[#186] redirectUri에 한글이 들어가면 에러 터지는 문제 해결 (#187)

JoosungKwon · web-flow · commit 840dc0938257 · 2023-04-02T19:07:59.000+09:00
* fix(Login): redirectUri 안에 쿼리 파라미터로 한글이 들어가면 안되는 이슈

- 1. redirectUri를 임시로 보관하는 과정에서 쿠키에 담는데, 이때 쿠키에는 한글이 들어갈 수 없어서(파싱을 못함) 예외가 발생했음
- 따라서, 쿠키에 담기 전에 URLEncoder로 encode하고 꺼내올 때는 또 반대로 decode를 하여 문제 해결
- 2. 해당 redirectUri Redirect 시에도 한글로된 파라미터가 있으면 안됨
- 쿼리에서 한글로 전달될 수 있는 부분만을 재 인코딩 해서 프론트에 전달
- 현재 name=으로 하드코딩 하였음
diff --git a/src/main/java/com/prgrms/mukvengers/domain/proposal/api/ProposalController.java b/src/main/java/com/prgrms/mukvengers/domain/proposal/api/ProposalController.java
@@ -1,5 +1,6 @@
 package com.prgrms.mukvengers.domain.proposal.api;
 
+import static org.springframework.http.HttpStatus.*;
 import static org.springframework.http.MediaType.*;
 
 import java.net.URI;
@@ -15,6 +16,7 @@
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.util.UriComponentsBuilder;
 
@@ -119,15 +121,14 @@ public class ProposalController {
 	 * @return
 	 */
 	@PatchMapping(value = "/proposals/{proposalId}", consumes = APPLICATION_JSON_VALUE)
-	public ResponseEntity<Void> changeProposalStatus
+	@ResponseStatus(NO_CONTENT)
+	public void changeProposalStatus
 	(
 		@PathVariable Long proposalId,
 		@RequestBody @Valid UpdateProposalRequest proposalRequest,
 		@AuthenticationPrincipal JwtAuthentication user
 	) {
 		proposalService.updateProposalStatus(proposalRequest, user.id(), proposalId);
-
-		return ResponseEntity.ok().build();
 	}
 
 	@DeleteMapping(value = "/proposals/{proposalId}")
diff --git a/src/main/java/com/prgrms/mukvengers/global/security/oauth/handler/OAuthAuthenticationFailureHandler.java b/src/main/java/com/prgrms/mukvengers/global/security/oauth/handler/OAuthAuthenticationFailureHandler.java
@@ -1,8 +1,10 @@
 package com.prgrms.mukvengers.global.security.oauth.handler;
 
 import static com.prgrms.mukvengers.global.security.oauth.repository.HttpCookieOAuthAuthorizationRequestRepository.*;
+import static java.nio.charset.StandardCharsets.*;
 
 import java.io.IOException;
+import java.net.URLDecoder;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -31,10 +33,11 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
 		AuthenticationException exception) throws IOException {
 		String redirectUrl = CookieUtil.getCookie(request, REDIRECT_URI_PARAM_COOKIE_NAME)
 			.map(Cookie::getValue)
+			.map(cookie -> URLDecoder.decode(cookie, UTF_8))
 			.orElse(DEFAULT_TARGET_URL);
 
 		String targetUrl = UriComponentsBuilder.fromUriString(redirectUrl)
-			.queryParam("error", exception.getMessage())
+			.queryParam("error", exception.getMessage()) // TODO: exception.getMessage() -> error code
 			.build().toUriString();
 
 		httpCookieOAuthAuthorizationRequestRepository.removeAuthorizationRequestCookies(request, response);
diff --git a/src/main/java/com/prgrms/mukvengers/global/security/oauth/handler/OAuthAuthenticationSuccessHandler.java b/src/main/java/com/prgrms/mukvengers/global/security/oauth/handler/OAuthAuthenticationSuccessHandler.java
@@ -1,8 +1,11 @@
 package com.prgrms.mukvengers.global.security.oauth.handler;
 
 import static com.prgrms.mukvengers.global.security.oauth.repository.HttpCookieOAuthAuthorizationRequestRepository.*;
+import static java.nio.charset.StandardCharsets.*;
 
 import java.io.IOException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.Cookie;
@@ -29,6 +32,7 @@
 public class OAuthAuthenticationSuccessHandler
 	extends SavedRequestAwareAuthenticationSuccessHandler {
 
