From e6ff74e61cb37d7e4e9145cc298f7c441d2b4fb6 Mon Sep 17 00:00:00 2001
From: asowjdan <asowjdan@naver.com>
Date: Fri, 10 Oct 2025 10:17:10 +0900
Subject: [PATCH 1/3] =?UTF-8?q?fix[OAuth]:=20=EB=B0=B1=EC=97=94=EB=93=9C?=
 =?UTF-8?q?=20=EC=86=8C=EC=85=9C=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20=EB=B0=8F?=
 =?UTF-8?q?=20jwt=20=ED=86=A0=ED=81=B0=20=EC=83=9D=EC=84=B1=20=EB=A1=9C?=
 =?UTF-8?q?=EC=A7=81=20=EB=B0=8F=20html=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../member/controller/MemberController.java   |  52 ++++--
 .../domain/member/service/MemberService.java  |   4 +
 .../com/ai/lawyer/global/jwt/CookieUtil.java  |   4 +-
 .../global/oauth/OAuth2FailureHandler.java    |  77 ++++++--
 .../global/oauth/OAuth2SuccessHandler.java    |  26 ++-
 .../templates/oauth2-test/success-page.html   |  54 +++++-
 .../templates/oauth2-test/test-page.html      | 167 ------------------
 7 files changed, 173 insertions(+), 211 deletions(-)

diff --git a/backend/src/main/java/com/ai/lawyer/domain/member/controller/MemberController.java b/backend/src/main/java/com/ai/lawyer/domain/member/controller/MemberController.java
index 9ede09f4..8c90d7ab 100644
--- a/backend/src/main/java/com/ai/lawyer/domain/member/controller/MemberController.java
+++ b/backend/src/main/java/com/ai/lawyer/domain/member/controller/MemberController.java
@@ -107,28 +107,48 @@ public ResponseEntity<String> oauth2TestPage() {
 
     @GetMapping("/oauth2/success-page")
     @Operation(summary = "15. OAuth2 로그인 성공 페이지 (백엔드 테스트용)", description = "프론트엔드 없이 백엔드에서 OAuth2 로그인 결과를 확인할 수 있는 페이지입니다.")
-    public ResponseEntity<String> oauth2SuccessPage(Authentication authentication) {
-        if (authentication == null || authentication.getPrincipal() == null) {
+    public ResponseEntity<String> oauth2SuccessPage(Authentication authentication, HttpServletRequest request) {
+        String loginId = null;
+        Long memberId = null;
+
+        // 1. Authentication 객체에서 인증 정보 추출 시도 (OAuth2 직접 로그인)
+        if (authentication != null && authentication.getPrincipal() != null) {
+            Object principal = authentication.getPrincipal();
+
+            if (principal instanceof Long) {
+                memberId = (Long) principal;
+                loginId = (String) authentication.getDetails();
+            } else if (principal instanceof PrincipalDetails principalDetails) {
+                com.ai.lawyer.domain.member.entity.MemberAdapter member = principalDetails.getMember();
+                loginId = member.getLoginId();
+                memberId = member.getMemberId();
+            }
+        }
+
+        // 2. 쿠키에서 JWT 토큰 추출 시도 (리다이렉트 후)
+        if (loginId == null || memberId == null) {
+            String accessToken = extractAccessTokenFromRequest(request);
+            if (accessToken != null) {
+                try {
+                    loginId = memberService.extractLoginIdFromToken(accessToken);
+                    memberId = memberService.extractMemberIdFromToken(accessToken);
+                    log.info("쿠키에서 인증 정보 추출 성공: loginId={}, memberId={}", loginId, memberId);
+                } catch (Exception e) {
+                    log.warn("쿠키에서 인증 정보 추출 실패: {}", e.getMessage());
+                }
+            }
+        }
+
+        // 3. 인증 정보 확인
+        if (loginId == null || memberId == null) {
+            log.warn("OAuth2 성공 페이지 접근 실패: 인증 정보 없음");
             return ResponseEntity.ok(buildHtmlResponse(
                 "OAuth2 로그인 실패",
                 "인증 정보가 없습니다.",
-                null
+                "쿠키에 토큰이 없거나 유효하지 않습니다."
             ));
         }
 
