fix: [Auth] Fix auth error exceptions for more readability in logs

Alan Di Giovanni · Alan Di Giovanni · commit e71db6c1af4c · 2025-07-06T13:58:56.000-03:00
diff --git a/src/main/java/com/cuoco/adapter/in/controller/UserControllerAdapter.java b/src/main/java/com/cuoco/adapter/in/controller/UserControllerAdapter.java
@@ -8,9 +8,7 @@
 import com.cuoco.application.usecase.model.Allergy;
 import com.cuoco.application.usecase.model.DietaryNeed;
 import com.cuoco.application.usecase.model.User;
-import com.cuoco.application.usecase.model.UserPreferences;
 import com.cuoco.shared.GlobalExceptionHandler;
-import com.cuoco.shared.utils.JwtUtil;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
diff --git a/src/main/java/com/cuoco/adapter/in/security/JwtAuthenticationFilterAdapter.java b/src/main/java/com/cuoco/adapter/in/security/JwtAuthenticationFilterAdapter.java
@@ -1,11 +1,13 @@
 package com.cuoco.adapter.in.security;
 
+import com.cuoco.application.exception.UnauthorizedException;
 import com.cuoco.application.port.in.AuthenticateUserCommand;
 import com.cuoco.application.usecase.model.AuthenticatedUser;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -17,6 +19,7 @@
 import java.io.IOException;
 import java.util.stream.Collectors;
 
+@Slf4j
 @Component
 public class JwtAuthenticationFilterAdapter extends OncePerRequestFilter {
 
@@ -30,18 +33,24 @@ public JwtAuthenticationFilterAdapter(AuthenticateUserCommand authenticateUserCo
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
             throws ServletException, IOException {
 
-        final String authHeader = request.getHeader("Authorization");
+        try {
+            final String authHeader = request.getHeader("Authorization");
 
-        AuthenticatedUser authenticatedUser = authenticateUserCommand.execute(buildCommand(authHeader));
+            AuthenticatedUser authenticatedUser = authenticateUserCommand.execute(buildCommand(authHeader));
 
-        if (authenticatedUser != null) {
-            UsernamePasswordAuthenticationToken userToken = buildToken(authenticatedUser);
+            if (authenticatedUser != null) {
+                UsernamePasswordAuthenticationToken userToken = buildToken(authenticatedUser);
 
-            userToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-            SecurityContextHolder.getContext().setAuthentication(userToken);
-        }
+                userToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(userToken);
+            }
+
+            filterChain.doFilter(request, response);
 
-        filterChain.doFilter(request, response);
+        } catch (UnauthorizedException e) {
+            log.warn("Unauthorized: {}", e.getDescription());
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, e.getDescription());
+        }
     }
 
     private AuthenticateUserCommand.Command buildCommand(String authHeader) {
@@ -66,6 +75,8 @@ protected boolean shouldNotFilter(HttpServletRequest request) {
                 || matcher.match("/diets", request.getRequestURI())
                 || matcher.match("/dietary-needs", request.getRequestURI())
                 || matcher.match("/cook-levels", request.getRequestURI())
+                || matcher.match("/meal-types", request.getRequestURI())
+                || matcher.match("/preparation-times", request.getRequestURI())
                 || matcher.match("/v3/api-docs/**", request.getRequestURI())
                 || matcher.match("/swagger-ui/**", request.getRequestURI())
                 || matcher.match("/swagger-ui.html", request.getRequestURI());
diff --git a/src/main/java/com/cuoco/application/usecase/AuthenticateUserUseCase.java b/src/main/java/com/cuoco/application/usecase/AuthenticateUserUseCase.java
@@ -6,7 +6,7 @@
 import com.cuoco.application.usecase.model.AuthenticatedUser;
 import com.cuoco.application.usecase.model.User;
 import com.cuoco.shared.model.ErrorDescription;
-import com.cuoco.shared.utils.JwtUtil;
+import com.cuoco.application.utils.JwtUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -34,24 +34,29 @@ public AuthenticatedUser execute(Command command) {
 
         String authHeader = command.getAuthHeader();
 
