Authorization 헤더를 응답하도록 변경

backend/src/main/java/codezap/auth/configuration/AuthArgumentResolver.java

@@ -3,8 +3,11 @@
 import codezap.auth.dto.Credential;
 import codezap.auth.manager.CredentialManager;
 import codezap.auth.provider.CredentialProvider;
+import codezap.global.exception.CodeZapException;
+import codezap.global.exception.ErrorCode;
 import codezap.member.domain.Member;
 import jakarta.servlet.http.HttpServletRequest;
+import java.util.List;
 import java.util.Objects;
 import lombok.RequiredArgsConstructor;
 import org.springframework.core.MethodParameter;
@@ -17,7 +20,7 @@
 @RequiredArgsConstructor
 public class AuthArgumentResolver implements HandlerMethodArgumentResolver {
 
-    private final CredentialManager credentialManager;
+    private final List<CredentialManager> credentialManagers;
     private final CredentialProvider credentialProvider;
 
     @Override
@@ -35,10 +38,19 @@ public Member resolveArgument(
         AuthenticationPrinciple parameterAnnotation = parameter.getParameterAnnotation(AuthenticationPrinciple.class);
         boolean supported = Objects.nonNull(parameterAnnotation);
         HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
-        if (supported && !parameterAnnotation.required() && !credentialManager.hasCredential(request)) {
+        if (supported && !parameterAnnotation.required() && !hasCredential(request)) {
             return null;
         }
+        CredentialManager credentialManager = credentialManagers.stream()
+                .filter(eachCredentialManager -> eachCredentialManager.hasCredential(request))
+                .findFirst()
+                .orElseThrow(() -> new CodeZapException(ErrorCode.UNAUTHORIZED_USER, "인증 정보가 없습니다. 다시 로그인 해 주세요."));
         Credential credential = credentialManager.getCredential(request);
         return credentialProvider.extractMember(credential);
     }
+
+    private boolean hasCredential(HttpServletRequest request) {
+        return credentialManagers.stream()
+                .anyMatch(credentialManager -> credentialManager.hasCredential(request));
+    }
 }

backend/src/main/java/codezap/auth/configuration/AuthWebConfiguration.java

@@ -14,11 +14,11 @@
 @RequiredArgsConstructor
 public class AuthWebConfiguration implements WebMvcConfigurer {
 
-    private final CredentialManager credentialManager;
+    private final List<CredentialManager> credentialManagers;
     private final CredentialProvider credentialProvider;
 
     @Override
     public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
-        resolvers.add(new AuthArgumentResolver(credentialManager, credentialProvider));
+        resolvers.add(new AuthArgumentResolver(credentialManagers, credentialProvider));
     }
 }

backend/src/main/java/codezap/auth/controller/AuthController.java

@@ -1,15 +1,18 @@
 package codezap.auth.controller;
 
+import codezap.auth.dto.Credential;
 import codezap.auth.dto.LoginMember;
 import codezap.auth.dto.request.LoginRequest;
 import codezap.auth.dto.response.LoginResponse;
-import codezap.auth.dto.Credential;
 import codezap.auth.manager.CredentialManager;
 import codezap.auth.provider.CredentialProvider;
 import codezap.auth.service.AuthService;
+import codezap.global.exception.CodeZapException;
+import codezap.global.exception.ErrorCode;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
+import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -21,7 +24,7 @@
 @RequiredArgsConstructor
 public class AuthController implements SpringDocAuthController {
 
-    private final CredentialManager credentialManager;
+    private final List<CredentialManager> credentialManagers;
     private final CredentialProvider credentialProvider;
     private final AuthService authService;
 
@@ -32,20 +35,29 @@ public ResponseEntity<LoginResponse> login(
     ) {
         LoginMember loginMember = authService.login(loginRequest);
         Credential credential = credentialProvider.createCredential(loginMember);
-        credentialManager.setCredential(httpServletResponse, credential);
+        credentialManagers.forEach(
+                credentialManager -> credentialManager.setCredential(httpServletResponse, credential)
+        );
         return ResponseEntity.ok(LoginResponse.from(loginMember));
     }
 