-        Object principal = authentication.getPrincipal();
-        String loginId = null;
-        Long memberId = null;
-
-        if (principal instanceof Long) {
-            memberId = (Long) principal;
-            loginId = (String) authentication.getDetails();
-        } else if (principal instanceof PrincipalDetails principalDetails) {
-            com.ai.lawyer.domain.member.entity.MemberAdapter member = principalDetails.getMember();
-            loginId = member.getLoginId();
-            memberId = member.getMemberId();
-        }
-
         return ResponseEntity.ok(buildHtmlResponse(
             "OAuth2 로그인 성공",
             "로그인에 성공했습니다!",
diff --git a/backend/src/main/java/com/ai/lawyer/domain/member/service/MemberService.java b/backend/src/main/java/com/ai/lawyer/domain/member/service/MemberService.java
index 87774866..0806e9b5 100644
--- a/backend/src/main/java/com/ai/lawyer/domain/member/service/MemberService.java
+++ b/backend/src/main/java/com/ai/lawyer/domain/member/service/MemberService.java
@@ -263,6 +263,10 @@ public String extractLoginIdFromToken(String token) {
         return tokenProvider.getLoginIdFromToken(token);
     }
 
+    public Long extractMemberIdFromToken(String token) {
+        return tokenProvider.getMemberIdFromToken(token);
+    }
+
     @Transactional
     public MemberResponse oauth2LoginTest(OAuth2LoginTestRequest request, HttpServletResponse response) {
         if (oauth2MemberRepository == null) {
diff --git a/backend/src/main/java/com/ai/lawyer/global/jwt/CookieUtil.java b/backend/src/main/java/com/ai/lawyer/global/jwt/CookieUtil.java
index 5e98fbc3..a498ae6f 100644
--- a/backend/src/main/java/com/ai/lawyer/global/jwt/CookieUtil.java
+++ b/backend/src/main/java/com/ai/lawyer/global/jwt/CookieUtil.java
@@ -23,9 +23,9 @@ public class CookieUtil {
 
     // 쿠키 보안 설정 상수
     private static final boolean HTTP_ONLY = true;
-    private static final boolean SECURE_IN_PRODUCTION = true; // 운영환경에서는 true로 변경 (HTTPS)
+    private static final boolean SECURE_IN_PRODUCTION = false; // 개발환경에서는 false (HTTP), 운영환경에서는 true로 변경 (HTTPS)
     private static final String COOKIE_PATH = "/";
-    private static final String SAME_SITE = "None"; // None, Lax, Strict 중 선택
+    private static final String SAME_SITE = "Lax"; // Lax: 같은 사이트 요청에서 쿠키 전송 허용
     private static final int COOKIE_EXPIRE_IMMEDIATELY = 0;
 
     public void setTokenCookies(HttpServletResponse response, String accessToken, String refreshToken) {
diff --git a/backend/src/main/java/com/ai/lawyer/global/oauth/OAuth2FailureHandler.java b/backend/src/main/java/com/ai/lawyer/global/oauth/OAuth2FailureHandler.java
index b9e444dc..f976c0f4 100644
--- a/backend/src/main/java/com/ai/lawyer/global/oauth/OAuth2FailureHandler.java
+++ b/backend/src/main/java/com/ai/lawyer/global/oauth/OAuth2FailureHandler.java
@@ -10,6 +10,8 @@
 import org.springframework.web.util.UriComponentsBuilder;
 
 import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URI;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 
@@ -20,8 +22,13 @@ public class OAuth2FailureHandler extends SimpleUrlAuthenticationFailureHandler
     @Value("${custom.oauth2.failure-url}")
     private String failureUrl;
 
+    @Value("${spring.profiles.active:dev}")
+    private String activeProfile;
+
     private final OAuth2TestPageUtil oauth2TestPageUtil;
 
+    private static final int HEALTH_CHECK_TIMEOUT = 2000; // 2초
+
     public OAuth2FailureHandler(OAuth2TestPageUtil oauth2TestPageUtil) {
         this.oauth2TestPageUtil = oauth2TestPageUtil;
     }
@@ -31,30 +38,76 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
                                         AuthenticationException exception) throws IOException {
         log.error("OAuth2 로그인 실패: {}", exception.getMessage());
 
-        // mode 파라미터 확인 (기본값: frontend)
+        String errorMessage = exception.getMessage() != null ? exception.getMessage() : "알 수 없는 오류";
+
+        // mode 파라미터 확인
         String mode = request.getParameter("mode");
 
         if ("backend".equals(mode)) {
-            // 백엔드 테스트 모드: HTML 에러 페이지 반환 (팝업 자동 닫기 포함)
+            // 백엔드 테스트 모드: HTML 에러 페이지 반환
             log.info("OAuth2 로그인 실패 (백엔드 테스트 모드)");
             response.setContentType("text/html;charset=UTF-8");
             response.setStatus(HttpServletResponse.SC_OK);
-            String errorMessage = exception.getMessage() != null ? exception.getMessage() : "알 수 없는 오류";
 
