feat: 로그인 쿠키 도메인 관련 SameSite를 None으로 변경

team-moabam · Dec 3, 2023 · d44a8dd · d44a8dd
1 parent dfe011f
commit d44a8dd
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 44 deletions.
diff --git a/src/main/java/com/moabam/api/application/auth/AuthorizationService.java b/src/main/java/com/moabam/api/application/auth/AuthorizationService.java
@@ -76,7 +76,8 @@ public AuthorizationTokenResponse requestToken(AuthorizationCodeResponse authori
 	public AuthorizationTokenInfoResponse requestTokenInfo(AuthorizationTokenResponse authorizationTokenResponse) {
 		String tokenValue = generateTokenValue(authorizationTokenResponse.accessToken());
 		ResponseEntity<AuthorizationTokenInfoResponse> authorizationTokenInfoResponse =
-			oauth2AuthorizationServerRequestService.tokenInfoRequest(oAuthConfig.provider().tokenInfo(), tokenValue);
+			oauth2AuthorizationServerRequestService
+				.tokenInfoRequest(oAuthConfig.provider().tokenInfo(), tokenValue);
 
 		return authorizationTokenInfoResponse.getBody();
 	}
@@ -99,12 +100,12 @@ public void issueServiceToken(HttpServletResponse response, PublicClaim publicCl
 		String domain = getDomain(publicClaim.role());
 
 		response.addCookie(CookieUtils.typeCookie("Bearer", tokenConfig.getRefreshExpire(), domain));
-		response.addCookie(
-			CookieUtils.typeCookie("Test_be_erase", tokenConfig.getRefreshExpire(), publicClaim.role().name()));
-		response.addCookie(
-			CookieUtils.tokenCookie("access_token", accessToken, tokenConfig.getRefreshExpire(), domain));
-		response.addCookie(
-			CookieUtils.tokenCookie("refresh_token", refreshToken, tokenConfig.getRefreshExpire(), domain));
+		response.addCookie(CookieUtils
+			.tokenCookie("Test", publicClaim.role().name(), tokenConfig.getRefreshExpire(), domain));
+		response.addCookie(CookieUtils
+			.tokenCookie("access_token", accessToken, tokenConfig.getRefreshExpire(), domain));
+		response.addCookie(CookieUtils
+			.tokenCookie("refresh_token", refreshToken, tokenConfig.getRefreshExpire(), domain));
 	}
 
 	public void validTokenPair(Long id, String oldRefreshToken, Role role) {
@@ -117,8 +118,8 @@ public void validTokenPair(Long id, String oldRefreshToken, Role role) {
 		}
 	}
 
-	public void logout(AuthMember authMember, HttpServletRequest httpServletRequest,
-		HttpServletResponse httpServletResponse) {
+	public void logout(AuthMember authMember,
+		HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
 		removeToken(httpServletRequest, httpServletResponse);
 		tokenRepository.delete(authMember.id(), authMember.role());
 		fcmService.deleteTokenByMemberId(authMember.id());
@@ -180,11 +181,13 @@ private String generateTokenValue(String token) {
 	}
 
 	private String generateQueryParamsWith(AuthorizationCodeRequest authorizationCodeRequest) {
-		UriComponentsBuilder authorizationCodeUri = UriComponentsBuilder.fromUriString(
-				oAuthConfig.provider().authorizationUri())
-			.queryParam("response_type", "code")
-			.queryParam("client_id", authorizationCodeRequest.clientId())
-			.queryParam("redirect_uri", authorizationCodeRequest.redirectUri());
+		UriComponentsBuilder authorizationCodeUri =
+			UriComponentsBuilder.fromUriString(
+					oAuthConfig.provider()
+						.authorizationUri())
+				.queryParam("response_type", "code")
+				.queryParam("client_id", authorizationCodeRequest.clientId())
+				.queryParam("redirect_uri", authorizationCodeRequest.redirectUri());
 
 		if (authorizationCodeRequest.scope() != null && !authorizationCodeRequest.scope().isEmpty()) {
 			String scopes = String.join(",", authorizationCodeRequest.scope());
@@ -201,8 +204,8 @@ private void validAuthorizationGrant(String code) {
 	}
 
 	private AuthorizationTokenResponse issueTokenToAuthorizationServer(String code, String redirectUri) {
-		AuthorizationTokenRequest authorizationTokenRequest = AuthorizationMapper.toAuthorizationTokenRequest(
-			oAuthConfig, code, redirectUri);
+		AuthorizationTokenRequest authorizationTokenRequest =
+			AuthorizationMapper.toAuthorizationTokenRequest(oAuthConfig, code, redirectUri);
 		MultiValueMap<String, String> uriParams = generateTokenRequest(authorizationTokenRequest);
 		ResponseEntity<AuthorizationTokenResponse> authorizationTokenResponse =
 			oauth2AuthorizationServerRequestService

diff --git a/src/main/java/com/moabam/global/auth/filter/AuthorizationFilter.java b/src/main/java/com/moabam/global/auth/filter/AuthorizationFilter.java
@@ -73,7 +73,7 @@ private void invoke(HttpServletRequest httpServletRequest, HttpServletResponse h
 		Cookie[] cookies = getCookiesOrThrow(httpServletRequest);
 
 		if (!isTokenTypeBearer(cookies)) {
-			throw new UnauthorizedException(ErrorMessage.GRANT_FAILED);
+			throw new UnauthorizedException(ErrorMessage.TOKEN_TYPE_FAILED);
 		}
 