     @GetMapping("/login/check")
     public ResponseEntity<Void> checkLogin(HttpServletRequest httpServletRequest) {
+        //ArgumentResolver 와 동작이 일치
+        CredentialManager credentialManager = credentialManagers.stream()
+                .filter(eachCredentialManager -> eachCredentialManager.hasCredential(httpServletRequest))
+                .findFirst()
+                .orElseThrow(() -> new CodeZapException(ErrorCode.UNAUTHORIZED_USER, "인증 정보가 없습니다. 다시 로그인 해 주세요."));
         Credential credential = credentialManager.getCredential(httpServletRequest);
         credentialProvider.extractMember(credential);
         return ResponseEntity.ok().build();
     }
 
     @PostMapping("/logout")
     public ResponseEntity<Void> logout(HttpServletResponse httpServletResponse) {
-        credentialManager.removeCredential(httpServletResponse);
+        credentialManagers.forEach(
+                credentialManager -> credentialManager.removeCredential(httpServletResponse)
+        );
         return ResponseEntity.noContent().build();
     }
 }

backend/src/main/java/codezap/auth/manager/AuthorizationHeaderCredentialManager.java

@@ -7,7 +7,9 @@
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpHeaders;
+import org.springframework.stereotype.Component;
 
+@Component
 @RequiredArgsConstructor
 public class AuthorizationHeaderCredentialManager implements CredentialManager {
 

backend/src/test/java/codezap/auth/AuthTest.java

@@ -0,0 +1,155 @@
+package codezap.auth;
+
+import static org.hamcrest.text.MatchesPattern.matchesPattern;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import codezap.auth.dto.request.LoginRequest;
+import codezap.global.MvcTest;
+import codezap.member.dto.request.SignupRequest;
+import jakarta.servlet.http.Cookie;
+import java.util.regex.Pattern;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.ResultActions;
+
+class AuthTest extends MvcTest {
+
+    @Nested
+    @DisplayName("로그인 테스트")
+    class Login {
+
+        @Nested
+        @DisplayName("로그인에 성공:")
+        class Success {
+
+            private final String name = "name";
+            private final String password = "password123!";
+
+            private MvcResult loginResult;
+
+            @BeforeEach
+            void successLogin() throws Exception {
+                signup(name, password);
+                loginResult = requestLogin(name, password).andReturn();
+            }
+
+            @Test
+            @DisplayName("정상적인 인증 쿠키 반환")
+            void responseCookie() throws Exception {
+                //when
+                Cookie[] cookies = loginResult.getResponse().getCookies();
+
+                //then
+                mvc.perform(get("/login/check")
+                                .cookie(cookies))
+                        .andExpect(status().isOk());
+            }
+
+            @Test
+            @DisplayName("정상적인 인증 헤더 반환")
+            void responseHeader() throws Exception {
+                //when & then
+                MockHttpServletResponse response = loginResult.getResponse();
+                String authorizationHeader = response.getHeader(HttpHeaders.AUTHORIZATION);
+
+                mvc.perform(get("/login/check")
+                                .header(HttpHeaders.AUTHORIZATION, authorizationHeader))
+                        .andExpect(status().isOk());
+            }
+        }
+
+        @Nested
+        @DisplayName("로그인 실패:")
+        class FailLogin {
+
+            @Test
+            @DisplayName("회원가입 하지 않은 정보로 로그인 시도")
+            void noSignup() throws Exception {
+                String notExistName = "noSignup";
+                requestLogin(notExistName, "password123!")
+                        .andExpect(status().isUnauthorized())
+                        .andExpect(jsonPath("$.detail").value("존재하지 않는 아이디 %s 입니다.".formatted(notExistName)));
+            }
+
+            @Test
+            @DisplayName("잘못된 비밀번호로 로그인 시도")
+            void wrongPassword() throws Exception {
+                String name = "name";
+                String password = "password123!";
+                signup(name, password);
+
+                requestLogin(name, password)
+                        .andExpect(status().isUnauthorized())
+                        .andExpect(jsonPath("$.detail").value("로그인에 실패하였습니다. 비밀번호를 확인해주세요."));
+            }
+        }
+    }
+
+    @Nested
+    @DisplayName("로그인 확인")
+    class CheckLogin {
+
+        @Test
+        @DisplayName("실패: 인증 정보 없음")
+        void noCredential() throws Exception {
+            mvc.perform(get("/login/check"))
+                    .andExpect(status().isUnauthorized())
+                    .andExpect(jsonPath("$.detail").value("인증 정보가 없습니다. 다시 로그인 해 주세요."));
+        }
+    }
+
+    @Nested
+    @DisplayName("로그아웃 성공:")
+    class Logout {
+
+        @Test
+        @DisplayName("쿠키 인증 정보를 정상적으로 삭제")
+        void logoutWithCookie() throws Exception {
+            //given
+            String name = "name";
+            String password = "password123!";
+            signup(name, password);
+            MvcResult loginResponse = requestLogin(name, password).andReturn();
+            Pattern expireCookieRegex = Pattern.compile("credential=.*?; Max-Age=0;.*?");
+
+            //when
+            mvc.perform(post("/logout")
+                            .cookie(loginResponse.getResponse().getCookies()))
+                    .andExpect(header().string(HttpHeaders.SET_COOKIE, matchesPattern(expireCookieRegex)))
+                    .andReturn();
+        }
+
+        @Disabled
+        @Test
+        @DisplayName("Authorization 헤더의 로그아웃은 클라이언트에서 구현을 한다.")
+        void loginWithAuthorizationHeader() {
+        }
+    }
+
+    private void signup(String name, String password) throws Exception {
+        SignupRequest signupRequest = new SignupRequest(name, password);
+
+        mvc.perform(post("/signup")
+                .accept(MediaType.APPLICATION_JSON)
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(objectMapper.writeValueAsString(signupRequest)));
+    }
+
+    private ResultActions requestLogin(String name, String password) throws Exception {
+        return mvc.perform(post("/login")
+                .accept(MediaType.APPLICATION_JSON)
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(objectMapper.writeValueAsString(new LoginRequest(name, password))));
+    }
+}

