diff --git a/chooz-api/src/main/java/kr/co/chooz/user/controller/RegisterUserController.java b/chooz-api/src/main/java/kr/co/chooz/user/controller/RegisterUserController.java index 381f3a2e..a308d835 100644 --- a/chooz-api/src/main/java/kr/co/chooz/user/controller/RegisterUserController.java +++ b/chooz-api/src/main/java/kr/co/chooz/user/controller/RegisterUserController.java @@ -5,6 +5,7 @@ import kr.co.chooz.user.request.AddCategoryRequest; import kr.co.chooz.user.request.AddInfoRequest; import kr.co.chooz.user.request.KakaoLoginRequest; +import kr.co.chooz.user.request.NaverLoginRequest; import kr.co.chooz.user.response.TokenResponse; import lombok.RequiredArgsConstructor; import org.springframework.http.HttpStatus; @@ -31,11 +32,10 @@ public ResponseEntity addUserInfo(@RequestAttribute Long userId, @Re return ResponseEntity.ok().build(); } - @PatchMapping("/additional-category") - public ResponseEntity addUserCategory(@RequestAttribute Long userId, @RequestBody AddCategoryRequest addCategoryRequest) { - userUserCase.addUserCategory(userId, addCategoryRequest.toAddUserCategory()); - return ResponseEntity.ok().build(); + @PostMapping("/signup/naver") + public ResponseEntity naverLogin(@Valid @RequestBody NaverLoginRequest naverLoginRequest) { + LoginToken loginToken = userUserCase.signupByThirdParty(naverLoginRequest.toDomain()); + return ResponseEntity.status(HttpStatus.OK).body(new TokenResponse(loginToken)); } - } diff --git a/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java b/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java index f7c94f9f..160a2aef 100644 --- a/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java +++ b/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java @@ -3,14 +3,18 @@ import io.swagger.v3.oas.annotations.media.Schema; import kr.co.chooz.user.domain.entitiy.ProviderType; import kr.co.chooz.user.dto.ThirdPartySignupInfo; +import lombok.AllArgsConstructor; import lombok.Data; +import lombok.Getter; +import lombok.NoArgsConstructor; import javax.validation.constraints.NotBlank; -import javax.validation.constraints.NotNull; import java.util.HashMap; import java.util.Map; -@Data +@Getter +@NoArgsConstructor +@AllArgsConstructor public class KakaoLoginRequest { @Schema(description = "Oauth 서버에서 받아온 인가코드", example = "인가코드") @@ -25,10 +29,6 @@ public class KakaoLoginRequest { private String redirectUrl; - @Schema(description = "소셜 로그인 타입", example = "KAKAO") - @NotNull - private ProviderType providerType; - public ThirdPartySignupInfo toDomain() { Map propertiesValues = new HashMap<>(); propertiesValues.put("code", code); diff --git a/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java b/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java new file mode 100644 index 00000000..06bf0d1c --- /dev/null +++ b/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java @@ -0,0 +1,37 @@ +package kr.co.chooz.user.request; + +import io.swagger.v3.oas.annotations.media.Schema; +import kr.co.chooz.user.domain.entitiy.ProviderType; +import kr.co.chooz.user.dto.ThirdPartySignupInfo; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; + +import javax.validation.constraints.NotBlank; +import java.util.HashMap; +import java.util.Map; + +@Getter +@NoArgsConstructor +@AllArgsConstructor +public class NaverLoginRequest { + + @Schema(description = "Oauth 서버에서 받아온 인가코드", example = "인가코드") + @NotBlank + private String code; + + /** + * state 값은 CSRF를 방지하기 위한 인증값으로 임의의 값을 넣어줄 수 있음.네이버 로그인시 요청한 state 값 과 동일한 값으로 받아와야함 + * CSRF는 Cross Site Request Forgery(사이트 간 요청 위조)의 줄임말로 웹 취약점 중 하나이다. + */ + @Schema(description = "네이버 로그인 CSRF를 방지하기 위한 인증값", example = "string") + private String state; + + + public ThirdPartySignupInfo toDomain() { + Map propertiesValues = new HashMap<>(); + propertiesValues.put("code", code); + propertiesValues.put("state", state); + return new ThirdPartySignupInfo(ProviderType.NAVER, propertiesValues); + } +} diff --git a/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthClient.java b/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthClient.java index 69f1a47b..fc4bd71e 100644 --- a/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthClient.java +++ b/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthClient.java @@ -12,7 +12,7 @@ public interface NaverAuthClient { @PostMapping(value = "/token", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE) NaverTokenResponse generateToken(@RequestParam(name = "grant_type") String grantType, @RequestParam(name = "client_id") String clientId, - @RequestParam(name = "redirect_uri") String redirectUri, + @RequestParam(name = "state") String state, @RequestParam(name = "code") String code, @RequestParam(name = "client_secret") String clientSecret); diff --git a/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthorizer.java b/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthorizer.java index f9b2020b..ec7fe573 100644 --- a/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthorizer.java +++ b/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthorizer.java @@ -32,9 +32,10 @@ public String getAccessToken(ThirdPartySignupInfo signupInfo) { NaverTokenResponse response = naverAuthClient.generateToken( "authorization_code", clientId, - client_secret, + propertiesValues.get("state"), propertiesValues.get("code"), - propertiesValues.get("state") + client_secret + ); return response.getAccess_token(); @@ -44,10 +45,11 @@ public String getAccessToken(ThirdPartySignupInfo signupInfo) { public Map getUserInfo(String accessToken) { NaverUserInfo naverUserInfo = naverApiClient.getUserInfo(new BearerAuthHeader(accessToken).getAuthorization()); + System.out.println("naverUserInfo = " + naverUserInfo); Map result = new HashMap<>(); - result.put("id", naverUserInfo.getId().toString()); - result.put("nickname", naverUserInfo.getNickName()); + result.put("id", naverUserInfo.getId()); + result.put("nickname", naverUserInfo.getNickName()); //디벨로퍼스에 추가해도 값을 못받아 오는중!.. result.put("profile_image", naverUserInfo.getProfileImage()); return result; diff --git a/client/naver/src/main/java/kr/co/chooz/client/naver/response/NaverUserInfo.java b/client/naver/src/main/java/kr/co/chooz/client/naver/response/NaverUserInfo.java index 73f899f3..be89391d 100644 --- a/client/naver/src/main/java/kr/co/chooz/client/naver/response/NaverUserInfo.java +++ b/client/naver/src/main/java/kr/co/chooz/client/naver/response/NaverUserInfo.java @@ -4,23 +4,25 @@ @Data public class NaverUserInfo { - - private Long id; - private NaverUserProperties properties; + private NaverUserProperties response; public String getNickName() { - return properties.getNickname(); + return response.getNickname(); } public String getProfileImage() { - return properties.getProfile_image(); + return response.getProfile_image(); + } + + public String getId() { + return response.getId(); } } @Data class NaverUserProperties { - + private String id; private String nickname; private String profile_image;