diff --git a/src/main/java/nextstep/MemberData.java b/src/main/java/nextstep/MemberData.java index e9d678877..85157ba37 100644 --- a/src/main/java/nextstep/MemberData.java +++ b/src/main/java/nextstep/MemberData.java @@ -1,10 +1,7 @@ package nextstep; -import lombok.AllArgsConstructor; import nextstep.member.domain.Member; -import nextstep.member.domain.MemberRepository; import nextstep.member.domain.RoleType; -import org.springframework.stereotype.Component; import java.util.List; @@ -17,6 +14,6 @@ public class MemberData { private static final String MEMBER_PASSWORD = "password"; private static final int MEMBER_AGE = 20; - public static Member admin = new Member(ADMIN_EMAIL, ADMIN_PASSWORD, ADMIN_AGE, List.of(RoleType.ROLE_ADMIN.toString())); - public static Member member = new Member(MEMBER_EMAIL, MEMBER_PASSWORD, MEMBER_AGE, List.of(RoleType.ROLE_MEMBER.toString())); + public static Member admin = new Member(ADMIN_EMAIL, ADMIN_PASSWORD, ADMIN_AGE, List.of(RoleType.ROLE_ADMIN.name())); + public static Member member = new Member(MEMBER_EMAIL, MEMBER_PASSWORD, MEMBER_AGE, List.of(RoleType.ROLE_MEMBER.name())); } diff --git a/src/main/java/nextstep/auth/authentication/Authenticator.java b/src/main/java/nextstep/auth/authentication/Authenticator.java index 81f5f4f5f..c47017556 100644 --- a/src/main/java/nextstep/auth/authentication/Authenticator.java +++ b/src/main/java/nextstep/auth/authentication/Authenticator.java @@ -19,13 +19,7 @@ public Authenticator(UserDetailsService userDetailsService) { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException { AuthenticationToken token = convert(request); - LoginMember member; - - try { - member = userDetailsService.loadUserByUsername(token.getPrincipal()); - } catch (RuntimeException e) { - throw new AuthenticationException(); - } + LoginMember member = userDetailsService.loadUserByUsername(token.getPrincipal()); checkAuthentication(member, token.getCredentials()); authenticate(member, response); diff --git a/src/main/java/nextstep/member/application/MemberService.java b/src/main/java/nextstep/member/application/MemberService.java index 477e4bf08..2be438e09 100644 --- a/src/main/java/nextstep/member/application/MemberService.java +++ b/src/main/java/nextstep/member/application/MemberService.java @@ -30,11 +30,13 @@ public MemberResponse findMember(String email) { return MemberResponse.of(member); } + @Transactional public void updateMember(Long id, MemberRequest param) { Member member = memberRepository.findById(id).orElseThrow(RuntimeException::new); member.update(param.toMember()); } + @Transactional public void updateMember(String email, MemberRequest param) { Member member = memberRepository.findByEmail(email).orElseThrow(RuntimeException::new); member.update(param.toMember()); diff --git a/src/main/java/nextstep/member/ui/MemberController.java b/src/main/java/nextstep/member/ui/MemberController.java index 742acdb17..512da1be1 100644 --- a/src/main/java/nextstep/member/ui/MemberController.java +++ b/src/main/java/nextstep/member/ui/MemberController.java @@ -1,6 +1,7 @@ package nextstep.member.ui; import nextstep.auth.authorization.AuthenticationPrincipal; +import nextstep.auth.secured.Secured; import nextstep.member.application.MemberService; import nextstep.member.application.dto.MemberRequest; import nextstep.member.application.dto.MemberResponse; @@ -31,6 +32,7 @@ public ResponseEntity findMember(@PathVariable Long id) { } @PutMapping("/members/{id}") + @Secured("ROLE_ADMIN") public ResponseEntity updateMember(@PathVariable Long id, @RequestBody MemberRequest param) { memberService.updateMember(id, param); return ResponseEntity.ok().build(); diff --git a/src/main/java/nextstep/subway/ui/ControllerExceptionHandler.java b/src/main/java/nextstep/subway/ui/ControllerExceptionHandler.java index 5055c254d..dc1bda1d3 100644 --- a/src/main/java/nextstep/subway/ui/ControllerExceptionHandler.java +++ b/src/main/java/nextstep/subway/ui/ControllerExceptionHandler.java @@ -2,6 +2,7 @@ import nextstep.auth.secured.RoleAuthenticationException; import org.springframework.dao.DataIntegrityViolationException; +import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; @@ -20,6 +21,6 @@ public ResponseEntity handleIllegalArgsException(IllegalArgumentException @ExceptionHandler(RoleAuthenticationException.class) public ResponseEntity handleNoAuthenticationException(RoleAuthenticationException e) { - return ResponseEntity.badRequest().build(); + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); } } diff --git a/src/test/java/nextstep/subway/acceptance/AuthAcceptanceTest.java b/src/test/java/nextstep/subway/acceptance/AuthAcceptanceTest.java index c7653756e..8d3e51cb1 100644 --- a/src/test/java/nextstep/subway/acceptance/AuthAcceptanceTest.java +++ b/src/test/java/nextstep/subway/acceptance/AuthAcceptanceTest.java @@ -8,7 +8,6 @@ import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; import java.util.HashMap; import java.util.Map; @@ -66,7 +65,7 @@ void fail_onlyAdminAuth() { ExtractableResponse