[fix/#9] parsing 예외, NotFound 예외 BadCredentialsException로 통일 및 이메일 검증 로직 추가

sejoon00 · sejoon00 · commit 88c2033afd33 · 2025-01-15T16:57:08.000+09:00
diff --git a/build.gradle b/build.gradle
@@ -53,6 +53,9 @@ dependencies {
     runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
     runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
 
+    // validator
+    implementation 'commons-validator:commons-validator:1.7'
+
 }
 
 tasks.named('test') {
diff --git a/src/main/java/com/moplus/moplus_server/domain/member/domain/Member.java b/src/main/java/com/moplus/moplus_server/domain/member/domain/Member.java
@@ -35,4 +35,8 @@ public Member(String nickname, String email, String password, MemberRole role) {
         this.password = password;
         this.role = role;
     }
+
+    public boolean isMatchingPassword(String password) {
+        return this.password.equals(password);
+    }
 }
diff --git a/src/main/java/com/moplus/moplus_server/global/config/security/SecurityConfig.java b/src/main/java/com/moplus/moplus_server/global/config/security/SecurityConfig.java
@@ -89,7 +89,7 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration c
 
     @Bean
     public EmailPasswordAuthenticationProvider emailPasswordAuthenticationProvider() {
-        return new EmailPasswordAuthenticationProvider(memberService, bCryptPasswordEncoder());
+        return new EmailPasswordAuthenticationProvider(memberService);
     }
 
     @Bean
diff --git a/src/main/java/com/moplus/moplus_server/global/security/filter/EmailPasswordAuthenticationFilter.java b/src/main/java/com/moplus/moplus_server/global/security/filter/EmailPasswordAuthenticationFilter.java
@@ -3,11 +3,11 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.moplus.moplus_server.domain.auth.dto.request.AdminLoginRequest;
 import com.moplus.moplus_server.global.error.exception.ErrorCode;
-import com.moplus.moplus_server.global.error.exception.NotFoundException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -29,7 +29,7 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
             authRequest = UsernamePasswordAuthenticationToken.unauthenticated(loginRequest.email(),
                     loginRequest.password());
         } catch (IOException exception) {
-            throw new NotFoundException(ErrorCode.MEMBER_NOT_FOUND);
+            throw new BadCredentialsException(ErrorCode.INVALID_INPUT_VALUE.getMessage());
         }
         setDetails(request, authRequest);
         return this.getAuthenticationManager().authenticate(authRequest);
diff --git a/src/main/java/com/moplus/moplus_server/global/security/provider/EmailPasswordAuthenticationProvider.java b/src/main/java/com/moplus/moplus_server/global/security/provider/EmailPasswordAuthenticationProvider.java
@@ -2,31 +2,38 @@
 
 import com.moplus.moplus_server.domain.member.domain.Member;
 import com.moplus.moplus_server.domain.member.service.MemberService;
+import com.moplus.moplus_server.global.error.exception.ErrorCode;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
+import org.apache.commons.validator.routines.EmailValidator;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 @RequiredArgsConstructor
 public class EmailPasswordAuthenticationProvider implements AuthenticationProvider {
 
     private final MemberService memberService;
-    private final BCryptPasswordEncoder passwordEncoder;
+
+    private static void validateEmail(String memberEmail) {
+        if (!EmailValidator.getInstance().isValid(memberEmail)) {
+            throw new BadCredentialsException(ErrorCode.BAD_CREDENTIALS.getMessage());
+        }
+    }
 
     @Override
     public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
         final UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
         final String memberEmail = token.getName();
         final String memberPassword = (String) token.getCredentials();
 
-        Member member = memberService.getMemberByEmail(memberEmail);
-        if (!memberPassword.equals(member.getPassword())) {
-            throw new BadCredentialsException(member.getEmail() + "Invalid password");
+        validateEmail(memberEmail);
+        final Member member = getMemberByEmail(memberEmail);
+        if (!member.isMatchingPassword(memberPassword)) {
+            throw new BadCredentialsException(ErrorCode.BAD_CREDENTIALS.getMessage());
         }
 
         return UsernamePasswordAuthenticationToken.authenticated(
@@ -36,6 +43,14 @@ public Authentication authenticate(final Authentication authentication) throws A
                 ));
     }
 
+    private Member getMemberByEmail(String memberEmail) {
+        try {
+            return memberService.getMemberByEmail(memberEmail);
+        } catch (Exception e) {
+            throw new BadCredentialsException(ErrorCode.BAD_CREDENTIALS.getMessage());
+        }
+    }
+
     @Override
     public boolean supports(Class<?> authentication) {
         return authentication.equals(UsernamePasswordAuthenticationToken.class);
diff --git a/src/test/java/com/moplus/moplus_server/domain/auth/controller/AuthControllerTest.java b/src/test/java/com/moplus/moplus_server/domain/auth/controller/AuthControllerTest.java
@@ -7,7 +7,10 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.moplus.moplus_server.domain.auth.dto.request.AdminLoginRequest;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -41,30 +44,73 @@ public void setMockMvc() {
                 .apply(springSecurity()).build();
     }
 
