[Feature] 봉사자 ID, PW 로그인 추가 (#282)

* feat(user): email 사용 철회에 따라서 accountId로 변경

* feat(user): accountId 기준 User 조회 기능 추가

* feat(auth): 기관에만 한정되지 않도록 수정

* feat(auth): sign 컨트롤러 수정

* feat(auth): id, pw 인증 과정 수정, 개선

* feat(auth): id, pw 인증/인가 성공 로직 수정

- 쿠키가 아닌 응답값의 헤더로 jwt 액세스 토큰을 전달

* feat(auth): 인증 토큰 정적 팩토리 메서드 추가

* feat(auth): id, pw 인증 엔드포인트 수정, 불필요한 라인 삭제

* test(user): 프로덕션 코드 변화에 따라서 테스트 개선

* feat(auth): idpw 필터 의존성 주입 변경

* test(user): 유저 계정 아이디 기반 조회 테스트 추가

* refactor: 깃허브 개행 문제 해결

* refactor: 빈 파일 삭제

* refactor: 소나 이슈 해결

- 사용하지 않는 import
- 테스트 코드 개선

* refactor: 코드 리뷰 반영

- 불필요한 라인 삭제 및 수정

* refactor: 코드 리뷰 반영

- from에서 of로 변경

Author: m-a-king

src/main/java/com/somemore/global/auth/authentication/JwtAuthenticationToken.java

@@ -1,11 +1,15 @@
 package com.somemore.global.auth.authentication;
 
+import com.somemore.global.auth.jwt.domain.EncodedToken;
+import com.somemore.user.domain.User;
 import lombok.EqualsAndHashCode;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 import java.io.Serializable;
 import java.util.Collection;
+import java.util.List;
 
 @EqualsAndHashCode(callSuper = true)
 public class JwtAuthenticationToken extends AbstractAuthenticationToken {
@@ -30,4 +34,20 @@ public Object getCredentials() {
     public Object getPrincipal() {
         return principal;
     }
+
+    public static JwtAuthenticationToken of(User user, EncodedToken accessToken) {
+        return new JwtAuthenticationToken(
+                user.getId(),
+                accessToken,
+                List.of(new SimpleGrantedAuthority(user.getRole().getAuthority()))
+        );
+    }
+
+    public static JwtAuthenticationToken of(String userId, String role, EncodedToken accessToken) {
+        return new JwtAuthenticationToken(
+                userId,
+                accessToken,
+                List.of(new SimpleGrantedAuthority(role))
+        );
+    }
 }

src/main/java/com/somemore/domains/center/controller/CenterSignController.java renamed to src/main/java/com/somemore/global/auth/controller/SignController.java

@@ -1,35 +1,38 @@
-package com.somemore.domains.center.controller;
+package com.somemore.global.auth.controller;
 
-import com.somemore.domains.center.dto.request.CenterSignRequestDto;
+import com.somemore.global.auth.dto.SignRequestDto;
 import com.somemore.global.auth.signout.usecase.SignOutUseCase;
 import com.somemore.global.common.response.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@Slf4j
 @RequiredArgsConstructor
 @RequestMapping("/api/center")
-@Tag(name = "center Sign API", description = "기관 로그인, 로그아웃")
-public class CenterSignController {
+@Tag(name = "Sign API", description = "ID,PW 로그인, 로그아웃")
+public class SignController {
 
     private final SignOutUseCase signOutUseCase;
 