             String htmlContent = oauth2TestPageUtil.getFailurePageHtml(errorMessage);
             response.getWriter().write(htmlContent);
         } else {
-            // 프론트엔드 모드: 리다이렉트
-            String errorMessage = exception.getMessage() != null ? exception.getMessage() : "알 수 없는 오류";
-            String encodedError = URLEncoder.encode(errorMessage, StandardCharsets.UTF_8);
+            // 프론트엔드 모드: 프론트엔드로 리다이렉트 또는 백엔드 실패 페이지 표시
+            if (isDevelopmentEnvironment() && !isFrontendAvailable()) {
+                // 프론트엔드 서버가 없으면 백엔드 실패 페이지 HTML 직접 반환
+                log.warn("프론트엔드 서버({})가 응답하지 않습니다. 백엔드 실패 페이지를 반환합니다.", failureUrl);
+                response.setContentType("text/html;charset=UTF-8");
+                response.setStatus(HttpServletResponse.SC_OK);
+
+                String htmlContent = oauth2TestPageUtil.getFailurePageHtml(errorMessage);
+                response.getWriter().write(htmlContent);
+            } else {
+                // 프론트엔드 서버로 리다이렉트
+                String encodedError = URLEncoder.encode(errorMessage, StandardCharsets.UTF_8);
+                String targetUrl = UriComponentsBuilder.fromUriString(failureUrl)
+                        .queryParam("error", encodedError)
+                        .build(true)
+                        .toUriString();
+                log.info("OAuth2 로그인 실패, 프론트엔드 실패 페이지로 리다이렉트: {}", targetUrl);
+
+                getRedirectStrategy().sendRedirect(request, response, targetUrl);
+            }
+        }
+    }
+
+    /**
+     * 개발 환경인지 확인
+     */
+    private boolean isDevelopmentEnvironment() {
+        return "dev".equals(activeProfile) || "local".equals(activeProfile);
+    }
+
+    /**
+     * 프론트엔드 서버가 동작 중인지 확인
+     */
+    private boolean isFrontendAvailable() {
+        try {
+            URI uri = URI.create(failureUrl);
+            // 쿼리 파라미터를 제거하고 베이스 URL만 추출
+            String baseUrl = uri.getScheme() + "://" + uri.getHost() +
+                           (uri.getPort() != -1 ? ":" + uri.getPort() : "");
+
+            HttpURLConnection connection = (HttpURLConnection) URI.create(baseUrl).toURL().openConnection();
+            connection.setRequestMethod("GET");
+            connection.setConnectTimeout(HEALTH_CHECK_TIMEOUT);
+            connection.setReadTimeout(HEALTH_CHECK_TIMEOUT);
+            connection.connect();
 
-            String targetUrl = UriComponentsBuilder.fromUriString(failureUrl)
-                    .queryParam("error", encodedError)
-                    .build(true)
-                    .toUriString();
-            log.info("OAuth2 로그인 실패, 프론트엔드 실패 페이지로 리다이렉트: {}", targetUrl);
+            int responseCode = connection.getResponseCode();
+            connection.disconnect();
 
-            getRedirectStrategy().sendRedirect(request, response, targetUrl);
+            // 200-299 또는 404도 서버가 살아있는 것으로 간주
+            boolean isAvailable = (responseCode >= 200 && responseCode < 300) || responseCode == 404;
+            log.debug("프론트엔드 헬스체크: {} - 응답코드 {}", baseUrl, responseCode);
+            return isAvailable;
+        } catch (Exception e) {
+            log.debug("프론트엔드 헬스체크 실패: {}", e.getMessage());
+            return false;
         }
     }
 }
\ No newline at end of file
diff --git a/backend/src/main/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandler.java b/backend/src/main/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandler.java
index 155d53f8..89dc51cb 100644
--- a/backend/src/main/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandler.java
+++ b/backend/src/main/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandler.java
@@ -22,6 +22,7 @@ public class OAuth2SuccessHandler extends SimpleUrlAuthenticationSuccessHandler
 
     private final TokenProvider tokenProvider;
     private final CookieUtil cookieUtil;
+    private final OAuth2TestPageUtil oauth2TestPageUtil;
 
     @Value("${custom.oauth2.redirect-url}")
     private String frontendRedirectUrl;
@@ -29,7 +30,6 @@ public class OAuth2SuccessHandler extends SimpleUrlAuthenticationSuccessHandler
     @Value("${spring.profiles.active:dev}")
     private String activeProfile;
 
-    private static final String BACKEND_SUCCESS_PAGE = "/api/auth/oauth2/success-page";
     private static final int HEALTH_CHECK_TIMEOUT = 2000; // 2초
 
