6주차 : 로그인기능

app/src/main/java/com/codesoom/assignment/application/AuthenticationService.java

@@ -0,0 +1,30 @@
+package com.codesoom.assignment.application;
+
+import com.codesoom.assignment.domain.User;
+import com.codesoom.assignment.domain.UserRepository;
+import com.codesoom.assignment.dto.UserLoginData;
+import com.codesoom.assignment.errors.InvalidLoginException;
+import com.codesoom.assignment.errors.UserNotFoundException;
+import com.codesoom.assignment.utils.JwtUtil;
+import org.springframework.stereotype.Service;
+
+@Service
+public class AuthenticationService {
+    private final UserRepository userRepository;
+    private final JwtUtil jwtUtil;
+
+    public AuthenticationService(UserRepository userRepository, JwtUtil jwtUtil) {
+        this.userRepository = userRepository;
+        this.jwtUtil = jwtUtil;
+    }
+
+    public String login(UserLoginData loginData) {
+        User loginUser = userRepository.findByEmail(loginData.getEmail())
+                .orElseThrow(() -> new UserNotFoundException(loginData.getEmail()));
+
+        if (!loginUser.getPassword().equals(loginData.getPassword())) {
+            throw new InvalidLoginException("Check your password");
+        }
+        return jwtUtil.encode(loginUser.getId());
+    }
+}

app/src/main/java/com/codesoom/assignment/config/WebConfig.java

@@ -0,0 +1,22 @@
+package com.codesoom.assignment.config;
+
+import com.codesoom.assignment.interceptor.AuthInterceptor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+    private final AuthInterceptor authInterceptor;
+
+    public WebConfig(AuthInterceptor authInterceptor) {
+        this.authInterceptor = authInterceptor;
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authInterceptor)
+                .addPathPatterns("/products/**");
+    }
+
+}

app/src/main/java/com/codesoom/assignment/controllers/ControllerErrorAdvice.java

@@ -1,9 +1,7 @@
 package com.codesoom.assignment.controllers;
 
 import com.codesoom.assignment.dto.ErrorResponse;
-import com.codesoom.assignment.errors.ProductNotFoundException;
-import com.codesoom.assignment.errors.UserEmailDuplicationException;
-import com.codesoom.assignment.errors.UserNotFoundException;
+import com.codesoom.assignment.errors.*;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
@@ -30,4 +28,22 @@ public ErrorResponse handleUserNotFound() {
     public ErrorResponse handleUserEmailIsAlreadyExisted() {
         return new ErrorResponse("User's email address is already existed");
     }
+
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    @ExceptionHandler(InvalidLoginException.class)
+    public ErrorResponse handleInvalidLogin() {
+        return new ErrorResponse("Invalid login request");
+    }
+
+    @ResponseStatus(HttpStatus.UNAUTHORIZED)
+    @ExceptionHandler(AccessTokenNotFoundException.class)
+    public ErrorResponse handleAccessTokenNotFound() {
+        return new ErrorResponse("Access token not found");
+    }
+
+    @ResponseStatus(HttpStatus.UNAUTHORIZED)
+    @ExceptionHandler(InvalidAccessTokenException.class)
+    public ErrorResponse handleInvalidAccessToken() {
+        return new ErrorResponse("Invalid access token");
+    }
 }

app/src/main/java/com/codesoom/assignment/controllers/SessionController.java

@@ -0,0 +1,32 @@
+package com.codesoom.assignment.controllers;
+
+import com.codesoom.assignment.application.AuthenticationService;
+import com.codesoom.assignment.dto.SessionResponse;
+import com.codesoom.assignment.dto.UserLoginData;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+
+@RestController
+@RequestMapping("/session")
+@CrossOrigin
+public class SessionController {
+
+    private final AuthenticationService authenticationService;
+
+    public SessionController(AuthenticationService authenticationService) {
+        this.authenticationService = authenticationService;
+    }
+
+    @PostMapping
+    @ResponseStatus(HttpStatus.CREATED)
+    public SessionResponse login(@RequestBody @Valid UserLoginData userLoginData) {
+        String accessToken = authenticationService.login(userLoginData);
+
+        return SessionResponse.builder()
+                .accessToken(accessToken)
+                .build();
+    }
+
+}

app/src/main/java/com/codesoom/assignment/domain/UserRepository.java

@@ -12,4 +12,6 @@ public interface UserRepository {
     Optional<User> findByIdAndDeletedIsFalse(Long id);
 