     /*
-     * 기관 로그인 엔드포인트
+     * ID 및 PW 기반 로그인 엔드포인트 (Swagger 문서화를 위한 엔드포인트)
+     *
+     * 이 엔드포인트는 실제로 작동하지 않으며, Spring Security 필터 체인에 의해 요청이 처리됩니다.
+     * 로그인 요청은 필터에서 가로채어 인증 절차를 수행하며, 이 엔드포인트로 전달되지 않습니다.
+     * 따라서 이 엔드포인트는 로그인 요청의 처리를 위한 진입점이 아니라,
+     * Swagger API 문서화를 위해 정의된 엔드포인트입니다.
+     *
      * 실제 로그인 절차는 필터에서 처리됩니다.
-     * 이 엔드포인트는 로그인 요청을 받아 필터에 의한 인증 절차를 수행합니다.
      */
     @PostMapping("/sign-in")
     public ApiResponse<String> signIn(
-            @RequestParam CenterSignRequestDto requestDto
+            @RequestParam SignRequestDto signRequestDto
     ) {
         return ApiResponse.ok("로그인되었습니다.");
     }

src/main/java/com/somemore/domains/center/dto/request/CenterSignRequestDto.java renamed to src/main/java/com/somemore/global/auth/dto/SignRequestDto.java

@@ -1,17 +1,14 @@
-package com.somemore.domains.center.dto.request;
+package com.somemore.global.auth.dto;
 
 import com.fasterxml.jackson.databind.PropertyNamingStrategies.SnakeCaseStrategy;
 import com.fasterxml.jackson.databind.annotation.JsonNaming;
 import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Builder;
 
 @JsonNaming(SnakeCaseStrategy.class)
-@Builder
-public record CenterSignRequestDto(
-        @Schema(description = "기관 아이디", example = "somemore")
+public record SignRequestDto(
+        @Schema(description = "ID", example = "somemore")
         String accountId,
-        @Schema(description = "기관 패스워드", example = "password1234")
+        @Schema(description = "PW", example = "password1234")
         String accountPassword
 ) {
-
 }

src/main/java/com/somemore/global/auth/idpw/filter/IdPwAuthFilter.java

@@ -3,8 +3,8 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.somemore.global.auth.cookie.CookieUseCase;
 import com.somemore.global.auth.jwt.domain.EncodedToken;
-import com.somemore.user.domain.UserRole;
 import com.somemore.global.auth.jwt.usecase.GenerateTokensOnLoginUseCase;
+import com.somemore.user.domain.UserRole;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -17,6 +17,7 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import java.io.IOException;
@@ -28,7 +29,7 @@ public class IdPwAuthFilter extends UsernamePasswordAuthenticationFilter {
 
     private final AuthenticationManager authenticationManager;
     private final GenerateTokensOnLoginUseCase generateTokensOnLoginUseCase;
-    private final CookieUseCase cookieUseCase;
+//    private final CookieUseCase cookieUseCase;
     private final ObjectMapper objectMapper;
 
     @Override
@@ -43,8 +44,16 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
     @Override
     protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) {
         response.setStatus(HttpServletResponse.SC_OK);
-        EncodedToken accessToken = generateTokensOnLoginUseCase.saveRefreshTokenAndReturnAccessToken(UUID.fromString(authResult.getName()), UserRole.CENTER);
-        cookieUseCase.setAccessToken(response, accessToken.value());
+        EncodedToken accessToken =
+                generateTokensOnLoginUseCase.saveRefreshTokenAndReturnAccessToken(
+                        UUID.fromString(authResult.getName()),
+                        UserRole.from(authResult.getAuthorities().stream()
+                                .findFirst()
+                                .map(GrantedAuthority::getAuthority)
+                                .orElseThrow(() -> new IllegalStateException("유저 권한 자체가 존재하지 않습니다."))));
+
+        response.setHeader("Authorization", accessToken.getValueWithPrefix());
+        // cookieUseCase.setAccessToken(response, accessToken.value());
     }
 
     @Override
@@ -64,8 +73,8 @@ private void configureUnauthorizedResponse(HttpServletResponse response) {
     private ProblemDetail buildUnauthorizedProblemDetail(AuthenticationException e) {
         log.error("IdPwAuthFilter 예외 발생: {}", e.getMessage());
 