-    @Test
-    void 어드민_로그인_성공() throws Exception {
+    @Nested
+    class 어드민_로그인 {
 
-        AdminLoginRequest request = new AdminLoginRequest("admin@example.com", "password123"); // DTO 객체 생성
-        String requestBody = objectMapper.writeValueAsString(request);
+        @Test
+        void 성공() throws Exception {
 
-        mockMvc.perform(MockMvcRequestBuilders.post("/api/v1/auth/admin/login")
-                        .contentType("application/json")
-                        .content(requestBody))
-                .andExpect(status().isOk()) // 200 응답 확인
-                .andExpect(header().exists("Authorization"))
-                .andExpect(header().exists("RefreshToken"));
+            AdminLoginRequest request = new AdminLoginRequest("admin@example.com", "password123");
+            String requestBody = objectMapper.writeValueAsString(request);
 
-    }
+            mockMvc.perform(MockMvcRequestBuilders.post("/api/v1/auth/admin/login")
+                            .contentType("application/json")
+                            .content(requestBody))
+                    .andExpect(status().isOk()) // 200 응답 확인
+                    .andExpect(header().exists("Authorization"))
+                    .andExpect(header().exists("RefreshToken"));
+
+        }
+
+        @Test
+        void 잘못된_요청_본문() throws Exception {
+
+            record TempRecord(String data) {
+            }
+
+            TempRecord request = new TempRecord("임시 테스트 요청 본문");
+            String requestBody = objectMapper.writeValueAsString(request);
+
+            mockMvc.perform(MockMvcRequestBuilders.post("/api/v1/auth/admin/login")
+                            .contentType("application/json")
+                            .content(requestBody))
+                    .andExpect(status().isUnauthorized());
+        }
+
+        @ParameterizedTest
+        @ValueSource(strings = {
+                "plainaddress",              // 이메일 형식이 아님
+                "@missingusername.com",      // 사용자명 없음
+                "username@.com",             // 도메인 이름 없음
+                "username@com",              // 잘못된 도메인
+                "username@domain..com",      // 연속된 점
+                "username@domain,com",       // 쉼표 포함
+                "username@domain space.com", // 공백 포함
+                "username@domain.com space", // 공백 포함
+                "username@domain#com",       // 특수문자 포함
+                ""                           // 빈 문자열
+        })
+        void 잘못된_이메일_양식(String email) throws Exception {
+
+            AdminLoginRequest request = new AdminLoginRequest(email, "password123");
+            String requestBody = objectMapper.writeValueAsString(request);
+
+            mockMvc.perform(MockMvcRequestBuilders.post("/api/v1/auth/admin/login")
+                            .contentType("application/json")
+                            .content(requestBody))
+                    .andExpect(status().isUnauthorized()); // 401 응답 확인
+        }
 
-    @Test
-    void 어드민_로그인_실패() throws Exception {
+        @Test
+        void 실패() throws Exception {
 
-        AdminLoginRequest request = new AdminLoginRequest("admin@example.com", "wrong123"); // DTO 객체 생성
-        String requestBody = objectMapper.writeValueAsString(request);
+            AdminLoginRequest request = new AdminLoginRequest("admin@example.com", "wrong123");
+            String requestBody = objectMapper.writeValueAsString(request);
 
-        mockMvc.perform(MockMvcRequestBuilders.post("/api/v1/auth/admin/login")
-                        .contentType("application/json")
-                        .content(requestBody))
-                .andExpect(status().isUnauthorized()); // 401 응답 확인
+            mockMvc.perform(MockMvcRequestBuilders.post("/api/v1/auth/admin/login")
+                            .contentType("application/json")
+                            .content(requestBody))
+                    .andExpect(status().isUnauthorized()); // 401 응답 확인
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,9 @@ dependencies {`
`53`	`53`	`runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'`
`54`	`54`	`runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'`
`55`	`55`
	`56`	`+ // validator`
	`57`	`+ implementation 'commons-validator:commons-validator:1.7'`
	`58`	`+`
`56`	`59`	`}`
`57`	`60`
`58`	`61`	`tasks.named('test') {`
Original file line number	Diff line number	Diff line change
`@@ -35,4 +35,8 @@ public Member(String nickname, String email, String password, MemberRole role) {`
`35`	`35`	`this.password = password;`
`36`	`36`	`this.role = role;`
`37`	`37`	`}`
	`38`	`+`
	`39`	`+ public boolean isMatchingPassword(String password) {`
	`40`	`+ return this.password.equals(password);`
	`41`	`+ }`
`38`	`42`	`}`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration c`
`89`	`89`
`90`	`90`	`@Bean`
`91`	`91`	`public EmailPasswordAuthenticationProvider emailPasswordAuthenticationProvider() {`
`92`		`- return new EmailPasswordAuthenticationProvider(memberService, bCryptPasswordEncoder());`
	`92`	`+ return new EmailPasswordAuthenticationProvider(memberService);`
`93`	`93`	`}`
`94`	`94`
`95`	`95`	`@Bean`