     Optional<User> findByEmail(String email);
+
+    void deleteAll();
 }

app/src/main/java/com/codesoom/assignment/dto/SessionResponse.java

@@ -0,0 +1,13 @@
+package com.codesoom.assignment.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+
+@Getter
+@Builder
+@AllArgsConstructor
+public class SessionResponse {
+
+    private String accessToken;
+}

app/src/main/java/com/codesoom/assignment/dto/UserLoginData.java

@@ -0,0 +1,26 @@
+package com.codesoom.assignment.dto;
+
+import com.github.dozermapper.core.Mapping;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Size;
+
+@Getter
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class UserLoginData {
+    @NotBlank
+    @Size(min = 3)
+    @Mapping("email")
+    private String email;
+
+    @NotBlank
+    @Size(min = 4, max = 1024)
+    @Mapping("password")
+    private String password;
+}

app/src/main/java/com/codesoom/assignment/errors/AccessTokenNotFoundException.java

@@ -0,0 +1,8 @@
+package com.codesoom.assignment.errors;
+
+public class AccessTokenNotFoundException extends RuntimeException {
+
+    public AccessTokenNotFoundException() {
+        super("Access token not found");
+    }
+}

app/src/main/java/com/codesoom/assignment/errors/InvalidAccessTokenException.java

@@ -0,0 +1,14 @@
+package com.codesoom.assignment.errors;
+
+public class InvalidAccessTokenException extends RuntimeException {
+
+    public InvalidAccessTokenException(String message) {
+        super("Invalid access token : " + message);
+    }
+
+    public InvalidAccessTokenException() {
+        super("Invalid access token");
+    }
+
+
+}

app/src/main/java/com/codesoom/assignment/errors/InvalidLoginException.java

@@ -0,0 +1,8 @@
+package com.codesoom.assignment.errors;
+
+public class InvalidLoginException extends RuntimeException {
+    public InvalidLoginException(String message) {
+        super("Invalid login Exception: " + message);
+    }
+
+}

app/src/main/java/com/codesoom/assignment/errors/UserNotFoundException.java

@@ -4,4 +4,8 @@ public class UserNotFoundException extends RuntimeException {
     public UserNotFoundException(Long id) {
         super("User not found: " + id);
     }
+
+    public UserNotFoundException(String email) {
+        super("User not found: " + email);
+    }
 }

app/src/main/java/com/codesoom/assignment/infra/JpaUserRepository.java

@@ -17,4 +17,6 @@ public interface JpaUserRepository
     Optional<User> findByIdAndDeletedIsFalse(Long id);
 
     Optional<User> findByEmail(String email);
+
+    void deleteAll();
 }

app/src/main/java/com/codesoom/assignment/interceptor/AuthInterceptor.java

@@ -0,0 +1,65 @@
+package com.codesoom.assignment.interceptor;
+
+import com.codesoom.assignment.errors.AccessTokenNotFoundException;
+import com.codesoom.assignment.errors.InvalidAccessTokenException;
+import com.codesoom.assignment.utils.JwtUtil;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Component
+public class AuthInterceptor implements HandlerInterceptor {
+
+    private final JwtUtil jwtUtil;
+
+    public AuthInterceptor(JwtUtil jwtUtil) {
+        this.jwtUtil = jwtUtil;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+
+        if (isGetMethod(request)) {
+            return true;
+        }
+
+        if (isPostMethod(request) || isPatchMethod(request) || isDeleteMethod(request)) {
+            return checkAccessToken(request);
+        }
+
+        return true;
+    }
+
+    private boolean isGetMethod(HttpServletRequest request) {
+        return request.getMethod().equals("GET");
+    }
+
+    private boolean isPostMethod(HttpServletRequest request) {
+        return request.getMethod().equals("POST");
+    }
+
+    private boolean isPatchMethod(HttpServletRequest request) {
+        return request.getMethod().equals("PATCH");
+    }
+
+    private boolean isDeleteMethod(HttpServletRequest request) {
+        return request.getMethod().equals("DELETE");
+    }
+
+    private boolean checkAccessToken(HttpServletRequest request) throws InvalidAccessTokenException, AccessTokenNotFoundException {
+        String authorization = request.getHeader("Authorization");
+        if (authorization == null) {
+            throw new AccessTokenNotFoundException();
+        }
+        String accessToken = authorization.substring("Bearer ".length());
+        try {
+            jwtUtil.decode(accessToken);
+            return true;
+        } catch (Exception e) {
+            throw new InvalidAccessTokenException(e.getMessage());
+        }
+    }
+
+}

