From a2e14e26d3efd32e5a5ee0468764b1c4313d7aef Mon Sep 17 00:00:00 2001 From: alsduq1117 Date: Tue, 18 Jul 2023 02:42:27 +0900 Subject: [PATCH 1/3] =?UTF-8?q?refact=20:=20NaverSocialLogin=20=EB=A6=AC?= =?UTF-8?q?=ED=8C=A9=ED=86=A0=EB=A7=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/RegisterUserController.java | 7 ++++ .../chooz/user/request/NaverLoginRequest.java | 38 +++++++++++++++++++ .../naver/authorizer/NaverAuthClient.java | 2 +- .../naver/authorizer/NaverAuthorizer.java | 10 +++-- .../client/naver/response/NaverUserInfo.java | 14 ++++--- 5 files changed, 60 insertions(+), 11 deletions(-) create mode 100644 chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java diff --git a/chooz-api/src/main/java/kr/co/chooz/user/controller/RegisterUserController.java b/chooz-api/src/main/java/kr/co/chooz/user/controller/RegisterUserController.java index 8dee6793..53521ec1 100644 --- a/chooz-api/src/main/java/kr/co/chooz/user/controller/RegisterUserController.java +++ b/chooz-api/src/main/java/kr/co/chooz/user/controller/RegisterUserController.java @@ -3,6 +3,7 @@ import kr.co.chooz.user.dto.LoginToken; import kr.co.chooz.user.port.in.UserUseCase; import kr.co.chooz.user.request.KakaoLoginRequest; +import kr.co.chooz.user.request.NaverLoginRequest; import kr.co.chooz.user.response.TokenResponse; import lombok.RequiredArgsConstructor; import org.springframework.http.HttpStatus; @@ -28,4 +29,10 @@ public ResponseEntity addUserInfo(@RequestAttribute Long userId) { userUserCase.addUserInfo(userId); return ResponseEntity.status(HttpStatus.OK).build(); } + + @PostMapping("/signup/naver") + public ResponseEntity naverLogin(@Valid @RequestBody NaverLoginRequest naverLoginRequest) { + LoginToken loginToken = userUserCase.signupByThirdParty(naverLoginRequest.toDomain()); + return ResponseEntity.status(HttpStatus.OK).body(new TokenResponse(loginToken)); + } } diff --git a/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java b/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java new file mode 100644 index 00000000..f413ffa4 --- /dev/null +++ b/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java @@ -0,0 +1,38 @@ +package kr.co.chooz.user.request; + +import io.swagger.v3.oas.annotations.media.Schema; +import kr.co.chooz.user.domain.entitiy.ProviderType; +import kr.co.chooz.user.dto.ThirdPartySignupInfo; +import lombok.Data; + +import javax.validation.constraints.NotBlank; +import javax.validation.constraints.NotNull; +import java.util.HashMap; +import java.util.Map; + +@Data +public class NaverLoginRequest { + + @Schema(description = "Oauth 서버에서 받아온 인가코드", example = "인가코드") + @NotBlank + private String code; + + /** + * redirectUrl 은 인가코드를 받아올 redirectUrl을 의미하며 여기서 redirectUrl은 카카오 로그인시 요청한 redirectUrl과 동일한 값으로 받아와야함 + * 리다이렉트 유알엘을 받는 이유는 로컬, 배포 , 테스트 환경에서 유동적으로 실행할수있게 하기 위함임 + */ + @Schema(description = "네이버 로그인 CSRF를 방지하기 위한 인증값", example = "string") + private String state; + + + @Schema(description = "소셜 로그인 타입", example = "NAVER") + @NotNull + private ProviderType providerType; + + public ThirdPartySignupInfo toDomain() { + Map propertiesValues = new HashMap<>(); + propertiesValues.put("code", code); + propertiesValues.put("state", state); + return new ThirdPartySignupInfo(ProviderType.NAVER, propertiesValues); + } +} diff --git a/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthClient.java b/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthClient.java index 69f1a47b..fc4bd71e 100644 --- a/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthClient.java +++ b/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthClient.java @@ -12,7 +12,7 @@ public interface NaverAuthClient { @PostMapping(value = "/token", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE) NaverTokenResponse generateToken(@RequestParam(name = "grant_type") String grantType, @RequestParam(name = "client_id") String clientId, - @RequestParam(name = "redirect_uri") String redirectUri, + @RequestParam(name = "state") String state, @RequestParam(name = "code") String code, @RequestParam(name = "client_secret") String clientSecret); diff --git a/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthorizer.java b/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthorizer.java index 9ae41553..77288123 100644 --- a/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthorizer.java +++ b/client/naver/src/main/java/kr/co/chooz/client/naver/authorizer/NaverAuthorizer.java @@ -34,9 +34,10 @@ public String getAccessToken(ThirdPartySignupInfo signupInfo) { NaverTokenResponse response = naverAuthClient.generateToken( "authorization_code", clientId, - client_secret, + propertiesValues.get("state"), propertiesValues.get("code"), - propertiesValues.get("state") + client_secret + ); return response.getAccess_token(); @@ -46,10 +47,11 @@ public String getAccessToken(ThirdPartySignupInfo signupInfo) { public Map getUserInfo(String accessToken) { NaverUserInfo naverUserInfo = naverApiClient.getUserInfo(new BearerAuthHeader(accessToken).getAuthorization()); + System.out.println("naverUserInfo = " + naverUserInfo); Map result = new HashMap<>(); - result.put("id", naverUserInfo.getId().toString()); - result.put("nickname", naverUserInfo.getNickName()); + result.put("id", naverUserInfo.getId()); + result.put("nickname", naverUserInfo.getNickName()); //디벨로퍼스에 