     @Override
@@ -63,16 +63,24 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
                 member.getMemberId(), member.getLoginId(), accessToken, refreshToken
             ));
         } else {
-            // 개발 환경에서 프론트엔드 헬스체크
-            String targetUrl = frontendRedirectUrl;
-
+            // 프론트엔드 모드: 프론트엔드로 리다이렉트 또는 백엔드 성공 페이지 표시
             if (isDevelopmentEnvironment() && !isFrontendAvailable()) {
-                log.warn("프론트엔드 서버({}})가 응답하지 않습니다. 백엔드 성공 페이지로 폴백합니다.", frontendRedirectUrl);
-                targetUrl = request.getContextPath() + BACKEND_SUCCESS_PAGE;
+                // 프론트엔드 서버가 없으면 백엔드 성공 페이지 HTML 직접 반환
+                log.warn("프론트엔드 서버({})가 응답하지 않습니다. 백엔드 성공 페이지를 반환합니다.", frontendRedirectUrl);
+                response.setContentType("text/html;charset=UTF-8");
+                response.setStatus(HttpServletResponse.SC_OK);
+
+                String htmlContent = oauth2TestPageUtil.getSuccessPageHtml(
+                    "OAuth2 로그인 성공",
+                    "로그인에 성공했습니다!",
+                    String.format("회원 ID: %d<br>이메일: %s", member.getMemberId(), member.getLoginId())
+                );
+                response.getWriter().write(htmlContent);
+            } else {
+                // 프론트엔드 서버로 리다이렉트
+                log.info("OAuth2 로그인 완료, 프론트엔드로 리다이렉트: {}", frontendRedirectUrl);
+                getRedirectStrategy().sendRedirect(request, response, frontendRedirectUrl);
             }
-
-            log.info("OAuth2 로그인 완료, 리다이렉트: {}", targetUrl);
-            getRedirectStrategy().sendRedirect(request, response, targetUrl);
         }
     }
 
diff --git a/backend/src/main/resources/templates/oauth2-test/success-page.html b/backend/src/main/resources/templates/oauth2-test/success-page.html
index 6446f820..aaaa50cc 100644
--- a/backend/src/main/resources/templates/oauth2-test/success-page.html
+++ b/backend/src/main/resources/templates/oauth2-test/success-page.html
@@ -87,6 +87,15 @@
             transform: translateY(-2px);
             box-shadow: 0 4px 12px rgba(3, 199, 90, 0.4);
         }
+        .btn-withdraw {
+            background: #8b5cf6;
+            color: white;
+        }
+        .btn-withdraw:hover {
+            background: #7c3aed;
+            transform: translateY(-2px);
+            box-shadow: 0 4px 12px rgba(139, 92, 246, 0.4);
+        }
         h1 { margin-bottom: 10px; }
         p { color: #6b7280; }
     </style>
@@ -98,20 +107,27 @@ <h1 class="{{CLASS}}">{{TITLE}}</h1>
         {{DETAILS}}
         <div class="button-group">
             <button class="btn btn-logout" onclick="logout()">로그아웃</button>
+            <button class="btn btn-withdraw" onclick="withdraw()">⚠️ 회원 탈퇴</button>
             <a href="/swagger-ui.html" class="btn btn-docs">API 문서</a>
             <a href="/api/auth/oauth2/test-page" class="btn btn-kakao">테스트 페이지</a>
             <button class="btn btn-naver" onclick="closeWindow()">창 닫기</button>
         </div>
     </div>
     <script>
-        // 팝업 창인지 확인하고 자동으로 닫기 제안
+        // 팝업 창인지 확인하고 자동으로 닫기
         window.addEventListener('DOMContentLoaded', () => {
             if (window.opener && !window.opener.closed) {
-                // 팝업 창에서 열린 경우
-                const autoClose = confirm('로그인에 성공했습니다!\n\n이 창을 닫으시겠습니까?\n(메인 창에서 로그인 상태가 갱신됩니다)');
-                if (autoClose) {
-                    window.close();
+                // 팝업 창에서 열린 경우: 부모 창을 success-page로 리다이렉트하고 팝업 닫기
+                try {
+                    window.opener.location.href = '/api/auth/oauth2/success-page';
+                } catch (e) {
+                    console.error('부모 창 리다이렉트 실패:', e);
                 }
+
+                // 1초 후 자동으로 팝업 닫기
+                setTimeout(() => {
+                    window.close();
+                }, 1000);
             }
         });
 
