diff --git a/lms/src/main/java/com/example/lms/domain/user/controller/UserController.java b/lms/src/main/java/com/example/lms/domain/user/controller/UserController.java index caf0e8d..abcb286 100644 --- a/lms/src/main/java/com/example/lms/domain/user/controller/UserController.java +++ b/lms/src/main/java/com/example/lms/domain/user/controller/UserController.java @@ -58,10 +58,8 @@ public ResponseEntity reissue(HttpServletRequest request) { } String newAccessToken = tokenProvider.createAccessToken(subject, role, new Date()); - String newRefreshToken = tokenProvider.createRefreshToken(subject, role, new Date()); return ResponseEntity.status(OK) .header(AUTHORIZATION_HEADER, newAccessToken) - .header(COOKIE_PREFIX, createCookie(REFRESH_TOKEN_COOKIE_NAME, newRefreshToken, tokenProvider.getRefreshTokenExpirationSeconds()).toString()) .body(null); } diff --git a/lms/src/main/java/com/example/lms/domain/user/controller/UserControllerDocs.java b/lms/src/main/java/com/example/lms/domain/user/controller/UserControllerDocs.java index 2985a8f..a7efa96 100644 --- a/lms/src/main/java/com/example/lms/domain/user/controller/UserControllerDocs.java +++ b/lms/src/main/java/com/example/lms/domain/user/controller/UserControllerDocs.java @@ -29,7 +29,7 @@ public interface UserControllerDocs { }) ResponseEntity delete(HttpServletRequest request); - @Operation(summary = "재발급 요청", description = "**성공 데이터:** 헤더의 `토큰` 및 쿠키," + + @Operation(summary = "재발급 요청", description = "**성공 데이터:** 헤더의 `토큰`" + "무결성 침해 토큰으로 간주 시 `Refresh Token 초기화 진행 후 재로그인`을 유도합니다.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "재발급 성공"), diff --git a/lms/src/main/resources/application.yml b/lms/src/main/resources/application.yml index 9050a6a..f410515 100644 --- a/lms/src/main/resources/application.yml +++ b/lms/src/main/resources/application.yml @@ -12,7 +12,7 @@ spring: port: ${REDIS_PORT:6379} jpa: hibernate: - ddl-auto: create + ddl-auto: none default_batch_fetch_size: 1000 jdbc: time_zone: Asia/Seoul diff --git a/lms/src/test/java/com/example/lms/domain/user/controller/UserControllerTest.java b/lms/src/test/java/com/example/lms/domain/user/controller/UserControllerTest.java index c1ef215..5ff6583 100644 --- a/lms/src/test/java/com/example/lms/domain/user/controller/UserControllerTest.java +++ b/lms/src/test/java/com/example/lms/domain/user/controller/UserControllerTest.java @@ -214,10 +214,7 @@ void reissueToken() throws Exception { when(tokenProvider.validateRefreshTokenWithAccessTokenInfo(ROLE_STUDENT, TEST_SUBJECT, requestRefreshToken)).thenReturn(true); String newAccessToken = "newAccessToken"; - String newRefreshToken = "newRefreshToken"; Mockito.when(tokenProvider.createAccessToken(eq(TEST_SUBJECT), eq(ROLE_STUDENT), any(Date.class))).thenReturn(newAccessToken); - Mockito.when(tokenProvider.createRefreshToken(eq(TEST_SUBJECT), eq(ROLE_STUDENT), any(Date.class))).thenReturn(newRefreshToken); - Mockito.when(tokenProvider.getRefreshTokenExpirationSeconds()).thenReturn(3600L); // when ResultActions actions = mockMvc.perform( @@ -229,12 +226,6 @@ void reissueToken() throws Exception { actions .andExpect(status().isOk()) .andExpect(header().string(AUTHORIZATION_HEADER, newAccessToken)) - .andExpect(header().exists(HttpHeaders.SET_COOKIE)) - .andExpect(header().string(HttpHeaders.SET_COOKIE, containsString("refresh_token=" + newRefreshToken))) - .andExpect(header().string(HttpHeaders.SET_COOKIE, containsString("Path=/"))) - .andExpect(header().string(HttpHeaders.SET_COOKIE, containsString("Max-Age=" + 3600L))) - .andExpect(header().string(HttpHeaders.SET_COOKIE, containsString("HttpOnly"))) - .andExpect(header().string(HttpHeaders.SET_COOKIE, containsString("SameSite=Strict"))) .andDo(print()); }