Test: User API 테스트 보완 및 관련 코드 수정

joyewon0705 · joyewon0705 · commit ba70cbb28d64 · 2025-09-26T22:46:23.000+09:00
diff --git a/src/main/java/com/back/global/security/JwtAuthenticationEntryPoint.java b/src/main/java/com/back/global/security/JwtAuthenticationEntryPoint.java
@@ -1,6 +1,7 @@
 package com.back.global.security;
 
 import com.back.global.common.dto.RsData;
+import com.back.global.exception.CustomException;
 import com.back.global.exception.ErrorCode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.http.HttpServletRequest;
@@ -22,17 +23,24 @@ public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
     private final ObjectMapper objectMapper = new ObjectMapper();
 
     @Override
-    public void commence(
-            HttpServletRequest request,
-            HttpServletResponse response,
-            AuthenticationException authException
-    ) throws IOException {
+    public void commence(HttpServletRequest request,
+                         HttpServletResponse response,
+                         AuthenticationException authException) throws IOException {
 
         response.setContentType("application/json;charset=UTF-8");
-        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 
-        RsData<Void> body = RsData.fail(ErrorCode.UNAUTHORIZED);
+        // request attribute에서 ErrorCode 꺼내기
+        ErrorCode errorCode = (ErrorCode) request.getAttribute("errorCode");
+
+        // ErrorCode가 없으면 UNAUTHORIZED로 기본 설정
+        if (errorCode == null) {
+            errorCode = ErrorCode.UNAUTHORIZED;
+        }
+
+        response.setStatus(errorCode.getStatus().value());
+        RsData<Void> body = RsData.fail(errorCode);
 
         response.getWriter().write(objectMapper.writeValueAsString(body));
     }
+
 }
diff --git a/src/main/java/com/back/global/security/JwtAuthenticationFilter.java b/src/main/java/com/back/global/security/JwtAuthenticationFilter.java
@@ -1,10 +1,12 @@
 package com.back.global.security;
 
+import com.back.global.exception.CustomException;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -21,31 +23,44 @@
 @RequiredArgsConstructor
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
     private final JwtTokenProvider jwtTokenProvider;
+    private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
 
     @Override
     protected void doFilterInternal(
             HttpServletRequest request, HttpServletResponse response, FilterChain filterChain
     ) throws ServletException, IOException {
 
-        // Request Header에서 토큰 추출
-        String token = resolveToken(request);
+        try {
+            // Request Header에서 토큰 추출
+            String token = resolveToken(request);
 
-        // 토큰이 유효한 경우에만 Authentication 객체 생성 및 SecurityContext에 저장
-        if (token != null) {
-            jwtTokenProvider.validateAccessToken(token);
-            Authentication authentication = jwtTokenProvider.getAuthentication(token);
-            SecurityContextHolder.getContext().setAuthentication(authentication);
+            // 토큰이 유효한 경우에만 Authentication 객체 생성 및 SecurityContext에 저장
+            if (token != null) {
+                jwtTokenProvider.validateAccessToken(token);
+                Authentication authentication = jwtTokenProvider.getAuthentication(token);
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+
+            // 다음 필터로 요청 전달
+            filterChain.doFilter(request, response);
+        } catch (CustomException ex) {
+            // SecurityContext 초기화
+            SecurityContextHolder.clearContext();
+
+            // request attribute에 ErrorCode 저장
+            request.setAttribute("errorCode", ex.getErrorCode());
+
+            // 인증 실패 처리
+            jwtAuthenticationEntryPoint.commence(
+                    request, response,
+                    new InsufficientAuthenticationException("Custom auth error")
+            );
         }
 
-        // 다음 필터로 요청 전달
-        filterChain.doFilter(request, response);
     }
 
     /**
      * Request의 Authorization 헤더에서 JWT 토큰을 추출
-     *
-     * @param request HTTP 요청 객체
-     * @return JWT 토큰 문자열 또는 null
      */
     private String resolveToken(HttpServletRequest request) {
         String bearerToken = request.getHeader("Authorization");
diff --git a/src/test/java/com/back/domain/user/controller/UserControllerTest.java b/src/test/java/com/back/domain/user/controller/UserControllerTest.java
@@ -51,7 +51,7 @@ private String generateAccessToken(User user) {
         return testJwtTokenProvider.createAccessToken(user.getId(), user.getUsername(), user.getRole().name());
     }
 
-    // ---------------------- getMyInfo ----------------------
+    // ====================== 내 정보 조회 테스트 ======================
 
