Merge pull request #242 from morib-in/feat#217

fix : 제대로된 로깅을 보기 위한 클래스 상속받아서 로깅 진행

Author: khyojun

morib/src/main/java/org/morib/server/global/config/DebugOAuth2AuthorizationRequestRepository.java

@@ -0,0 +1,81 @@
+package org.morib.server.global.config;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
+import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+
+@Slf4j
+public class DebugOAuth2AuthorizationRequestRepository implements AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
+
+    private final HttpSessionOAuth2AuthorizationRequestRepository delegate = new HttpSessionOAuth2AuthorizationRequestRepository();
+
+    @Override
+    public OAuth2AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
+        log.info("=== loadAuthorizationRequest DEBUG START ===");
+        log.info("Request URI: {}", request.getRequestURI());
+        log.info("Request Method: {}", request.getMethod());
+        log.info("Session ID: {}", request.getSession(false) != null ? request.getSession(false).getId() : "NO SESSION");
+        
+        // 1. State 파라미터 확인
+        String stateParameter = request.getParameter(OAuth2ParameterNames.STATE);
+        log.info("1. State parameter from request: {}", stateParameter);
+        
+        if (stateParameter == null) {
+            log.error("❌ State parameter is NULL - returning null");
+            return null;
+        }
+        
+        // 2. 실제 delegate에서 Authorization Request 찾기
+        OAuth2AuthorizationRequest authorizationRequest = delegate.loadAuthorizationRequest(request);
+        log.info("2. Authorization request from session: {}", authorizationRequest != null ? "FOUND" : "NULL");
+        
+        if (authorizationRequest == null) {
+            log.error("❌ Authorization request NOT FOUND in session - returning null");
+            return null;
+        }
+        
+        // 3. State 비교
+        String sessionState = authorizationRequest.getState();
+        log.info("3. State comparison:");
+        log.info("   Request state: {}", stateParameter);
+        log.info("   Session state: {}", sessionState);
+        log.info("   States equal: {}", stateParameter.equals(sessionState));
+        
+        boolean statesMatch = stateParameter.equals(sessionState);
+        if (!statesMatch) {
+            log.error("❌ State MISMATCH - returning null");
+            log.error("   Request state length: {}", stateParameter.length());
+            log.error("   Session state length: {}", sessionState.length());
+            // 첫 50자만 비교 로깅
+            log.error("   Request state (first 50): {}", stateParameter.length() > 50 ? stateParameter.substring(0, 50) + "..." : stateParameter);
+            log.error("   Session state (first 50): {}", sessionState.length() > 50 ? sessionState.substring(0, 50) + "..." : sessionState);
+            return null;
+        }
+        
+        log.info("✅ All checks passed - returning authorization request");
+        return authorizationRequest;
+    }
+
+    @Override
+    public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest, HttpServletRequest request, HttpServletResponse response) {
+        log.info("=== saveAuthorizationRequest DEBUG ===");
+        log.info("Session ID: {}", request.getSession(true).getId());
+        log.info("State being saved: {}", authorizationRequest != null ? authorizationRequest.getState() : "NULL");
+        log.info("Registration ID: {}", authorizationRequest != null ? authorizationRequest.getAttribute("registration_id") : "NULL");
+        
+        delegate.saveAuthorizationRequest(authorizationRequest, request, response);
+        log.info("✅ Authorization request saved successfully");
+    }
+
+    @Override
+    public OAuth2AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) {
+        log.info("=== removeAuthorizationRequest DEBUG ===");
+        OAuth2AuthorizationRequest result = delegate.removeAuthorizationRequest(request, response);
+        log.info("Remove result: {}", result != null ? "SUCCESS" : "NULL");
+        return result;
+    }
+} 

morib/src/main/java/org/morib/server/global/config/SecurityConfig.java

@@ -58,10 +58,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     oauth2.failureHandler(oAuth2LoginFailureHandler);
                     oauth2.tokenEndpoint(tokenEndpointConfig -> tokenEndpointConfig.accessTokenResponseClient(accessTokenResponseClient(customRequestEntityConverter())));
                     oauth2.userInfoEndpoint(user -> user.userService(customOAuth2UserService));
-                    oauth2.authorizationEndpoint(auth -> auth
-                            .authorizationRequestRepository(authorizationRequestRepository())
-                            .authorizationRequestResolver(customAuthorizationRequestResolver));
-
+                    // oauth2.authorizationEndpoint(auth -> auth
+                    //         .authorizationRequestResolver(customAuthorizationRequestResolver));
                 });
 
