|
3 | 3 | import com.fasterxml.jackson.databind.ObjectMapper; |
4 | 4 | import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; |
5 | 5 | import devkor.ontime_back.dto.AppleTokenResponseDto; |
| 6 | +import devkor.ontime_back.dto.OAuthAppleUserDto; |
6 | 7 | import devkor.ontime_back.global.jwt.JwtTokenProvider; |
7 | 8 | import devkor.ontime_back.global.oauth.apple.AppleLoginFilter; |
8 | 9 | import devkor.ontime_back.global.oauth.apple.AppleLoginService; |
@@ -400,6 +401,38 @@ void appleLoginFilterRegistersNewUser() throws Exception { |
400 | 401 | verify(appleLoginService).handleRegister(any(), any(), any()); |
401 | 402 | } |
402 | 403 |
|
| 404 | + @Test |
| 405 | + @DisplayName("애플 로그인 필터가 요청 email이 비어 있으면 identity token email로 신규 유저를 생성한다") |
| 406 | + void appleLoginFilterUsesIdentityTokenEmailWhenRequestEmailIsMissing() throws Exception { |
| 407 | + AppleLoginFilter filter = new AppleLoginFilter( |
| 408 | + "/oauth2/apple/login", |
| 409 | + objectMapper, |
| 410 | + validator, |
| 411 | + appleLoginService, |
| 412 | + userRepository); |
| 413 | + MockHttpServletResponse response = new MockHttpServletResponse(); |
| 414 | + Claims claims = Jwts.claims().setSubject("apple-id"); |
| 415 | + claims.put("email", "token@example.com"); |
| 416 | + AppleTokenResponseDto tokenResponse = appleTokenResponse("apple-refresh-token"); |
| 417 | + User newUser = user(2L, "token@example.com", Role.GUEST); |
| 418 | + |
| 419 | + when(appleLoginService.verifyIdentityToken("apple-id-token")).thenReturn(claims); |
| 420 | + when(appleLoginService.getAppleAccessTokenAndRefreshToken("auth-code")).thenReturn(tokenResponse); |
| 421 | + when(userRepository.findBySocialTypeAndSocialId(SocialType.APPLE, "apple-id")) |
| 422 | + .thenReturn(Optional.empty()); |
| 423 | + when(appleLoginService.handleRegister(eq("apple-refresh-token"), any(), any())).thenReturn( |
| 424 | + new org.springframework.security.authentication.UsernamePasswordAuthenticationToken(newUser, null) |
| 425 | + ); |
| 426 | + |
| 427 | + assertThat(filter.attemptAuthentication( |
| 428 | + request("/oauth2/apple/login", appleBodyWithoutEmail()), |
| 429 | + response).getPrincipal()).isSameAs(newUser); |
| 430 | + |
| 431 | + verify(appleLoginService).handleRegister(eq("apple-refresh-token"), org.mockito.ArgumentMatchers.argThat( |
| 432 | + (OAuthAppleUserDto userDto) -> "token@example.com".equals(userDto.getEmail()) |
| 433 | + ), eq(response)); |
| 434 | + } |
| 435 | + |
403 | 436 | @Test |
404 | 437 | @DisplayName("애플 로그인 필터가 Apple refresh token 교환 실패 시 identity token 검증만으로 신규 유저를 회원가입 처리한다") |
405 | 438 | void appleLoginFilterRegistersNewUserWhenTokenExchangeFails() throws Exception { |
@@ -478,6 +511,16 @@ private String validAppleBody() { |
478 | 511 | """; |
479 | 512 | } |
480 | 513 |
|
| 514 | + private String appleBodyWithoutEmail() { |
| 515 | + return """ |
| 516 | + { |
| 517 | + "idToken": "apple-id-token", |
| 518 | + "authCode": "auth-code", |
| 519 | + "fullName": "Apple User" |
| 520 | + } |
| 521 | + """; |
| 522 | + } |
| 523 | + |
481 | 524 | private AppleTokenResponseDto appleTokenResponse(String refreshToken) { |
482 | 525 | AppleTokenResponseDto response = new AppleTokenResponseDto(); |
483 | 526 | ReflectionTestUtils.setField(response, "refreshToken", refreshToken); |
|
0 commit comments