app/src/main/java/com/codesoom/assignment/utils/JwtUtil.java

@@ -0,0 +1,33 @@
+package com.codesoom.assignment.utils;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.security.Key;
+
+@Component
+public class JwtUtil {
+    private final Key key;
+
+    public JwtUtil(@Value("${jwt.secret}") String secret) {
+        this.key = Keys.hmacShaKeyFor(secret.getBytes());
+    }
+
+    public String encode(Long userId) {
+        return Jwts.builder()
+                .claim("userId", userId)
+                .signWith(key)
+                .compact();
+    }
+
+    public Claims decode(String token) {
+        return Jwts.parserBuilder()
+                .setSigningKey(key)
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+}

app/src/test/java/com/codesoom/assignment/application/AuthenticationServiceTest.java

@@ -0,0 +1,73 @@
+package com.codesoom.assignment.application;
+
+import com.codesoom.assignment.domain.User;
+import com.codesoom.assignment.dto.UserLoginData;
+import com.codesoom.assignment.errors.InvalidLoginException;
+import com.codesoom.assignment.errors.UserNotFoundException;
+import com.codesoom.assignment.utils.TestHelper;
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.*;
+
+import static com.codesoom.assignment.utils.TestHelper.*;
+
+
+@SuppressWarnings({"InnerClassMayBeStatic", "NonAsciiCharacters"})
+@DisplayName("AuthenticationService 클래스")
+class AuthenticationServiceTest extends JpaTest {
+
+
+
+    @Nested
+    @DisplayNameGeneration(DisplayNameGenerator.ReplaceUnderscores.class)
+    class login_메서드는 {
+        private AuthenticationService authenticationService = new AuthenticationService(getUserRepository(), getJwtUtil());
+
+
+        @Nested
+        @DisplayNameGeneration(DisplayNameGenerator.ReplaceUnderscores.class)
+        class 유효한_유저로그인정보_요청를_받으면 {
+            private UserLoginData AUTH_USER_DATA = UserLoginData.builder()
+                    .email(AUTH_EMAIL)
+                    .password(AUTH_PASSWORD)
+                    .build();
+
+            @BeforeEach
+            void setUp() {
+                getUserRepository().deleteAll();
+                getUserRepository().save(AUTH_USER);
+            }
+
+            @DisplayName("인증토큰을 반환한다.")
+            @Test
+            void It_returns_token() {
+                String accessToken = authenticationService.login(AUTH_USER_DATA);
+                Assertions.assertThat(accessToken).isEqualTo(VALID_TOKEN);
+            }
+
+        }
+
+        @Nested
+        @DisplayNameGeneration(DisplayNameGenerator.ReplaceUnderscores.class)
+        class 유효하지_않은_로그인정보를_받으면 {
+
+            @BeforeEach
+            void setUp() {
+                getUserRepository().deleteAll();
+                getUserRepository().save(AUTH_USER);
+            }
+
+            @DisplayName("해당 정보의 회원이 존재하지 않으면 UserNotFoundException을 반환한다.")
+            @Test
+            void It_throws_UserNotFoundException() {
+                Assertions.assertThatThrownBy(() -> authenticationService.login(IS_NOT_EXISTS_USER_DATA)).isInstanceOf(UserNotFoundException.class);
+            }
+
+            @DisplayName("비밀번호가 일치하지 않으면 InvalidLoginException을 반환한다.")
+            @Test
+            void It_throws_InvalidLoginRequest() {
+                Assertions.assertThatThrownBy(() -> authenticationService.login(INVALID_PASSWORD_USER_DATA)).isInstanceOf(InvalidLoginException.class);
+            }
+        }
+
+    }
+}