@@ -156,6 +172,34 @@ <h1 class="{{CLASS}}">{{TITLE}}</h1>
                 alert('로그아웃 중 오류가 발생했습니다.');
             }
         }
+
+        async function withdraw() {
+            if (!confirm('정말로 회원 탈퇴를 진행하시겠습니까?\n\n⚠️ 이 작업은 되돌릴 수 없습니다.\n⚠️ 모든 회원 정보가 삭제되며, OAuth2 연동도 해제됩니다.')) {
+                return;
+            }
+
+            try {
+                const response = await fetch('/api/auth/withdraw', {
+                    method: 'DELETE',
+                    credentials: 'include',
+                    headers: {
+                        'Content-Type': 'application/json'
+                    }
+                });
+
+                if (response.ok) {
+                    const data = await response.json();
+                    alert('회원 탈퇴 완료!\n\n' + (data.oauth2Unlinked ? 'OAuth2 연동 해제 완료' : '로컬 회원 삭제 완료'));
+                    window.location.href = '/api/auth/oauth2/test-page';
+                } else {
+                    const errorData = await response.json();
+                    alert('회원 탈퇴 실패: ' + (errorData.message || '알 수 없는 오류'));
+                }
+            } catch (error) {
+                console.error('회원 탈퇴 에러:', error);
+                alert('회원 탈퇴 중 오류가 발생했습니다.');
+            }
+        }
     </script>
 </body>
 </html>
diff --git a/backend/src/main/resources/templates/oauth2-test/test-page.html b/backend/src/main/resources/templates/oauth2-test/test-page.html
index 20440cc9..224106a9 100644
--- a/backend/src/main/resources/templates/oauth2-test/test-page.html
+++ b/backend/src/main/resources/templates/oauth2-test/test-page.html
@@ -172,59 +172,6 @@
         .container {
             animation: slideUp 0.5s ease-out;
         }
-
-        /* 팝업 로딩 오버레이 */
-        .popup-overlay {
-            display: none;
-            position: fixed;
-            top: 0;
-            left: 0;
-            right: 0;
-            bottom: 0;
-            background: linear-gradient(135deg, rgba(102, 126, 234, 0.95) 0%, rgba(118, 75, 162, 0.95) 100%);
-            backdrop-filter: blur(10px);
-            z-index: 9999;
-            justify-content: center;
-            align-items: center;
-            animation: fadeIn 0.3s ease-out;
-        }
-
-        .popup-content {
-            background: white;
-            border-radius: 20px;
-            padding: 50px 40px;
-            box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
-            text-align: center;
-            max-width: 400px;
-            animation: slideUp 0.4s ease-out;
-        }
-
-        .popup-content h2 {
-            font-size: 24px;
-            margin-bottom: 15px;
-            color: #333;
-        }
-
-        .popup-content p {
-            font-size: 16px;
-            color: #6b7280;
-            margin-bottom: 30px;
-        }
-
-        .spinner {
-            border: 4px solid #f3f4f6;
-            border-top: 4px solid #667eea;
-            border-radius: 50%;
-            width: 50px;
-            height: 50px;
-            animation: spin 1s linear infinite;
-            margin: 0 auto;
-        }
-
-        @keyframes spin {
-            0% { transform: rotate(0deg); }
-            100% { transform: rotate(360deg); }
-        }
     </style>
 </head>
 <body>
@@ -238,12 +185,6 @@ <h1>🔐 OAuth2 로그인 테스트</h1>
         <button class="btn btn-naver" onclick="loginWithNaver()">
             N 네이버 로그인
         </button>
-        <button class="btn btn-logout" onclick="logout()">
-            🚪 로그아웃
-        </button>
-        <button class="btn btn-withdraw" onclick="withdraw()">
-            ⚠️ 회원 탈퇴
-        </button>
         <a href="/swagger-ui.html" class="btn btn-docs">
             📚 API 문서
         </a>
@@ -262,28 +203,9 @@ <h1>🔐 OAuth2 로그인 테스트</h1>
     <div id="status" class="status" style="display: none;"></div>
 </div>
 
-<!-- 팝업 로딩 오버레이 -->
-<div id="popupOverlay" class="popup-overlay">
-    <div class="popup-content">
-        <div class="spinner"></div>
-        <h2 id="overlayTitle">로그인 진행 중</h2>
-        <p id="overlayMessage">잠시만 기다려주세요...</p>
-    </div>
-</div>
-
 <script>
     let loginWindow = null;
 