-        if (authHeader == null || !authHeader.startsWith(BEARER_PREFIX)) {
-            log.info("User don't have a valid auth header");
-            throw new UnauthorizedException(ErrorDescription.UNAUTHORIZED.getValue());
+        if (authHeader == null) {
+            log.info("Auth header is not present");
+            throw new UnauthorizedException(ErrorDescription.NO_AUTH_TOKEN.getValue());
+        }
+
+        if (!authHeader.startsWith(BEARER_PREFIX)) {
+            log.info("Don't have a valid auth token");
+            throw new UnauthorizedException(ErrorDescription.INVALID_CREDENTIALS.getValue());
         }
 
         String receivedJwt = authHeader.substring(7);
         String email = jwtUtil.extractEmail(receivedJwt);
 
         if (email == null || SecurityContextHolder.getContext().getAuthentication() != null) {
-            log.info("Token is not valid. The email is not present.");
-            throw new UnauthorizedException(ErrorDescription.INVALID_TOKEN.getValue());
+            log.info("Token is not valid: The email is not present.");
+            throw new UnauthorizedException(ErrorDescription.INVALID_CREDENTIALS.getValue());
         }
 
         User user = getUserByEmailRepository.execute(email);
 
         if (user == null || !jwtUtil.validateToken(receivedJwt, user)) {
-            log.info("Token or user with email {} are not valid", email);
-            throw new UnauthorizedException(ErrorDescription.INVALID_TOKEN.getValue());
+            log.info("Token or user with email {} are not valid or not exists", email);
+            throw new UnauthorizedException(ErrorDescription.INVALID_CREDENTIALS.getValue());
         }
 
         log.info("User authenticated with email {}", email);
diff --git a/src/main/java/com/cuoco/application/usecase/SignInUserUseCase.java b/src/main/java/com/cuoco/application/usecase/SignInUserUseCase.java
@@ -6,7 +6,7 @@
 import com.cuoco.application.usecase.model.AuthenticatedUser;
 import com.cuoco.application.usecase.model.User;
 import com.cuoco.shared.model.ErrorDescription;
-import com.cuoco.shared.utils.JwtUtil;
+import com.cuoco.application.utils.JwtUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Component;
@@ -42,9 +42,8 @@ public AuthenticatedUser execute(Command command) {
         }
 
         user.setPassword(null);
-        AuthenticatedUser authenticatedUser = buildAuthenticatedUser(user);
 
-        return authenticatedUser;
+        return buildAuthenticatedUser(user);
     }
 
     private AuthenticatedUser buildAuthenticatedUser(User user) {
diff --git a/src/main/java/com/cuoco/application/utils/JwtUtil.java b/src/main/java/com/cuoco/application/utils/JwtUtil.java
@@ -1,14 +1,19 @@
-package com.cuoco.shared.utils;
+package com.cuoco.application.utils;
 
+import com.cuoco.application.exception.UnauthorizedException;
 import com.cuoco.application.usecase.model.User;
+import com.cuoco.shared.model.ErrorDescription;
 import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.MalformedJwtException;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
 import java.util.Date;
 
+@Slf4j
 @Component
 public class JwtUtil {
 
@@ -25,13 +30,18 @@ public String generateToken(User user) {
     }
 
     public String extractEmail(String token) {
-        return Jwts.parserBuilder()
-                .setSigningKey(Keys.hmacShaKeyFor(SECRET_KEY.getBytes()))
-                .build()
-                .parseClaimsJws(token)
-                .getBody()
-                .getSubject();
-
+        try {
+            return Jwts.parserBuilder()
+                    .setSigningKey(Keys.hmacShaKeyFor(SECRET_KEY.getBytes()))
+                    .build()
+                    .parseClaimsJws(token)
+                    .getBody()
+                    .getSubject();
+
+        } catch (MalformedJwtException e) {
+            log.warn("Invalid JWT token: {}", e.getMessage());
+            throw new UnauthorizedException(ErrorDescription.INVALID_CREDENTIALS.getValue());
+        }
     }
 
     public boolean validateToken(String token, User user) {
diff --git a/src/main/java/com/cuoco/shared/config/security/SecurityConfiguration.java b/src/main/java/com/cuoco/shared/config/security/SecurityConfiguration.java
@@ -37,6 +37,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                                 "/cook-levels",
                                 "/plans",
                                 "/diets",
+                                "/meal-types",
+                                "/preparation-times",
                                 "/dietary-needs",
                                 "/allergies",
                                 "/v3/api-docs/**",
diff --git a/src/main/java/com/cuoco/shared/model/ErrorDescription.java b/src/main/java/com/cuoco/shared/model/ErrorDescription.java
@@ -1,5 +1,10 @@
 package com.cuoco.shared.model;
 