     @Test
     @DisplayName("내 정보 조회 성공 → 200 OK")
@@ -89,11 +89,12 @@ void getMyInfo_deletedUser() throws Exception {
 
         String accessToken = generateAccessToken(user);
 
-        // when & then
+        // when & then: 410 Gone + USER_009
         mvc.perform(get("/api/users/me").header("Authorization", "Bearer " + accessToken))
                 .andDo(print())
                 .andExpect(status().isGone())
-                .andExpect(jsonPath("$.code").value("USER_009"));
+                .andExpect(jsonPath("$.code").value("USER_009"))
+                .andExpect(jsonPath("$.message").value("탈퇴한 계정입니다."));
     }
 
     @Test
@@ -107,53 +108,56 @@ void getMyInfo_suspendedUser() throws Exception {
 
         String accessToken = generateAccessToken(user);
 
-        // when & then
+        // when & then: 403 Forbidden + USER_008
         mvc.perform(get("/api/users/me").header("Authorization", "Bearer " + accessToken))
                 .andDo(print())
                 .andExpect(status().isForbidden())
-                .andExpect(jsonPath("$.code").value("USER_008"));
+                .andExpect(jsonPath("$.code").value("USER_008"))
+                .andExpect(jsonPath("$.message").value("정지된 계정입니다. 관리자에게 문의하세요."));
     }
 
     @Test
     @DisplayName("AccessToken 없음 → 401 Unauthorized")
     void getMyInfo_noAccessToken() throws Exception {
-        // when & then
+        // when & then: 401 Unauthorized + AUTH_001
         mvc.perform(get("/api/users/me"))
                 .andDo(print())
                 .andExpect(status().isUnauthorized())
-                .andExpect(jsonPath("$.code").value("AUTH_401"));
+                .andExpect(jsonPath("$.code").value("AUTH_001"))
+                .andExpect(jsonPath("$.message").value("인증이 필요합니다."));
     }
 
-    // TODO: 인증 에러 처리 로직 수정 후 테스트 케이스 활성화
-//    @Test
-//    @DisplayName("잘못된 AccessToken → 401 Unauthorized")
-//    void getMyInfo_invalidAccessToken() throws Exception {
-//        // when & then
-//        mvc.perform(get("/api/users/me").header("Authorization", "Bearer invalidToken"))
-//                .andDo(print())
-//                .andExpect(status().isUnauthorized())
-//                .andExpect(jsonPath("$.code").value("AUTH_401"));
-//    }
-//
-//    @Test
-//    @DisplayName("만료된 AccessToken → 401 Unauthorized")
-//    void getMyInfo_expiredAccessToken() throws Exception {
-//        // given: 만료된 토큰 발급
-//        User user = User.createUser("expired", "expired@example.com", passwordEncoder.encode("P@ssw0rd!"));
-//        user.setUserProfile(new UserProfile(user, "닉네임", null, null, null, 0));
-//        user.setUserStatus(UserStatus.ACTIVE);
-//        userRepository.save(user);
-//
-//        String expiredToken = testJwtTokenProvider.createExpiredAccessToken(user.getId(), user.getUsername(), user.getRole().name());
-//
-//        // when & then
-//        mvc.perform(get("/api/users/me").header("Authorization", "Bearer " + expiredToken))
-//                .andDo(print())
-//                .andExpect(status().isUnauthorized())
-//                .andExpect(jsonPath("$.code").value("AUTH_401"));
-//    }
-
-    // ---------------------- updateMyProfile ----------------------
+    @Test
+    @DisplayName("잘못된 AccessToken → 401 Unauthorized")
+    void getMyInfo_invalidAccessToken() throws Exception {
+        // when & then: 401 Unauthorized + AUTH_002
+        mvc.perform(get("/api/users/me").header("Authorization", "Bearer invalidToken"))
+                .andDo(print())
+                .andExpect(status().isUnauthorized())
+                .andExpect(jsonPath("$.code").value("AUTH_002"))
+                .andExpect(jsonPath("$.message").value("유효하지 않은 액세스 토큰입니다."));
+    }
+
+    @Test
+    @DisplayName("만료된 AccessToken → 401 Unauthorized")
+    void getMyInfo_expiredAccessToken() throws Exception {
+        // given: 만료된 토큰 발급
+        User user = User.createUser("expired", "expired@example.com", passwordEncoder.encode("P@ssw0rd!"));
+        user.setUserProfile(new UserProfile(user, "닉네임", null, null, null, 0));
+        user.setUserStatus(UserStatus.ACTIVE);
+        userRepository.save(user);
+
+        String expiredToken = testJwtTokenProvider.createExpiredAccessToken(user.getId(), user.getUsername(), user.getRole().name());
+
+        // when & then: 401 Unauthorized + AUTH_004
+        mvc.perform(get("/api/users/me").header("Authorization", "Bearer " + expiredToken))
+                .andDo(print())
+                .andExpect(status().isUnauthorized())
+                .andExpect(jsonPath("$.code").value("AUTH_004"))
+                .andExpect(jsonPath("$.message").value("만료된 액세스 토큰입니다."));
+    }
+
+    // ====================== 내 프로필 수정 테스트 ======================
 
