters") @DisplayNameGeneration(ReplaceUnderscores.class) -@SpringBootTest class AesTokenProviderTest { - @Autowired - private AesTokenProvider aesTokenProvider; - - @Autowired - private TokenConfig tokenConfig; + private final AesTokenProvider aesTokenProvider = new AesTokenProvider(new ObjectMapper()); @Test void 액세스_토큰을_생성한다() { // given Long memberId = 1L; + String secretKey = "12345678901234567890123456789012"; + Long accessTokenExpireLength = 12345L; // when String accessToken = aesTokenProvider.createAccessToken(memberId, - tokenConfig.accessTokenExpireLength(), tokenConfig.secretKey()); + accessTokenExpireLength, secretKey); // then SoftAssertions.assertSoftly(softly -> { softly.assertThat(accessToken.length()).isGreaterThan(0); - softly.assertThat(aesTokenProvider.parseSubject(accessToken, tokenConfig.secretKey())) + softly.assertThat(aesTokenProvider.parseSubject(accessToken, secretKey)) .isEqualTo(memberId); }); } @@ -43,10 +38,10 @@ class AesTokenProviderTest { void 복호화되지_않는_액세스_토큰을_검증하면_예외를_던진다() { // given String invalidAccessToken = "invalid-access-token"; + String secretKey = "12345678901234567890123456789012"; // when, then - assertThatThrownBy(() -> aesTokenProvider.parseSubject(invalidAccessToken, - tokenConfig.secretKey())) + assertThatThrownBy(() -> aesTokenProvider.parseSubject(invalidAccessToken, secretKey)) .isInstanceOf(InvalidAccessTokenException.class); } @@ -54,12 +49,12 @@ class AesTokenProviderTest { void 만료된_액세스_토큰을_검증하면_예외를_던진다() { // given Long memberId = 1L; + String secretKey = "12345678901234567890123456789012"; String expiredAccessToken = aesTokenProvider.createAccessToken(memberId, -1L, - tokenConfig.secretKey()); + secretKey); // when, then - assertThatThrownBy(() -> aesTokenProvider.parseSubject(expiredAccessToken, - tokenConfig.secretKey())) + assertThatThrownBy(() -> aesTokenProvider.parseSubject(expiredAccessToken, secretKey)) .isInstanceOf(InvalidAccessTokenException.class); } } diff --git a/backend/src/test/java/harustudy/backend/auth/util/BearerAuthorizationParserTest.java b/backend/src/test/java/harustudy/backend/auth/util/BearerAuthorizationParserTest.java index 2c3a48f7..0b147a8a 100644 --- a/backend/src/test/java/harustudy/backend/auth/util/BearerAuthorizationParserTest.java +++ b/backend/src/test/java/harustudy/backend/auth/util/BearerAuthorizationParserTest.java @@ -12,12 +12,8 @@ @SuppressWarnings("NonAsciiCharacters") @DisplayNameGeneration(ReplaceUnderscores.class) -@SpringBootTest class BearerAuthorizationParserTest { - @Autowired - private BearerAuthorizationParser bearerAuthorizationParser; - @Test void 인증_헤더에서_액세스_토큰을_파싱한다() { // given @@ -26,7 +22,7 @@ class BearerAuthorizationParserTest { String authorizationHeader = tokenType + " " + accessToken; // when - String parsed = bearerAuthorizationParser.parse(authorizationHeader); + String parsed = BearerAuthorizationParser.parse(authorizationHeader); // then assertThat(parsed).isEqualTo(accessToken); @@ -35,7 +31,7 @@ class BearerAuthorizationParserTest { @Test void 인증_헤더가_없으면_예외를_던진다() { // given, when, then - assertThatThrownBy(() -> bearerAuthorizationParser.parse(null)) + assertThatThrownBy(() -> BearerAuthorizationParser.parse(null)) .isInstanceOf(InvalidAuthorizationHeaderException.class); } @@ -47,7 +43,7 @@ class BearerAuthorizationParserTest { String authorizationHeader = tokenType + " " + email; // when, then - assertThatThrownBy(() -> bearerAuthorizationParser.parse(authorizationHeader)) + assertThatThrownBy(() -> BearerAuthorizationParser.parse(authorizationHeader)) .isInstanceOf(InvalidAuthorizationHeaderException.class); } }