Merge pull request #25 from MT-TEAM-Org/feat/PH-97

유저의 상태가 ACTIVE 가 아닌 경우 토큰 발급 되지 않도록 처리

Author: net79736

src/main/java/org/myteam/server/auth/service/ReIssueService.java

@@ -100,16 +100,17 @@ public Tokens reissueTokens(HttpServletRequest request) {
             // Refresh Token 검증
             UUID publicId = jwtProvider.getPublicId(refresh);
             String role = jwtProvider.getRole(refresh);
+            String status = jwtProvider.getStatus(refresh);
 
             log.info("publicId: {}, role: {}", publicId, role);
 
             validateRefreshToken(refresh, publicId);
 
             // 새로운 Access 및 Refresh 토큰 생성
             // Authorization
-            String newAccess = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofMinutes(10), publicId, role);
+            String newAccess = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofMinutes(10), publicId, role, status);
             // X-Refresh-Token
-            String newRefresh = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), publicId, role);
+            String newRefresh = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), publicId, role, status);
 
             // 기존 리프레시 토큰 삭제
             deleteByRefreshAndPublicId(refresh, publicId);

src/main/java/org/myteam/server/global/security/dto/CustomUserDetails.java

@@ -45,6 +45,8 @@ public UUID getPublicId() {
         return member.getPublicId();
     }
 
+    public String getStatus() {return member.getStatus().name(); }
+
     @Override
     public boolean isAccountNonExpired() {
         return true;

src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java

@@ -29,6 +29,7 @@
 import static org.myteam.server.auth.controller.ReIssueController.TOKEN_REISSUE_PATH;
 import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_ACCESS;
 import static org.myteam.server.global.security.jwt.JwtProvider.TOKEN_CATEGORY_REFRESH;
+import static org.myteam.server.member.domain.MemberStatus.*;
 import static org.myteam.server.util.cookie.CookieUtil.createCookie;
 
 @Slf4j
@@ -76,9 +77,25 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
 
             String username = customUserDetails.getUsername();
             UUID publicId = customUserDetails.getPublicId();
+            String status = customUserDetails.getStatus();
 
             log.info("successfulAuthentication > username : {}", username);
             log.info("successfulAuthentication > publicId : {}", publicId);
+            log.info("successfulAuthentication > status : {}", status);
+
+            if (status.equals(PENDING.name())) {
+                log.warn("PENDING 상태인 경우 로그인이 불가능합니다");
+                sendErrorResponse(response, HttpStatus.FORBIDDEN, "PENDING 상태인 경우 로그인이 불가능합니다");
+                return;
+            } else if (status.equals(INACTIVE.name())) {
+                log.warn("INACTIVE 상태인 경우 로그인이 불가능합니다");
+                sendErrorResponse(response, HttpStatus.FORBIDDEN, "INACTIVE 상태인 경우 로그인이 불가능합니다");
+                return;
+            } else if (!status.equals(ACTIVE.name())) {
+                log.warn("알 수 없는 유저 상태 코드 : " + status);
+                sendErrorResponse(response, HttpStatus.FORBIDDEN, "알 수 없는 유저 상태 코드 : " + status);
+                return;
+            }
 
             Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
             Iterator<? extends GrantedAuthority> iterator = authorities.iterator();
@@ -88,9 +105,9 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
             String role = auth.getAuthority();
 
             // Authorization
-            String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofMinutes(10), publicId, role);
+            String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofMinutes(10), publicId, role, status);
             // X-Refresh-Token
-            String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), publicId, role);
+            String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), publicId, role, status);
             // URLEncoder.encode: 공백을 %2B 로 처리
             String cookieValue = URLEncoder.encode("Bearer " + refreshToken, StandardCharsets.UTF_8);
 
@@ -136,4 +153,19 @@ public void addRefreshEntity(UUID publicId, String refresh, Duration duration) {
 
         refreshJpaRepository.save(refreshEntity);
     }
+
+    /**
+     * 공통 에러 응답 처리 메서드
+     *
+     * @param response HttpServletResponse
+     * @param httpStatus HTTP 상태 오브젝트
+     * @param message 메시지
+     * @throws IOException
+     */
+    private void sendErrorResponse(HttpServletResponse response, HttpStatus httpStatus, String message) throws IOException {
+        response.setStatus(httpStatus.value());
+        response.setContentType("application/json");
+        response.setCharacterEncoding("UTF-8");
+        response.getWriter().write(String.format("{\"message\":\"%s\",\"status\":\"%s\"}", message, httpStatus.name()));
+    }
 }

src/main/java/org/myteam/server/global/security/filter/TokenAuthenticationFilter.java