-        ProblemDetail problemDetail = ProblemDetail.forStatusAndDetail(HttpStatus.UNAUTHORIZED, "인증에서 오류가 발생했습니다.");
-        problemDetail.setTitle("인증 에러");
+        ProblemDetail problemDetail = ProblemDetail.forStatusAndDetail(HttpStatus.UNAUTHORIZED, "ID, PW 인증/인가에서 오류가 발생했습니다.");
+        problemDetail.setTitle("인증/인가 에러");
         problemDetail.setProperty("timestamp", System.currentTimeMillis());
         return problemDetail;
     }

src/main/java/com/somemore/global/auth/idpw/provider/CustomAuthenticationProvider.java

@@ -3,57 +3,60 @@
 import com.somemore.global.auth.authentication.JwtAuthenticationToken;
 import com.somemore.global.auth.jwt.domain.EncodedToken;
 import com.somemore.global.auth.jwt.domain.TokenType;
-import com.somemore.user.domain.UserRole;
 import com.somemore.global.auth.jwt.usecase.JwtUseCase;
-import com.somemore.domains.center.usecase.query.CenterSignUseCase;
+import com.somemore.user.domain.User;
+import com.somemore.user.usecase.UserQueryUseCase;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 
-import java.util.List;
-
 @Component
 @RequiredArgsConstructor
 @Transactional(readOnly = true)
 public class CustomAuthenticationProvider implements AuthenticationProvider {
 
-    private final CenterSignUseCase centerSignUseCase;
     private final JwtUseCase jwtUseCase;
     private final PasswordEncoder passwordEncoder;
+    private final UserQueryUseCase userQueryUseCase;
 
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
         String accountId = authentication.getName();
         String rawAccountPassword = authentication.getCredentials().toString();
 
-        String centerId = centerSignUseCase.getIdByAccountId(accountId).toString();
-        String encodedPassword = centerSignUseCase.getPasswordByAccountId(accountId);
-
-        if (passwordEncoder.matches(rawAccountPassword, encodedPassword)) {
-            EncodedToken accessToken = jwtUseCase.generateToken(
-                    centerId,
-                    UserRole.CENTER.getAuthority(),
-                    TokenType.ACCESS
-            );
-
-            return new JwtAuthenticationToken(
-                    centerId,
-                    accessToken,
-                    List.of(new SimpleGrantedAuthority(UserRole.CENTER.getAuthority()))
-            );
-        }
+        User user = userQueryUseCase.getByAccountId(accountId);
+
+        validatePassword(rawAccountPassword, user.getPassword());
 
-        return null;
+        EncodedToken accessToken = generateAccessToken(user);
+
+        return JwtAuthenticationToken.of(user, accessToken);
     }
 
     @Override
     public boolean supports(Class<?> authentication) {
         return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
     }
+
+    private EncodedToken generateAccessToken(User user) {
+        return jwtUseCase.generateToken(
+                user.getId().toString(),
+                user.getRole().getAuthority(),
+                TokenType.ACCESS
+        );
+    }
+
+    private void validatePassword(String rawPassword, String encodedPassword) {
+        if (!passwordEncoder.matches(rawPassword, encodedPassword)) {
+            throw new BadCredentialsException("비밀번호가 일치하지 않습니다.");
+        }
+
+        // TODO 비활성 계정 검증
+    }
 }

src/main/java/com/somemore/global/auth/jwt/filter/JwtAuthFilter.java

@@ -15,14 +15,12 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import java.io.IOException;
 import java.util.Arrays;
-import java.util.List;
 import java.util.Objects;
 
 @RequiredArgsConstructor
@@ -101,10 +99,6 @@ private JwtAuthenticationToken createAuthenticationToken(Claims claims,
         String userId = claims.get("id", String.class);
         String role = claims.get("role", String.class);
 