     @Test
     @DisplayName("내 프로필 수정 성공 → 200 OK")
@@ -173,17 +177,19 @@ void updateMyProfile_success() throws Exception {
                 LocalDate.of(2000, 5, 10)
         );
 
-        // when
+        // when: 정상 프로필 수정 요청
         ResultActions resultActions = mvc.perform(
                 patch("/api/users/me")
                         .header("Authorization", "Bearer " + accessToken)
                         .contentType(MediaType.APPLICATION_JSON)
                         .content(objectMapper.writeValueAsString(request))
         ).andDo(print());
 
-        // then
+        // then: 200 OK + 변경된 값 검증
         resultActions
                 .andExpect(status().isOk())
+                .andExpect(jsonPath("$.success").value(true))
+                .andExpect(jsonPath("$.message").value("회원 정보를 수정했습니다."))
                 .andExpect(jsonPath("$.data.profile.nickname").value("새닉네임"))
                 .andExpect(jsonPath("$.data.profile.bio").value("저는 개발자입니다!"))
                 .andExpect(jsonPath("$.data.profile.birthDate").value("2000-05-10"));
@@ -192,7 +198,7 @@ void updateMyProfile_success() throws Exception {
     @Test
     @DisplayName("중복 닉네임 수정 → 409 Conflict")
     void updateMyProfile_duplicateNickname() throws Exception {
-        // given: user1, user2 저장
+        // given: user1, user2 저장 (닉네임 중복 상황)
         User user1 = User.createUser("user1", "user1@example.com", passwordEncoder.encode("P@ssw0rd!"));
         user1.setUserProfile(new UserProfile(user1, "닉1", null, null, null, 0));
         user1.setUserStatus(UserStatus.ACTIVE);
@@ -214,7 +220,8 @@ void updateMyProfile_duplicateNickname() throws Exception {
                         .content(objectMapper.writeValueAsString(request)))
                 .andDo(print())
                 .andExpect(status().isConflict())
-                .andExpect(jsonPath("$.code").value("USER_004"));
+                .andExpect(jsonPath("$.code").value("USER_004"))
+                .andExpect(jsonPath("$.message").value("이미 사용 중인 닉네임입니다."));
     }
 
     @Test
@@ -237,7 +244,8 @@ void updateMyProfile_deletedUser() throws Exception {
                         .content(objectMapper.writeValueAsString(request)))
                 .andDo(print())
                 .andExpect(status().isGone())
-                .andExpect(jsonPath("$.code").value("USER_009"));
+                .andExpect(jsonPath("$.code").value("USER_009"))
+                .andExpect(jsonPath("$.message").value("탈퇴한 계정입니다."));
     }
 
     @Test
@@ -260,61 +268,66 @@ void updateMyProfile_suspendedUser() throws Exception {
                         .content(objectMapper.writeValueAsString(request)))
                 .andDo(print())
                 .andExpect(status().isForbidden())
-                .andExpect(jsonPath("$.code").value("USER_008"));
+                .andExpect(jsonPath("$.code").value("USER_008"))
+                .andExpect(jsonPath("$.message").value("정지된 계정입니다. 관리자에게 문의하세요."));
     }
 
     @Test
-    @DisplayName("AccessToken 없음으로 프로필 수정 → 401 Unauthorized")
+    @DisplayName("AccessToken 없음으로 프로필 수정 → 401 Unauthorized (AUTH_001)")
     void updateMyProfile_noAccessToken() throws Exception {
+        // given: 요청 바디 준비
+        UpdateUserProfileRequest request = new UpdateUserProfileRequest("새닉", null, null, null);
+
+        // when & then
+        mvc.perform(patch("/api/users/me")
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(objectMapper.writeValueAsString(request)))
+                .andDo(print())
+                .andExpect(status().isUnauthorized())
+                .andExpect(jsonPath("$.code").value("AUTH_001"))
+                .andExpect(jsonPath("$.message").value("인증이 필요합니다."));
+    }
+
+    @Test
+    @DisplayName("잘못된 AccessToken으로 프로필 수정 → 401 Unauthorized (AUTH_002)")
+    void updateMyProfile_invalidAccessToken() throws Exception {
         // given
         UpdateUserProfileRequest request = new UpdateUserProfileRequest("새닉", null, null, null);
 