         http.authorizeHttpRequests((auth) -> auth
@@ -91,9 +89,4 @@ public JwtAuthenticationFilter jwtAuthenticationFilter() {
         return new JwtAuthenticationFilter(jwtService, userRepository, customJwtAuthenticationEntryPoint);
     }
 
-    @Bean
-    public HttpSessionOAuth2AuthorizationRequestRepository authorizationRequestRepository() {
-        return new HttpSessionOAuth2AuthorizationRequestRepository();
-    }
-
 }

morib/src/main/java/org/morib/server/global/oauth2/handler/OAuth2LoginSuccessHandler.java

@@ -16,6 +16,7 @@
 import org.morib.server.domain.user.infra.type.Role;
 import org.morib.server.global.common.SecretProperties;
 import org.morib.server.global.common.util.DataUtils;
+import org.morib.server.global.config.DebugOAuth2AuthorizationRequestRepository;
 import org.morib.server.global.exception.BusinessException;
 import org.morib.server.global.exception.NotFoundException;
 import org.morib.server.global.exception.UnauthorizedException;
@@ -60,7 +61,7 @@ public class  OAuth2LoginSuccessHandler implements AuthenticationSuccessHandler
     private final UserManager userManager;
     private final ObjectMapper objectMapper = new ObjectMapper();
     private static final String IS_ONBOARDING_COMPLETED = "isOnboardingCompleted";
-    private final HttpSessionOAuth2AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
+    private final DebugOAuth2AuthorizationRequestRepository authorizationRequestRepository;
 
 
 
@@ -98,14 +99,25 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
                 log.warn("State parameter is missing or invalid. Cannot determine client type. Defaulting to 'web'.");
             } else {
                 log.info("now in else phase");
-                byte[] decodedBytes = Base64.getUrlDecoder().decode(encodedStateFromRequest);
-                String stateJson = new String(decodedBytes, StandardCharsets.UTF_8);
-                Map<String, String> stateMap = objectMapper.readValue(stateJson, new TypeReference<Map<String, String>>() {});
-
-                log.info("now before clientType");
-                clientType = stateMap.getOrDefault(STATE_CLIENT_TYPE_KEY, "web");
-                String originalCsrfToken = stateMap.get(STATE_CSRF_KEY);
-                log.info("Successfully validated state. Client Type: {}, Original CSRF: {}", clientType, originalCsrfToken);
+                
+                // Apple은 원본 state 사용으로 JSON 파싱 불가 - 특별 처리
+                CustomOAuth2User tempOAuth2User = (CustomOAuth2User) authentication.getPrincipal();
+                String registrationId = tempOAuth2User.getRegistrationId();
+                
+                if ("apple".equals(registrationId)) {
+                    log.info("Apple 로그인: 원본 state 사용, clientType을 web으로 기본 설정");
+                    clientType = "web"; // Apple은 기본적으로 web으로 처리
+                } else {
+                    // 다른 provider는 기존 JSON 파싱 방식
+                    byte[] decodedBytes = Base64.getUrlDecoder().decode(encodedStateFromRequest);
+                    String stateJson = new String(decodedBytes, StandardCharsets.UTF_8);
+                    Map<String, String> stateMap = objectMapper.readValue(stateJson, new TypeReference<Map<String, String>>() {});
+
+                    log.info("now before clientType");
+                    clientType = stateMap.getOrDefault(STATE_CLIENT_TYPE_KEY, "web");
+                    String originalCsrfToken = stateMap.get(STATE_CSRF_KEY);
+                    log.info("Successfully validated state. Client Type: {}, Original CSRF: {}", clientType, originalCsrfToken);
+                }
             }
 
             CustomOAuth2User oAuth2User = (CustomOAuth2User) authentication.getPrincipal();