추가해도 값을 못받아 오는중!.. result.put("profile_image", naverUserInfo.getProfileImage()); return result; diff --git a/client/naver/src/main/java/kr/co/chooz/client/naver/response/NaverUserInfo.java b/client/naver/src/main/java/kr/co/chooz/client/naver/response/NaverUserInfo.java index 73f899f3..be89391d 100644 --- a/client/naver/src/main/java/kr/co/chooz/client/naver/response/NaverUserInfo.java +++ b/client/naver/src/main/java/kr/co/chooz/client/naver/response/NaverUserInfo.java @@ -4,23 +4,25 @@ @Data public class NaverUserInfo { - - private Long id; - private NaverUserProperties properties; + private NaverUserProperties response; public String getNickName() { - return properties.getNickname(); + return response.getNickname(); } public String getProfileImage() { - return properties.getProfile_image(); + return response.getProfile_image(); + } + + public String getId() { + return response.getId(); } } @Data class NaverUserProperties { - + private String id; private String nickname; private String profile_image; From 2fd6e49ca9c302a6599c51219f357fe57e9e0cef Mon Sep 17 00:00:00 2001 From: alsduq1117 Date: Wed, 19 Jul 2023 20:36:52 +0900 Subject: [PATCH 2/3] =?UTF-8?q?fix=20:=20=EC=86=8C=EC=85=9C=20=EB=A1=9C?= =?UTF-8?q?=EA=B7=B8=EC=9D=B8=20request=20providerType=20=EC=82=AD?= =?UTF-8?q?=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/kr/co/chooz/user/request/KakaoLoginRequest.java | 4 ---- .../java/kr/co/chooz/user/request/NaverLoginRequest.java | 8 ++------ 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java b/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java index f7c94f9f..6d7f4803 100644 --- a/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java +++ b/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java @@ -25,10 +25,6 @@ public class KakaoLoginRequest { private String redirectUrl; - @Schema(description = "소셜 로그인 타입", example = "KAKAO") - @NotNull - private ProviderType providerType; - public ThirdPartySignupInfo toDomain() { Map propertiesValues = new HashMap<>(); propertiesValues.put("code", code); diff --git a/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java b/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java index f413ffa4..c0360967 100644 --- a/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java +++ b/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java @@ -18,17 +18,13 @@ public class NaverLoginRequest { private String code; /** - * redirectUrl 은 인가코드를 받아올 redirectUrl을 의미하며 여기서 redirectUrl은 카카오 로그인시 요청한 redirectUrl과 동일한 값으로 받아와야함 - * 리다이렉트 유알엘을 받는 이유는 로컬, 배포 , 테스트 환경에서 유동적으로 실행할수있게 하기 위함임 + * state 값은 CSRF를 방지하기 위한 인증값으로 임의의 값을 넣어줄 수 있음.네이버 로그인시 요청한 state 값 과 동일한 값으로 받아와야함 + * CSRF는 Cross Site Request Forgery(사이트 간 요청 위조)의 줄임말로 웹 취약점 중 하나이다. */ @Schema(description = "네이버 로그인 CSRF를 방지하기 위한 인증값", example = "string") private String state; - @Schema(description = "소셜 로그인 타입", example = "NAVER") - @NotNull - private ProviderType providerType; - public ThirdPartySignupInfo toDomain() { Map propertiesValues = new HashMap<>(); propertiesValues.put("code", code); From f0f87d81bdf9a3fb0be6e7f49a78266d9bc837a1 Mon Sep 17 00:00:00 2001 From: alsduq1117 Date: Thu, 20 Jul 2023 22:24:30 +0900 Subject: [PATCH 3/3] =?UTF-8?q?style=20:=20=EC=86=8C=EC=85=9C=EB=A1=9C?= =?UTF-8?q?=EA=B7=B8=EC=9D=B8=20request=20=EC=96=B4=EB=85=B8=ED=85=8C?= =?UTF-8?q?=EC=9D=B4=EC=85=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/kr/co/chooz/user/request/KakaoLoginRequest.java | 8 ++++++-- .../java/kr/co/chooz/user/request/NaverLoginRequest.java | 9 ++++++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java b/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java index 6d7f4803..160a2aef 100644 --- a/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java +++ b/chooz-api/src/main/java/kr/co/chooz/user/request/KakaoLoginRequest.java @@ -3,14 +3,18 @@ import io.swagger.v3.oas.annotations.media.Schema; import kr.co.chooz.user.domain.entitiy.ProviderType; import kr.co.chooz.user.dto.ThirdPartySignupInfo; +import lombok.AllArgsConstructor; import lombok.Data; +import lombok.Getter; +import lombok.NoArgsConstructor; import javax.validation.constraints.NotBlank; -import javax.validation.constraints.NotNull; import java.util.HashMap; import java.util.Map; -@Data +@Getter +@NoArgsConstructor +@AllArgsConstructor public class KakaoLoginRequest { @Schema(description = "Oauth 서버에서 받아온 인가코드", example = "인가코드") diff --git a/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java b/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java index c0360967..06bf0d1c 100644 --- a/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java +++ b/chooz-api/src/main/java/kr/co/chooz/user/request/NaverLoginRequest.java @@ -3,14 +3,17 @@ import io.swagger.v3.oas.annotations.media.Schema; import kr.co.chooz.user.domain.entitiy.ProviderType; import kr.co.chooz.user.dto.ThirdPartySignupInfo; -import lombok.Data; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; import javax.validation.constraints.NotBlank; -import javax.validation.constraints.NotNull; import java.util.HashMap; import java.util.Map; -@Data +@Getter +@NoArgsConstructor +@AllArgsConstructor public class NaverLoginRequest { @Schema(description = "Oauth 서버에서 받아온 인가코드", example = "인가코드")