-    function showPopupOverlay(title, message) {
-        document.getElementById('overlayTitle').innerText = title;
-        document.getElementById('overlayMessage').innerText = message;
-        document.getElementById('popupOverlay').classList.add('show');
-    }
-
-    function hidePopupOverlay() {
-        document.getElementById('popupOverlay').classList.remove('show');
-    }
-
     function showStatus(message) {
         const statusDiv = document.getElementById('status');
         statusDiv.innerText = message;
@@ -295,8 +217,6 @@ <h2 id="overlayTitle">로그인 진행 중</h2>
     }
 
     function loginWithKakao() {
-        showPopupOverlay('💬 카카오 로그인 진행 중', '새 창에서 카카오 로그인을 진행해주세요.');
-
         const width = 500;
         const height = 600;
         const left = (window.screen.width / 2) - (width / 2);
@@ -305,13 +225,9 @@ <h2 id="overlayTitle">로그인 진행 중</h2>
         const features = 'width=' + width + ',height=' + height + ',left=' + left + ',top=' + top + ',scrollbars=yes,resizable=yes';
 
         loginWindow = window.open('/api/auth/oauth2/kakao', 'KakaoLogin', features);
-
-        checkLoginWindowClosed('카카오');
     }
 
     function loginWithNaver() {
-        showPopupOverlay('🅝 네이버 로그인 진행 중', '새 창에서 네이버 로그인을 진행해주세요.');
-
         const width = 500;
         const height = 600;
         const left = (window.screen.width / 2) - (width / 2);
@@ -320,91 +236,8 @@ <h2 id="overlayTitle">로그인 진행 중</h2>
         const features = 'width=' + width + ',height=' + height + ',left=' + left + ',top=' + top + ',scrollbars=yes,resizable=yes';
 
         loginWindow = window.open('/api/auth/oauth2/naver', 'NaverLogin', features);
-
-        checkLoginWindowClosed('네이버');
     }
 
-    function checkLoginWindowClosed(provider) {
-        const interval = setInterval(() => {
-            if (loginWindow && loginWindow.closed) {
-                clearInterval(interval);
-                hidePopupOverlay();
-                showPopupOverlay('✅ 로그인 완료', provider + ' 로그인이 완료되었습니다.');
-                setTimeout(() => {
-                    hidePopupOverlay();
-                    window.location.reload();
-                }, 1500);
-            }
-        }, 500);
-    }
-
-    async function logout() {
-        try {
-            showStatus('로그아웃 진행 중...');
-
-            const response = await fetch('/api/auth/logout', {
-                method: 'POST',
-                credentials: 'include',
-                headers: {
-                    'Content-Type': 'application/json'
-                }
-            });
-
-            if (response.ok) {
-                const data = await response.json();
-
-                // 카카오 OAuth2 로그아웃 URL이 있으면 자동으로 해당 URL로 이동
-                if (data.oauth2LogoutUrl) {
-                    showStatus('카카오 제공자 로그아웃 진행 중...');
-                    setTimeout(() => {
-                        window.location.href = data.oauth2LogoutUrl;
-                    }, 800);
-                } else {
-                    showStatus('로그아웃 성공!');
-                    setTimeout(() => {
-                        window.location.reload();
-                    }, 1000);
-                }
-            } else {
-                showStatus('로그아웃 실패');
-            }
-        } catch (error) {
-            console.error('로그아웃 에러:', error);
-            showStatus('로그아웃 중 오류 발생: ' + error.message);
-        }
-    }
-
-    async function withdraw() {
-        if (!confirm('정말로 회원 탈퇴를 진행하시겠습니까?\n\n⚠️ 이 작업은 되돌릴 수 없습니다.\n⚠️ 모든 회원 정보가 삭제되며, OAuth2 연동도 해제됩니다.')) {
-            return;
-        }
-
-        try {
-            showStatus('회원 탈퇴 진행 중...');
-
-            const response = await fetch('/api/auth/withdraw', {
-                method: 'DELETE',
-                credentials: 'include',
-                headers: {
-                    'Content-Type': 'application/json'
-                }
-            });
-
-            if (response.ok) {
-                const data = await response.json();
-                showStatus('회원 탈퇴 완료!\n\n' + (data.oauth2Unlinked ? 'OAuth2 연동 해제 완료' : '로컬 회원 삭제 완료'));
-                setTimeout(() => {
-                    window.location.reload();
-                }, 2000);
-            } else {
-                const errorData = await response.json();
-                showStatus('회원 탈퇴 실패: ' + (errorData.message || '알 수 없는 오류'));
-            }
-        } catch (error) {
-            console.error('회원 탈퇴 에러:', error);
-            showStatus('회원 탈퇴 중 오류 발생: ' + error.message);
-        }
-    }
 
     function clearNaverSession() {
         const naverLogoutUrl = 'https://nid.naver.com/nidlogin.logout';