-        return new JwtAuthenticationToken(
-                userId,
-                accessToken,
-                List.of(new SimpleGrantedAuthority(role))
-        );
+        return JwtAuthenticationToken.of(userId, role, accessToken);
     }
 }

src/main/java/com/somemore/global/config/SecurityConfig.java

@@ -1,7 +1,6 @@
 package com.somemore.global.config;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.somemore.global.auth.cookie.CookieUseCase;
 import com.somemore.global.auth.idpw.filter.IdPwAuthFilter;
 import com.somemore.global.auth.jwt.filter.JwtAuthFilter;
 import com.somemore.global.auth.jwt.filter.JwtExceptionFilter;
@@ -12,8 +11,8 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -46,11 +45,11 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration a
     public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity,
                                                    AuthenticationManager authenticationManager,
                                                    GenerateTokensOnLoginUseCase generateTokensOnLoginUseCase,
-                                                   CookieUseCase cookieUseCase,
+//                                                   CookieUseCase cookieUseCase,
                                                    ObjectMapper objectMapper) throws Exception {
 
-        IdPwAuthFilter idPwAuthFilter = new IdPwAuthFilter(authenticationManager, generateTokensOnLoginUseCase, cookieUseCase, objectMapper);
-        idPwAuthFilter.setFilterProcessesUrl("/api/center/sign-in");
+        IdPwAuthFilter idPwAuthFilter = new IdPwAuthFilter(authenticationManager, generateTokensOnLoginUseCase, objectMapper);
+        idPwAuthFilter.setFilterProcessesUrl("/api/sign-in/id-pw");
 
         httpSecurity
                 .csrf(AbstractHttpConfigurer::disable)
@@ -62,20 +61,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity,
                 .cors(Customizer.withDefaults())
 
                 .authorizeHttpRequests(request ->
-                                request
-                                        .requestMatchers(
-                                                "/api/center/sign-in",
-                                                "/**"
-//                                        "/login",
-//                                        "/oauth2/**",
-//                                        "/api/auth/**",
-//                                        "/v3/api-docs/**",
-//                                        "/swagger/**",
-//                                        "/swagger-ui.html",
-//                                        "/swagger-ui/**"
-                                        )
-                                        .permitAll()
-                                        .anyRequest().authenticated()
+                        request
+                                .requestMatchers("/**").permitAll()
+                                .anyRequest().authenticated()
                 )
 
                 .oauth2Login(oauth2 ->

src/main/java/com/somemore/user/domain/User.java

@@ -28,8 +28,8 @@ public class User extends BaseEntity {
     @Column(name = "id", nullable = false, columnDefinition = "BINARY(16)")
     private UUID id;
 
-    @Column(name = "email", nullable = false)
-    private String email;
+    @Column(name = "account_id", nullable = false)
+    private String accountId;
 
     @Column(name = "password", nullable = false)
     private String password;
@@ -41,15 +41,15 @@ public class User extends BaseEntity {
 
     public static User from(UserAuthInfo userAuthInfo, UserRole role) {
         return User.builder()
-                .email(userAuthInfo.email())
+                .accountId(userAuthInfo.accountId())
                 .password(userAuthInfo.password())
                 .role(role)
                 .build();
     }
 
     @Builder
-    private User(String email, String password, UserRole role) {
-        this.email = email;
+    private User(String accountId, String password, UserRole role) {
+        this.accountId = accountId;
         this.password = password;
         this.role = role;
     }

src/main/java/com/somemore/user/dto/UserAuthInfo.java

@@ -4,12 +4,12 @@
 
 import java.util.UUID;
 
-public record UserAuthInfo(String email,
+public record UserAuthInfo(String accountId,
                            String password) {
 
     public static UserAuthInfo createForOAuth(OAuthProvider provider) {
-        String email = provider.getProviderName() + UUID.randomUUID();
+        String accountId = provider.getProviderName() + UUID.randomUUID();
         String password = String.valueOf(UUID.randomUUID());
-        return new UserAuthInfo(email, password);
+        return new UserAuthInfo(accountId, password);
     }
 }

src/main/java/com/somemore/user/repository/user/UserRepository.java

@@ -8,5 +8,8 @@
 public interface UserRepository {
 
     Optional<User> findById(UUID id);
+
+    Optional<User> findByAccountId(String accountId);
+
     User save(User user);
 }