response = 지하철역_생성_요청_토큰따로("서울역", accessToken); - assertThat(response.response().statusCode()).isEqualTo(HttpStatus.BAD_REQUEST.value()); + assertThat(response.response().statusCode()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); } @DisplayName("권한 부족한 토큰 실패") @@ -76,7 +75,7 @@ void fail_notAdminAuth() { ExtractableResponse response = 지하철역_생성_요청_토큰따로("서울역", accessToken); - assertThat(response.response().statusCode()).isEqualTo(HttpStatus.BAD_REQUEST.value()); + assertThat(response.response().statusCode()).isEqualTo(HttpStatus.UNAUTHORIZED.value()); } private ExtractableResponse 폼_로그인_후_내_회원_정보_조회_요청(String email, String password) { diff --git a/src/test/java/nextstep/subway/acceptance/MemberAcceptanceTest.java b/src/test/java/nextstep/subway/acceptance/MemberAcceptanceTest.java index aedeedb1c..343713308 100644 --- a/src/test/java/nextstep/subway/acceptance/MemberAcceptanceTest.java +++ b/src/test/java/nextstep/subway/acceptance/MemberAcceptanceTest.java @@ -10,7 +10,7 @@ import static org.assertj.core.api.Assertions.assertThat; class MemberAcceptanceTest extends AcceptanceTest { - public static final String EMAIL = "email@email.com"; + public static final String EMAIL = "email2@email.com"; public static final String PASSWORD = "password"; public static final int AGE = 20; @@ -67,10 +67,32 @@ void deleteMember() { @DisplayName("회원 정보를 관리한다.") @Test void manageMember() { + // given + ExtractableResponse createResponse = 회원_생성_요청(EMAIL, PASSWORD, AGE); + String newEmail = "new@email.com"; + + // when + ExtractableResponse response = 회원_정보_수정_요청(createResponse, newEmail, PASSWORD, AGE); + ExtractableResponse member = 회원_정보_조회_요청(createResponse); + + // then + assertThat(response.statusCode()).isEqualTo(HttpStatus.OK.value()); + assertThat(member.jsonPath().getString("email")).isEqualTo(newEmail); } @DisplayName("나의 정보를 관리한다.") @Test void manageMyInfo() { + // given + ExtractableResponse createResponse = 회원_생성_요청(EMAIL, PASSWORD, AGE); + String newEmail = "new@email.com"; + + // when + ExtractableResponse response = 베이직_인증으로_내_회원_정보_수정_요청(EMAIL, PASSWORD, newEmail, PASSWORD, AGE); + ExtractableResponse member = 회원_정보_조회_요청(createResponse); + + // then + assertThat(response.statusCode()).isEqualTo(HttpStatus.OK.value()); + assertThat(member.jsonPath().getString("email")).isEqualTo(newEmail); } } \ No newline at end of file diff --git a/src/test/java/nextstep/subway/acceptance/MemberSteps.java b/src/test/java/nextstep/subway/acceptance/MemberSteps.java index ff370ad00..27c980acd 100644 --- a/src/test/java/nextstep/subway/acceptance/MemberSteps.java +++ b/src/test/java/nextstep/subway/acceptance/MemberSteps.java @@ -3,6 +3,7 @@ import io.restassured.RestAssured; import io.restassured.response.ExtractableResponse; import io.restassured.response.Response; +import nextstep.subway.utils.SecurityUtil; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; @@ -65,8 +66,7 @@ public class MemberSteps { params.put("password", password); params.put("age", age + ""); - return RestAssured - .given().log().all() + return SecurityUtil.given() .contentType(MediaType.APPLICATION_JSON_VALUE) .body(params) .when().put(uri) @@ -91,6 +91,23 @@ public class MemberSteps { .extract(); } + public static ExtractableResponse 베이직_인증으로_내_회원_정보_수정_요청(String username, String password, String newEmail, String newPassword, Integer newAge) { + Map params = new HashMap<>(); + params.put("email", newEmail); + params.put("password", newPassword); + params.put("age", newAge + ""); + + return RestAssured.given().log().all() + .auth().preemptive().basic(username, password) + .when() + .body(params) + .contentType(MediaType.APPLICATION_JSON_VALUE) + .put("/members/me") + .then().log().all() + .statusCode(HttpStatus.OK.value()) + .extract(); + } + public static void 회원_정보_조회됨(ExtractableResponse response, String email, int age) { assertThat(response.jsonPath().getString("id")).isNotNull(); assertThat(response.jsonPath().getString("email")).isEqualTo(email); diff --git a/src/test/java/nextstep/subway/utils/SecurityUtil.java b/src/test/java/nextstep/subway/utils/SecurityUtil.java index c7677da42..4e67b6f2c 100644 --- a/src/test/java/nextstep/subway/utils/SecurityUtil.java +++ b/src/test/java/nextstep/subway/utils/SecurityUtil.java @@ -4,17 +4,15 @@ import io.restassured.specification.RequestSpecification; import nextstep.MemberData; import nextstep.auth.token.JwtTokenProvider; -import nextstep.member.domain.RoleType; import org.springframework.test.util.ReflectionTestUtils; -import java.util.List; +import static nextstep.subway.acceptance.MemberSteps.로그인_되어_있음; public class SecurityUtil { - static JwtTokenProvider jwtTokenProvider = getUnlimitedJwtTokenProvider(); - static String token = jwtTokenProvider.createToken(MemberData.admin.getEmail(), List.of(RoleType.ROLE_ADMIN.toString())); - public static RequestSpecification given() { + String token = 로그인_되어_있음(MemberData.admin.getEmail(), MemberData.admin.getPassword()); + return RestAssured.given().log().all() .auth().oauth2(token); }