 		handleTokenAuthenticate(cookies, httpServletResponse, httpServletRequest);
@@ -92,7 +92,7 @@ private void handleTokenAuthenticate(Cookie[] cookies, HttpServletResponse httpS
 			String refreshToken = extractTokenFromCookie(cookies, "refresh_token");
 
 			if (authenticationService.isTokenExpire(refreshToken, publicClaim.role())) {
-				throw new UnauthorizedException(ErrorMessage.AUTHENTICATE_FAIL);
+				throw new UnauthorizedException(ErrorMessage.TOKEN_EXPIRE);
 			}
 
 			validInvalidMember(publicClaim, refreshToken, httpServletRequest);
@@ -117,14 +117,14 @@ private void validInvalidMember(PublicClaim publicClaim, String refreshToken,
 
 	private Cookie[] getCookiesOrThrow(HttpServletRequest httpServletRequest) {
 		return Optional.ofNullable(httpServletRequest.getCookies())
-			.orElseThrow(() -> new UnauthorizedException(ErrorMessage.GRANT_FAILED));
+			.orElseThrow(() -> new UnauthorizedException(ErrorMessage.COOKIE_NOT_FOUND));
 	}
 
 	private String extractTokenFromCookie(Cookie[] cookies, String tokenName) {
 		return Arrays.stream(cookies)
 			.filter(cookie -> tokenName.equals(cookie.getName()))
 			.map(Cookie::getValue)
 			.findFirst()
-			.orElseThrow(() -> new UnauthorizedException(ErrorMessage.AUTHENTICATE_FAIL));
+			.orElseThrow(() -> new UnauthorizedException(ErrorMessage.TOKEN_NOT_FOUND));
 	}
 }
diff --git a/src/main/java/com/moabam/global/common/util/CookieUtils.java b/src/main/java/com/moabam/global/common/util/CookieUtils.java
@@ -7,31 +7,33 @@
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 public class CookieUtils {
 
-    public static Cookie tokenCookie(String name, String value, long expireTime, String domain) {
-        Cookie cookie = new Cookie(name, value);
-        cookie.setSecure(true);
-        cookie.setHttpOnly(true);
-        cookie.setPath("/");
-        cookie.setMaxAge((int) expireTime);
-        cookie.setAttribute("SameSite", "Lax");
+	public static Cookie tokenCookie(String name, String value, long expireTime, String domain) {
+		Cookie cookie = new Cookie(name, value);
+		cookie.setSecure(true);
+		cookie.setHttpOnly(true);
+		cookie.setPath("/");
+		cookie.setDomain(domain);
+		cookie.setMaxAge((int)expireTime);
+		cookie.setAttribute("SameSite", "None");
 
-        return cookie;
-    }
+		return cookie;
+	}
 
-    public static Cookie typeCookie(String value, long expireTime, String domain) {
-        Cookie cookie = new Cookie("token_type", value);
-        cookie.setSecure(true);
-        cookie.setHttpOnly(true);
-        cookie.setPath("/");
-        cookie.setMaxAge((int) expireTime);
-        cookie.setAttribute("SameSite", "Lax");
+	public static Cookie typeCookie(String value, long expireTime, String domain) {
+		Cookie cookie = new Cookie("token_type", value);
+		cookie.setSecure(true);
+		cookie.setHttpOnly(true);
+		cookie.setPath("/");
+		cookie.setDomain(domain);
+		cookie.setMaxAge((int)expireTime);
+		cookie.setAttribute("SameSite", "None");
 
-        return cookie;
-    }
+		return cookie;
+	}
 
-    public static Cookie deleteCookie(Cookie cookie) {
-        cookie.setMaxAge(0);
-        cookie.setPath("/");
-        return cookie;
-    }
+	public static Cookie deleteCookie(Cookie cookie) {
+		cookie.setMaxAge(0);
+		cookie.setPath("/");
+		return cookie;
+	}
 }
diff --git a/src/main/java/com/moabam/global/error/model/ErrorMessage.java b/src/main/java/com/moabam/global/error/model/ErrorMessage.java
@@ -40,8 +40,12 @@ public enum ErrorMessage {
 	LOGIN_FAILED("로그인에 실패했습니다."),
 	LOGIN_FAILED_ADMIN_KEY("어드민키가 달라요"),
 	REQUEST_FAILED("네트워크 접근 실패입니다."),
+	TOKEN_TYPE_FAILED("토큰 타일이 일치하지 않습니다."),
 	GRANT_FAILED("인가 코드 실패"),
+	TOKEN_EXPIRE("토큰이 만료되었습니다."),
 	AUTHENTICATE_FAIL("인증 실패"),
+	TOKEN_NOT_FOUND("토큰이 존재하지 않습니다."),
+	COOKIE_NOT_FOUND("쿠키가 없습니다"),
 	MEMBER_NOT_FOUND("존재하지 않는 회원입니다."),
 	MEMBER_NOT_FOUND_BY_MANAGER_OR_NULL("방의 매니저거나 회원이 존재하지 않습니다."),
 	MEMBER_ROOM_EXCEED("참여할 수 있는 방의 개수가 모두 찼습니다."),

diff --git a/src/test/java/com/moabam/global/common/util/CookieMakeTest.java b/src/test/java/com/moabam/global/common/util/CookieMakeTest.java
@@ -27,7 +27,7 @@ void create_test() {
 			() -> assertThat(cookie.getSecure()).isTrue(),
 			() -> assertThat(cookie.getPath()).isEqualTo("/"),
 			() -> assertThat(cookie.getMaxAge()).isEqualTo(10000),
-			() -> assertThat(cookie.getAttribute("SameSite")).isEqualTo("Lax")
+			() -> assertThat(cookie.getAttribute("SameSite")).isEqualTo("None")
 		);
 	}