Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BE] HotFix/#424 refresh token duplicated #441

Merged
merged 4 commits into from
Sep 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ public enum AuthErrorCode {
ILLEGAL_TOKEN("01101", "로그인에 실패하였습니다."),
FORBIDDEN_ADMIN_ACCESS("01102", "로그인에 실패하였습니다."),
BLOCKING_MEMBER_ACCESS("01103", "로그인에 실패하였습니다."),
EXPIRED_TOKEN("01104", "기간이 만료된 토큰입니다.")
EXPIRED_TOKEN("01104", "기간이 만료된 토큰입니다."),
BAD_REQUEST_TOKEN("01005", "잘못된 요청입니다.")
;

private final String code;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.mapbefine.mapbefine.auth.infrastructure;

import static com.mapbefine.mapbefine.auth.exception.AuthErrorCode.BAD_REQUEST_TOKEN;
import static com.mapbefine.mapbefine.auth.exception.AuthErrorCode.EXPIRED_TOKEN;
import static com.mapbefine.mapbefine.auth.exception.AuthErrorCode.ILLEGAL_TOKEN;

Expand All @@ -11,14 +12,13 @@
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.UUID;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
public class JwtTokenProvider implements TokenProvider {

private static final String EMPTY = "";

private final String secretKey;
private final long accessExpirationTime;
private final long refreshExpirationTime;
Expand All @@ -41,7 +41,9 @@ public String createAccessToken(String payload) {
}

public String createRefreshToken() {
return createToken(EMPTY, refreshExpirationTime);
UUID payload = UUID.randomUUID();

return createToken(payload.toString(), refreshExpirationTime);
}

private String createToken(String payload, Long validityInMilliseconds) {
Expand Down Expand Up @@ -74,7 +76,7 @@ public void validateTokensForRemoval(String refreshToken, String accessToken) {
if (canRemoveRefreshToken) {
return;
}
throw new AuthUnauthorizedException(EXPIRED_TOKEN);
throw new AuthUnauthorizedException(BAD_REQUEST_TOKEN);
}

public void validateAccessToken(String accessToken) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ private ResponseCookie createCookie(String refreshToken) {
return ResponseCookie.from("refresh-token", refreshToken)
.httpOnly(true)
.maxAge(TWO_WEEKS)
.sameSite("Lax")
.sameSite("None")
.secure(true)
.path("/")
.build();
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.mapbefine.mapbefine.common.config;

import static org.springframework.http.HttpHeaders.COOKIE;
import static org.springframework.http.HttpHeaders.LOCATION;
import static org.springframework.http.HttpHeaders.SET_COOKIE;

Expand All @@ -16,7 +17,7 @@ public class WebConfig implements WebMvcConfigurer {
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://localhost:3000", "https://mapbefine.kro.kr", "https://mapbefine.com")
.allowedHeaders("refresh-token")
.allowedHeaders(COOKIE)
.allowedMethods("*")
.allowCredentials(true)
.exposedHeaders(LOCATION, SET_COOKIE);
Expand Down