|
34 | 34 | import java.util.Optional; |
35 | 35 |
|
36 | 36 | import static org.mockito.ArgumentMatchers.any; |
| 37 | +import static org.mockito.ArgumentMatchers.eq; |
37 | 38 | import static org.assertj.core.api.Assertions.assertThat; |
38 | 39 | import static org.assertj.core.api.Assertions.assertThatThrownBy; |
39 | 40 | import static org.mockito.Mockito.times; |
@@ -341,6 +342,35 @@ void appleLoginFilterLogsInExistingUser() throws Exception { |
341 | 342 | verify(appleLoginService).handleLogin("apple-refresh-token", existingUser, response); |
342 | 343 | } |
343 | 344 |
|
| 345 | + @Test |
| 346 | + @DisplayName("애플 로그인 필터가 Apple refresh token 교환 실패 시 identity token 검증만으로 기존 유저를 로그인 처리한다") |
| 347 | + void appleLoginFilterLogsInExistingUserWhenTokenExchangeFails() throws Exception { |
| 348 | + AppleLoginFilter filter = new AppleLoginFilter( |
| 349 | + "/oauth2/apple/login", |
| 350 | + objectMapper, |
| 351 | + validator, |
| 352 | + appleLoginService, |
| 353 | + userRepository); |
| 354 | + MockHttpServletResponse response = new MockHttpServletResponse(); |
| 355 | + Claims claims = Jwts.claims().setSubject("apple-id"); |
| 356 | + User existingUser = user(1L, "user@example.com", Role.USER); |
| 357 | + |
| 358 | + when(appleLoginService.verifyIdentityToken("apple-id-token")).thenReturn(claims); |
| 359 | + when(appleLoginService.getAppleAccessTokenAndRefreshToken("auth-code")) |
| 360 | + .thenThrow(new RuntimeException("invalid_client")); |
| 361 | + when(userRepository.findBySocialTypeAndSocialId(SocialType.APPLE, "apple-id")) |
| 362 | + .thenReturn(Optional.of(existingUser)); |
| 363 | + when(appleLoginService.handleLogin(null, existingUser, response)).thenReturn( |
| 364 | + new org.springframework.security.authentication.UsernamePasswordAuthenticationToken(existingUser, null) |
| 365 | + ); |
| 366 | + |
| 367 | + assertThat(filter.attemptAuthentication( |
| 368 | + request("/oauth2/apple/login", validAppleBody()), |
| 369 | + response).getPrincipal()).isSameAs(existingUser); |
| 370 | + |
| 371 | + verify(appleLoginService).handleLogin(null, existingUser, response); |
| 372 | + } |
| 373 | + |
344 | 374 | @Test |
345 | 375 | @DisplayName("애플 로그인 필터가 신규 유저를 Apple identity token과 auth code로 회원가입 처리한다") |
346 | 376 | void appleLoginFilterRegistersNewUser() throws Exception { |
@@ -370,6 +400,35 @@ void appleLoginFilterRegistersNewUser() throws Exception { |
370 | 400 | verify(appleLoginService).handleRegister(any(), any(), any()); |
371 | 401 | } |
372 | 402 |
|
| 403 | + @Test |
| 404 | + @DisplayName("애플 로그인 필터가 Apple refresh token 교환 실패 시 identity token 검증만으로 신규 유저를 회원가입 처리한다") |
| 405 | + void appleLoginFilterRegistersNewUserWhenTokenExchangeFails() throws Exception { |
| 406 | + AppleLoginFilter filter = new AppleLoginFilter( |
| 407 | + "/oauth2/apple/login", |
| 408 | + objectMapper, |
| 409 | + validator, |
| 410 | + appleLoginService, |
| 411 | + userRepository); |
| 412 | + MockHttpServletResponse response = new MockHttpServletResponse(); |
| 413 | + Claims claims = Jwts.claims().setSubject("apple-id"); |
| 414 | + User newUser = user(2L, "new@example.com", Role.GUEST); |
| 415 | + |
| 416 | + when(appleLoginService.verifyIdentityToken("apple-id-token")).thenReturn(claims); |
| 417 | + when(appleLoginService.getAppleAccessTokenAndRefreshToken("auth-code")) |
| 418 | + .thenThrow(new RuntimeException("invalid_client")); |
| 419 | + when(userRepository.findBySocialTypeAndSocialId(SocialType.APPLE, "apple-id")) |
| 420 | + .thenReturn(Optional.empty()); |
| 421 | + when(appleLoginService.handleRegister(eq(null), any(), any())).thenReturn( |
| 422 | + new org.springframework.security.authentication.UsernamePasswordAuthenticationToken(newUser, null) |
| 423 | + ); |
| 424 | + |
| 425 | + assertThat(filter.attemptAuthentication( |
| 426 | + request("/oauth2/apple/login", validAppleBody()), |
| 427 | + response).getPrincipal()).isSameAs(newUser); |
| 428 | + |
| 429 | + verify(appleLoginService).handleRegister(eq(null), any(), any()); |
| 430 | + } |
| 431 | + |
373 | 432 | private KakaoLoginFilter kakaoLoginFilter() { |
374 | 433 | return new KakaoLoginFilter( |
375 | 434 | "/oauth2/kakao/login", |
|
0 commit comments