From 01a34f9110c6646f60a6c32616d0d6c46c095657 Mon Sep 17 00:00:00 2001
From: asowjdan <asowjdan@naver.com>
Date: Fri, 10 Oct 2025 10:26:42 +0900
Subject: [PATCH 2/3] =?UTF-8?q?test[OAuth]:=20=ED=85=8C=EC=8A=A4=ED=8A=B8?=
 =?UTF-8?q?=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/ai/lawyer/global/jwt/CookieUtilTest.java     | 8 ++++----
 .../ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java  | 6 +++++-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/backend/src/test/java/com/ai/lawyer/global/jwt/CookieUtilTest.java b/backend/src/test/java/com/ai/lawyer/global/jwt/CookieUtilTest.java
index 3f25ba9e..d5ce7b06 100644
--- a/backend/src/test/java/com/ai/lawyer/global/jwt/CookieUtilTest.java
+++ b/backend/src/test/java/com/ai/lawyer/global/jwt/CookieUtilTest.java
@@ -71,7 +71,7 @@ void setTokenCookies_Success() {
         assertThat(accessCookieHeader).contains("HttpOnly");
         assertThat(accessCookieHeader).contains("Path=/");
         assertThat(accessCookieHeader).contains("Max-Age=300"); // 5분 = 300초
-        assertThat(accessCookieHeader).contains("SameSite=None");
+        assertThat(accessCookieHeader).contains("SameSite=Lax");
         log.info("액세스 토큰 쿠키 검증 완료: {}", accessCookieHeader);
 
         // 리프레시 토큰 쿠키 검증
@@ -80,7 +80,7 @@ void setTokenCookies_Success() {
         assertThat(refreshCookieHeader).contains("HttpOnly");
         assertThat(refreshCookieHeader).contains("Path=/");
         assertThat(refreshCookieHeader).contains("Max-Age=604800"); // 7일 = 604800초
-        assertThat(refreshCookieHeader).contains("SameSite=None");
+        assertThat(refreshCookieHeader).contains("SameSite=Lax");
         log.info("리프레시 토큰 쿠키 검증 완료: {}", refreshCookieHeader);
 
         log.info("=== 토큰 쿠키 설정 테스트 완료 ===");
@@ -103,7 +103,7 @@ void setAccessTokenCookie_Success() {
         assertThat(cookieHeader).contains(ACCESS_TOKEN_NAME + "=" + ACCESS_TOKEN);
         assertThat(cookieHeader).contains("HttpOnly");
         assertThat(cookieHeader).contains("Max-Age=300");
-        assertThat(cookieHeader).contains("SameSite=None");
+        assertThat(cookieHeader).contains("SameSite=Lax");
         log.info("=== 액세스 토큰 단독 쿠키 설정 테스트 완료 ===");
     }
 
@@ -124,7 +124,7 @@ void setRefreshTokenCookie_Success() {
         assertThat(cookieHeader).contains(REFRESH_TOKEN_NAME + "=" + REFRESH_TOKEN);
         assertThat(cookieHeader).contains("HttpOnly");
         assertThat(cookieHeader).contains("Max-Age=604800");
-        assertThat(cookieHeader).contains("SameSite=None");
+        assertThat(cookieHeader).contains("SameSite=Lax");
         log.info("=== 리프레시 토큰 단독 쿠키 설정 테스트 완료 ===");
     }
 
diff --git a/backend/src/test/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java b/backend/src/test/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java
index aa68015f..777f0047 100644
--- a/backend/src/test/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java
+++ b/backend/src/test/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java
@@ -51,12 +51,16 @@ class OAuth2SuccessHandlerTest {
     private PrincipalDetails naverPrincipalDetails;
 
     @BeforeEach
-    void setUp() {
+    void setUp() throws Exception {
         // Redirect URL 설정 (환경변수에서 주입되는 값)
         ReflectionTestUtils.setField(oauth2SuccessHandler, "frontendRedirectUrl",
             "http://localhost:3000/oauth/success");
         ReflectionTestUtils.setField(oauth2SuccessHandler, "activeProfile", "dev");
 
+        // Mock response.getWriter() - HTML 응답 시 필요
+        java.io.PrintWriter mockWriter = org.mockito.Mockito.mock(java.io.PrintWriter.class);
+        given(response.getWriter()).willReturn(mockWriter);
+
         // 카카오 회원 생성
         kakaoMember = OAuth2Member.builder()
                 .loginId("kakao@test.com")