+	public static final String NAME_QUERY = "name=";
 	private final TokenService tokenService;
 
 	@Override
@@ -51,13 +55,29 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 	private String determineTargetUrl(HttpServletRequest request, String accessToken) {
 		String targetUrl = CookieUtil.getCookie(request, REDIRECT_URI_PARAM_COOKIE_NAME)
 			.map(Cookie::getValue)
+			.map(cookie -> URLDecoder.decode(cookie, UTF_8))
+			.map(this::encodeKr)
 			.orElse(getDefaultTargetUrl());
 
 		return UriComponentsBuilder.fromUriString(targetUrl)
 			.queryParam("accessToken", accessToken)
 			.build().toUriString();
 	}
 
+	// 문제가 발생한 영역 일단 하드 코딩해서 해결
+	private String encodeKr(String url) {
+
+		String[] splitUrl = url.split(NAME_QUERY);
+
+		if (splitUrl.length > 1) {
+			String name = splitUrl[1];
+			String encodedName = URLEncoder.encode(name, UTF_8);
+			return splitUrl[0] + NAME_QUERY + encodedName;
+		}
+
+		return url;
+	}
+
 	private void setRefreshTokenInCookie(HttpServletResponse response, String refreshToken) {
 		ResponseCookie token = ResponseCookie.from("refreshToken", refreshToken)
 			.path(getDefaultTargetUrl())
diff --git a/src/main/java/com/prgrms/mukvengers/global/security/oauth/repository/HttpCookieOAuthAuthorizationRequestRepository.java b/src/main/java/com/prgrms/mukvengers/global/security/oauth/repository/HttpCookieOAuthAuthorizationRequestRepository.java
@@ -1,7 +1,10 @@
 package com.prgrms.mukvengers.global.security.oauth.repository;
 
+import static java.nio.charset.StandardCharsets.*;
 import static org.springframework.util.StringUtils.*;
 
+import java.net.URLEncoder;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -37,6 +40,7 @@ public void saveAuthorizationRequest(OAuth2AuthorizationRequest authorizationReq
 			CookieUtil.serialize(authorizationRequest), COOKIE_EXPIRE_SECONDS);
 		String redirectUriAfterLogin = request.getParameter(REDIRECT_URI_PARAM_COOKIE_NAME);
 		if (hasText(redirectUriAfterLogin)) {
+			redirectUriAfterLogin = URLEncoder.encode(redirectUriAfterLogin, UTF_8);
 			CookieUtil.addCookie(response, REDIRECT_URI_PARAM_COOKIE_NAME, redirectUriAfterLogin,
 				COOKIE_EXPIRE_SECONDS);
 		}
diff --git a/src/test/java/com/prgrms/mukvengers/domain/proposal/api/ProposalControllerTest.java b/src/test/java/com/prgrms/mukvengers/domain/proposal/api/ProposalControllerTest.java
@@ -165,7 +165,7 @@ void getProposalsByLeaderId_success() throws Exception {
 
 	}
 
-	@Test
+	@Test // 신청서가 거절 됐는데 왜 저장이 되는건가요?
 	@DisplayName("[성공] 방장이 신청서를 거절하는 경우 신청서의 상태값이 'REFUSE' 로 변경되며 밥모임원에 저장된다.")
 	void update_proposalStatus_refuse_success() throws Exception {
 
@@ -177,7 +177,7 @@ void update_proposalStatus_refuse_success() throws Exception {
 				.contentType(APPLICATION_JSON)
 				.header(AUTHORIZATION, BEARER_TYPE + accessToken1)
 				.content(jsonRequest))
-			.andExpect(status().isOk())
+			.andExpect(status().isNoContent())
 			.andDo(document("proposal-Refuse",
 				resource(
 					builder()