         // when & then
         mvc.perform(patch("/api/users/me")
+                        .header("Authorization", "Bearer invalidToken")
                         .contentType(MediaType.APPLICATION_JSON)
                         .content(objectMapper.writeValueAsString(request)))
                 .andDo(print())
                 .andExpect(status().isUnauthorized())
-                .andExpect(jsonPath("$.code").value("AUTH_401"));
+                .andExpect(jsonPath("$.code").value("AUTH_002"))
+                .andExpect(jsonPath("$.message").value("유효하지 않은 액세스 토큰입니다."));
     }
 
-    // TODO: 인증 에러 처리 로직 수정 후 테스트 케이스 활성화
-//    @Test
-//    @DisplayName("잘못된 AccessToken으로 프로필 수정 → 401 Unauthorized")
-//    void updateMyProfile_invalidAccessToken() throws Exception {
-//        // given
-//        UpdateUserProfileRequest request = new UpdateUserProfileRequest("새닉", null, null, null);
-//
-//        // when & then
-//        mvc.perform(patch("/api/users/me")
-//                        .header("Authorization", "Bearer invalidToken")
-//                        .contentType(MediaType.APPLICATION_JSON)
-//                        .content(objectMapper.writeValueAsString(request)))
-//                .andDo(print())
-//                .andExpect(status().isUnauthorized())
-//                .andExpect(jsonPath("$.code").value("AUTH_401"));
-//    }
-//
-//    @Test
-//    @DisplayName("만료된 AccessToken으로 프로필 수정 → 401 Unauthorized")
-//    void updateMyProfile_expiredAccessToken() throws Exception {
-//        // given: 만료된 토큰 발급
-//        User user = User.createUser("expired2", "expired2@example.com", passwordEncoder.encode("P@ssw0rd!"));
-//        user.setUserProfile(new UserProfile(user, "닉네임", null, null, null, 0));
-//        user.setUserStatus(UserStatus.ACTIVE);
-//        userRepository.save(user);
-//
-//        String expiredToken = testJwtTokenProvider.createExpiredAccessToken(user.getId(), user.getUsername(), user.getRole().name());
-//
-//        UpdateUserProfileRequest request = new UpdateUserProfileRequest("새닉", null, null, null);
-//
-//        // when & then
-//        mvc.perform(patch("/api/users/me")
-//                        .header("Authorization", "Bearer " + expiredToken)
-//                        .contentType(MediaType.APPLICATION_JSON)
-//                        .content(objectMapper.writeValueAsString(request)))
-//                .andDo(print())
-//                .andExpect(status().isUnauthorized())
-//                .andExpect(jsonPath("$.code").value("AUTH_401"));
-//    }
+    @Test
+    @DisplayName("만료된 AccessToken으로 프로필 수정 → 401 Unauthorized (AUTH_004)")
+    void updateMyProfile_expiredAccessToken() throws Exception {
+        // given: 만료된 토큰 발급
+        User user = User.createUser("expired2", "expired2@example.com", passwordEncoder.encode("P@ssw0rd!"));
+        user.setUserProfile(new UserProfile(user, "닉네임", null, null, null, 0));
+        user.setUserStatus(UserStatus.ACTIVE);
+        userRepository.save(user);
+
+        String expiredToken = testJwtTokenProvider.createExpiredAccessToken(
+                user.getId(), user.getUsername(), user.getRole().name()
+        );
+
+        UpdateUserProfileRequest request = new UpdateUserProfileRequest("새닉", null, null, null);
+
+        // when & then
+        mvc.perform(patch("/api/users/me")
+                        .header("Authorization", "Bearer " + expiredToken)
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(objectMapper.writeValueAsString(request)))
+                .andDo(print())
+                .andExpect(status().isUnauthorized())
+                .andExpect(jsonPath("$.code").value("AUTH_004"))
+                .andExpect(jsonPath("$.message").value("만료된 액세스 토큰입니다."));
+    }
 }
diff --git a/src/test/java/com/back/domain/user/service/UserServiceTest.java b/src/test/java/com/back/domain/user/service/UserServiceTest.java