@@ -14,6 +14,7 @@
 import org.myteam.server.global.security.dto.CustomUserDetails;
 import org.myteam.server.global.security.jwt.JwtProvider;
 import org.myteam.server.member.domain.MemberRole;
+import org.myteam.server.member.domain.MemberStatus;
 import org.myteam.server.member.entity.Member;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -53,14 +54,17 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                 // 토큰에서 username과 role 획득
                 UUID publicId = jwtProvider.getPublicId(accessToken);
                 String role = jwtProvider.getRole(accessToken);
+                String status = jwtProvider.getStatus(accessToken);
 
                 log.info("publicId : " + publicId);
                 log.info("role : " + role);
+                log.info("status : " + status);
 
                 // Member 를 생성하여 값 set
                 Member member = Member.builder()
                         .publicId(publicId)
                         .role(MemberRole.valueOf(role))
+                        .status(MemberStatus.valueOf(status))
                         .build();
 
                 CustomUserDetails customUserDetails = new CustomUserDetails(member);

src/main/java/org/myteam/server/global/security/jwt/JwtProvider.java

@@ -34,9 +34,9 @@ public class JwtProvider {
      * @param role     String
      * @return String
      */
-    public String generateToken(String category, Duration duration, UUID publicId, String role) {
+    public String generateToken(String category, Duration duration, UUID publicId, String role, String status) {
         Date now = new Date();
-        return makeToken(category, new Date(now.getTime() + duration.toMillis()), publicId, role);
+        return makeToken(category, new Date(now.getTime() + duration.toMillis()), publicId, role, status);
     }
 
     /**
@@ -47,14 +47,15 @@ public String generateToken(String category, Duration duration, UUID publicId, S
      * @param role 권한
      * @return
      */
-    private String makeToken(String category, Date expirationDate, UUID publicId, String role) {
+    private String makeToken(String category, Date expirationDate, UUID publicId, String role, String status) {
         return Jwts.builder()
                 .issuer(jwtProperties.getIssuer())
                 .issuedAt(new Date())
                 .expiration(expirationDate)
                 .claim("category", category)
                 .claim("id", publicId)
                 .claim("role", role)
+                .claim("status", status)
                 .signWith(getSigningKey())
                 .compact();
     }
@@ -111,6 +112,17 @@ public String getRole(final String token) {
         return claims.get("role", String.class);
     }
 
+    /**
+     * 토큰으로부터 사용자 상태(status)을 추출
+     *
+     * @param token String
+     * @return String
+     */
+    public String getStatus(final String token) {
+        Claims claims = getClaims(token);
+        return claims.get("status", String.class);
+    }
+
     /**
      * 토큰으로부터 Claims를 가져옴
      *

src/main/java/org/myteam/server/member/controller/MemberController.java

@@ -86,7 +86,7 @@ public ResponseEntity<?> updateRole(@RequestBody @Valid MemberRoleUpdateRequest
     public ResponseEntity<?> getToken(@PathVariable String email) {
         log.info("getToken 메서드가 실행되었습니다.");
         MemberResponse response = memberService.getByEmail(email);
-        String encode = TOKEN_PREFIX + jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofHours(6), response.getPublicId(), MemberRole.USER.name());
+        String encode = TOKEN_PREFIX + jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofHours(6), response.getPublicId(), MemberRole.USER.name(), response.getStatus().name());
         return new ResponseEntity<>(new ResponseDto<>(SUCCESS.name(), "토큰 조회 성공", encode), HttpStatus.OK);
     }
 }

src/main/java/org/myteam/server/member/controller/MyInfoController.java

@@ -48,9 +48,9 @@ public ResponseEntity<?> create(@RequestBody @Valid MemberSaveRequest memberSave
         MemberResponse response = memberService.create(memberSaveRequest);
 
         // Authorization
-        String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofMinutes(10), response.getPublicId(), response.getRole().name());
+        String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofMinutes(10), response.getPublicId(), response.getRole().name(), response.getStatus().name());
         // X-Refresh-Token
-        String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), response.getPublicId(), response.getRole().name());
+        String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), response.getPublicId(), response.getRole().name(), response.getStatus().name());
         // URLEncoder.encode: 공백을 %2B 로 처리
         String cookieValue = URLEncoder.encode("Bearer " + refreshToken, StandardCharsets.UTF_8);
 

src/main/java/org/myteam/server/oauth2/dto/CustomOAuth2User.java

@@ -1,6 +1,7 @@
 package org.myteam.server.oauth2.dto;
 
 import lombok.Getter;
+import org.myteam.server.member.domain.MemberStatus;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 
@@ -15,10 +16,12 @@ public class CustomOAuth2User implements OAuth2User {
     private String username;
     private String role;
     private UUID publicId;
-    public CustomOAuth2User(String username, String role, UUID publicId) {
+    private MemberStatus status;
+    public CustomOAuth2User(String username, String role, UUID publicId, MemberStatus status) {
         this.username = username;
         this.role = role;
         this.publicId = publicId;
+        this.status = status;
     }
     @Override
     public <A> A getAttribute(String name) {
@@ -47,4 +50,5 @@ public String getName() {
     }
 
     public UUID getPublicId() { return publicId; }
+    public MemberStatus getStatus() { return status; }
 }

src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java

@@ -24,6 +24,7 @@
 import static org.myteam.server.auth.controller.ReIssueController.LOGOUT_PATH;
 import static org.myteam.server.auth.controller.ReIssueController.TOKEN_REISSUE_PATH;
 import static org.myteam.server.global.security.jwt.JwtProvider.*;
+import static org.myteam.server.member.domain.MemberStatus.*;
 import static org.myteam.server.util.cookie.CookieUtil.createCookie;
 