From fbb69ace64fa6d610dc97e81b2047e271d4cb5d5 Mon Sep 17 00:00:00 2001
From: asowjdan <asowjdan@naver.com>
Date: Fri, 10 Oct 2025 10:26:42 +0900
Subject: [PATCH 3/3] =?UTF-8?q?test[OAuth]:=20=ED=85=8C=EC=8A=A4=ED=8A=B8?=
 =?UTF-8?q?=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/ai/lawyer/global/jwt/CookieUtilTest.java    | 8 ++++----
 .../ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java | 9 ++++++++-
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/backend/src/test/java/com/ai/lawyer/global/jwt/CookieUtilTest.java b/backend/src/test/java/com/ai/lawyer/global/jwt/CookieUtilTest.java
index 3f25ba9e..d5ce7b06 100644
--- a/backend/src/test/java/com/ai/lawyer/global/jwt/CookieUtilTest.java
+++ b/backend/src/test/java/com/ai/lawyer/global/jwt/CookieUtilTest.java
@@ -71,7 +71,7 @@ void setTokenCookies_Success() {
         assertThat(accessCookieHeader).contains("HttpOnly");
         assertThat(accessCookieHeader).contains("Path=/");
         assertThat(accessCookieHeader).contains("Max-Age=300"); // 5분 = 300초
-        assertThat(accessCookieHeader).contains("SameSite=None");
+        assertThat(accessCookieHeader).contains("SameSite=Lax");
         log.info("액세스 토큰 쿠키 검증 완료: {}", accessCookieHeader);
 
         // 리프레시 토큰 쿠키 검증
@@ -80,7 +80,7 @@ void setTokenCookies_Success() {
         assertThat(refreshCookieHeader).contains("HttpOnly");
         assertThat(refreshCookieHeader).contains("Path=/");
         assertThat(refreshCookieHeader).contains("Max-Age=604800"); // 7일 = 604800초
-        assertThat(refreshCookieHeader).contains("SameSite=None");
+        assertThat(refreshCookieHeader).contains("SameSite=Lax");
         log.info("리프레시 토큰 쿠키 검증 완료: {}", refreshCookieHeader);
 
         log.info("=== 토큰 쿠키 설정 테스트 완료 ===");
@@ -103,7 +103,7 @@ void setAccessTokenCookie_Success() {
         assertThat(cookieHeader).contains(ACCESS_TOKEN_NAME + "=" + ACCESS_TOKEN);
         assertThat(cookieHeader).contains("HttpOnly");
         assertThat(cookieHeader).contains("Max-Age=300");
-        assertThat(cookieHeader).contains("SameSite=None");
+        assertThat(cookieHeader).contains("SameSite=Lax");
         log.info("=== 액세스 토큰 단독 쿠키 설정 테스트 완료 ===");
     }
 
@@ -124,7 +124,7 @@ void setRefreshTokenCookie_Success() {
         assertThat(cookieHeader).contains(REFRESH_TOKEN_NAME + "=" + REFRESH_TOKEN);
         assertThat(cookieHeader).contains("HttpOnly");
         assertThat(cookieHeader).contains("Max-Age=604800");
-        assertThat(cookieHeader).contains("SameSite=None");
+        assertThat(cookieHeader).contains("SameSite=Lax");
         log.info("=== 리프레시 토큰 단독 쿠키 설정 테스트 완료 ===");
     }
 
diff --git a/backend/src/test/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java b/backend/src/test/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java
index aa68015f..e97caae9 100644
--- a/backend/src/test/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java
+++ b/backend/src/test/java/com/ai/lawyer/global/oauth/OAuth2SuccessHandlerTest.java
@@ -33,6 +33,9 @@ class OAuth2SuccessHandlerTest {
     @Mock
     private CookieUtil cookieUtil;
 
+    @Mock
+    private OAuth2TestPageUtil oauth2TestPageUtil;
+
     @Mock
     private HttpServletRequest request;
 
@@ -51,12 +54,16 @@ class OAuth2SuccessHandlerTest {
     private PrincipalDetails naverPrincipalDetails;
 
     @BeforeEach
-    void setUp() {
+    void setUp() throws Exception {
         // Redirect URL 설정 (환경변수에서 주입되는 값)
         ReflectionTestUtils.setField(oauth2SuccessHandler, "frontendRedirectUrl",
             "http://localhost:3000/oauth/success");
         ReflectionTestUtils.setField(oauth2SuccessHandler, "activeProfile", "dev");
 
+        // Mock response.getWriter() - HTML 응답 시 필요
+        java.io.PrintWriter mockWriter = org.mockito.Mockito.mock(java.io.PrintWriter.class);
+        given(response.getWriter()).willReturn(mockWriter);
+
         // 카카오 회원 생성
         kakaoMember = OAuth2Member.builder()
                 .loginId("kakao@test.com")