backend/src/test/java/codezap/auth/configuration/AuthArgumentResolverTest.java

@@ -5,8 +5,10 @@
 
 import codezap.auth.dto.LoginMember;
 import codezap.auth.dto.Credential;
+import codezap.auth.manager.AuthorizationHeaderCredentialManager;
 import java.lang.reflect.Method;
 
+import java.util.List;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
@@ -28,8 +30,10 @@
 
 class AuthArgumentResolverTest {
     private final CredentialProvider credentialProvider = new PlainCredentialProvider();
-    private final CredentialManager credentialManager = new CookieCredentialManager();
-    private final AuthArgumentResolver authArgumentResolver = new AuthArgumentResolver(credentialManager, credentialProvider);
+    private final List<CredentialManager> credentialManagers =
+            List.of(new CookieCredentialManager(), new AuthorizationHeaderCredentialManager());
+
+    private final AuthArgumentResolver authArgumentResolver = new AuthArgumentResolver(credentialManagers, credentialProvider);
 
     @Nested
     @DisplayName("지원하는 파라미터 테스트")
@@ -131,7 +135,7 @@ void noCredentialTest() {
                 //when & then
                 assertThatThrownBy(() -> resolveArgument(requiredMethod, nativeWebRequest))
                         .isInstanceOf(CodeZapException.class)
-                        .hasMessage("쿠키가 없어서 회원 정보를 찾을 수 없습니다. 다시 로그인해주세요.");
+                        .hasMessage("인증 정보가 없습니다. 다시 로그인 해 주세요.");
             }
 
             @Test
@@ -159,7 +163,8 @@ private Member resolveArgument(Method method, NativeWebRequest webRequest) {
         private void setCredentialCookie(MockHttpServletRequest request, Member member) {
             MockHttpServletResponse mockResponse = new MockHttpServletResponse();
             Credential credential = credentialProvider.createCredential(LoginMember.from(member));
-            credentialManager.setCredential(mockResponse, credential);
+            credentialManagers.forEach(
+                    credentialManager -> credentialManager.setCredential(mockResponse, credential));
             request.setCookies(mockResponse.getCookies());
         }
     }

backend/src/test/java/codezap/global/MvcTest.java

@@ -0,0 +1,26 @@
+package codezap.global;
+
+import codezap.global.cors.CorsProperties;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.BeforeEach;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+@SpringBootTest
+@EnableConfigurationProperties(CorsProperties.class)
+public abstract class MvcTest {
+
+    protected MockMvc mvc;
+    protected ObjectMapper objectMapper;
+
+
+    @BeforeEach
+    void setUp(WebApplicationContext webApplicationContext) {
+        mvc = MockMvcBuilders.webAppContextSetup(webApplicationContext)
+                .build();
+        objectMapper = new ObjectMapper();
+    }
+}