 @Slf4j
@@ -43,13 +44,33 @@ public CustomOauth2SuccessHandler(JwtProvider jwtProvider, MemberJpaRepository m
 
     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
-        log.info("onAuthenticationSuccess : Oauth 로그인 성공");
+        log.info("onAuthenticationSuccess : Oauth 인증 성공");
         CustomOAuth2User customUserDetails = (CustomOAuth2User) authentication.getPrincipal();
+
         String email = customUserDetails.getUsername();
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         Iterator<? extends GrantedAuthority> iterator = authorities.iterator();
         GrantedAuthority auth = iterator.next();
         String role = auth.getAuthority();
+        String status = customUserDetails.getStatus().name();
+
+        if (status.equals(PENDING.name())) {
+            log.warn("PENDING 상태인 경우 로그인이 불가능합니다");
+            // sendErrorResponse(response, HttpStatus.FORBIDDEN, "PENDING 상태인 경우 로그인이 불가능합니다");
+            response.sendRedirect(frontUrl + "?status=" + status);
+            return;
+        } else if (status.equals(INACTIVE.name())) {
+            log.warn("INACTIVE 상태인 경우 로그인이 불가능합니다");
+            // sendErrorResponse(response, HttpStatus.FORBIDDEN, "INACTIVE 상태인 경우 로그인이 불가능합니다");
+            response.sendRedirect(frontUrl + "?status=" + status);
+            return;
+        } else if (!status.equals(ACTIVE.name())) {
+            log.warn("알 수 없는 유저 상태 코드 : " + status);
+            // sendErrorResponse(response, HttpStatus.FORBIDDEN, "INACTIVE 상태인 경우 로그인이 불가능합니다");
+            response.sendRedirect(frontUrl + "?status=" + status);
+            return;
+        }
+
         log.info("onAuthenticationSuccess email: {}", email);
         log.info("onAuthenticationSuccess role: {}", role);
         //유저확인
@@ -58,9 +79,9 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         log.info("onAuthenticationSuccess publicId: {}", member.getPublicId());
         log.info("onAuthenticationSuccess role: {}", member.getRole());
         // Authorization
-        String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofHours(1), member.getPublicId(), member.getRole().name());
+        String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofHours(1), member.getPublicId(), member.getRole().name(), member.getStatus().name());
         // X-Refresh-Token
-        String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofDays(7), member.getPublicId(), member.getRole().name());
+        String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofDays(7), member.getPublicId(), member.getRole().name(), member.getStatus().name());
         String cookieValue = URLEncoder.encode("Bearer " + refreshToken, StandardCharsets.UTF_8);
 
         // redirect 순간 Header 값 날아감

src/main/java/org/myteam/server/oauth2/service/CustomOAuth2UserService.java

@@ -7,7 +7,6 @@
 import org.myteam.server.member.domain.MemberType;
 import org.myteam.server.member.entity.Member;
 import org.myteam.server.member.repository.MemberJpaRepository;
-import org.myteam.server.oauth2.constant.OAuth2ServiceProvider;
 import org.myteam.server.oauth2.dto.CustomOAuth2User;
 import org.myteam.server.oauth2.response.*;
 import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
@@ -87,11 +86,13 @@ private OAuth2User handleExistingMember(Member member, OAuth2Response oAuth2Resp
             log.debug("name : {}", oAuth2Response.getName());
             log.debug("provider : {}", oAuth2Response.getProvider());
             log.debug("provider.name : {}", MemberType.fromOAuth2Provider(oAuth2Response.getProvider()).name());
+            log.debug("provider.status : {}", member.getStatus().name());
 
             member.updateEmail(oAuth2Response.getEmail());
 
-            return new CustomOAuth2User(member.getEmail(), member.getRole().name(), member.getPublicId());
+            return new CustomOAuth2User(member.getEmail(), member.getRole().name(), member.getPublicId(), member.getStatus());
         } else {
+            // 로컬 이메일 계정으로 존재하는 유저
             throw new PlayHiveException(ErrorCode.USER_ALREADY_EXISTS);
         }
     }
@@ -115,7 +116,7 @@ private OAuth2User createNewMember(OAuth2Response oAuth2Response, String provide
                 .build();
 
         memberJpaRepository.save(newMember);
-        return new CustomOAuth2User(oAuth2Response.getEmail(), USER.name(), publicId);
+        return new CustomOAuth2User(oAuth2Response.getEmail(), USER.name(), publicId, newMember.getStatus());
     }
 
     /**