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
 public enum ErrorDescription {
 
     RECIPE_NOT_EXISTS("El ID de la receta ingresada no existe"),
@@ -18,15 +23,16 @@ public enum ErrorDescription {
 
     USER_NOT_EXISTS("El usuario ingresado no existe"),
     USER_DUPLICATED("El usuario ya existe"),
+    NO_AUTH_TOKEN("El token no esta presente"),
     INVALID_CREDENTIALS("Las credenciales no son válidas"),
-    INVALID_TOKEN("El token no es valido"),
-    EXPIRED_TOKEN("El token ha expirado"),
+    EXPIRED_CREDENTIALS("El token ha expirado"),
 
     INVALID_AUDIO_FILE_EXTENSION("La extensión del archivo de audio no es valida"),
     AUDIO_FILE_IS_REQUIRED("El archivo de audio no esta presente y es requerido"),
     AUDIO_FILE_PROCESSING_ERROR("Error procesando el archivo de audio"),
     PRO_FEATURE("Esta funcionalidad solo es para usuarios PRO"),
-    UNAUTHORIZED("El token no esta presente"),
+
+    UNAUTHORIZED("No está autorizado a usar esta función"),
     UNEXPECTED_ERROR("An unexpected error occurred: "),
     UNHANDLED("Ha ocurrido un error inesperado"),
     NOT_AVAILABLE("El servicio no esta disponible"),
@@ -35,12 +41,4 @@ public enum ErrorDescription {
     DUPLICATED("El recurso ya existe");
 
     private final String value;
-
-    ErrorDescription(String value) {
-        this.value = value;
-    }
-
-    public String getValue() {
-        return value;
-    }
 }
diff --git a/src/test/java/com/cuoco/adapter/in/controller/UserControllerAdapterTest.java b/src/test/java/com/cuoco/adapter/in/controller/UserControllerAdapterTest.java
@@ -4,7 +4,7 @@
 import com.cuoco.application.port.in.UpdateUserProfileCommand;
 import com.cuoco.application.usecase.model.User;
 import com.cuoco.factory.domain.UserFactory;
-import com.cuoco.shared.utils.JwtUtil;
+import com.cuoco.application.utils.JwtUtil;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/src/test/java/com/cuoco/application/usecase/AuthenticateUserUseCaseTest.java b/src/test/java/com/cuoco/application/usecase/AuthenticateUserUseCaseTest.java
@@ -7,7 +7,7 @@
 import com.cuoco.application.usecase.model.User;
 import com.cuoco.factory.domain.UserFactory;
 import com.cuoco.shared.model.ErrorDescription;
-import com.cuoco.shared.utils.JwtUtil;
+import com.cuoco.application.utils.JwtUtil;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
@@ -72,7 +72,7 @@ void GIVEN_token_with_null_email_WHEN_execute_THEN_throw_invalid_token() {
         when(jwtUtil.extractEmail(token)).thenReturn(null);
 
         UnauthorizedException ex = assertThrows(UnauthorizedException.class, () -> useCase.execute(command));
-        assertEquals(ErrorDescription.INVALID_TOKEN.getValue(), ex.getDescription());
+        assertEquals(ErrorDescription.INVALID_CREDENTIALS.getValue(), ex.getDescription());
     }
 
     @Test
@@ -87,6 +87,6 @@ void GIVEN_invalid_user_or_token_WHEN_execute_THEN_throw_invalid_token() {
         when(getUserByEmailRepository.execute(email)).thenReturn(null);
 
         UnauthorizedException ex = assertThrows(UnauthorizedException.class, () -> useCase.execute(command));
-        assertEquals(ErrorDescription.INVALID_TOKEN.getValue(), ex.getDescription());
+        assertEquals(ErrorDescription.INVALID_CREDENTIALS.getValue(), ex.getDescription());
     }
 }
diff --git a/src/test/java/com/cuoco/application/usecase/SignInUserUseCaseTest.java b/src/test/java/com/cuoco/application/usecase/SignInUserUseCaseTest.java
@@ -6,7 +6,7 @@
 import com.cuoco.application.usecase.model.AuthenticatedUser;
 import com.cuoco.application.usecase.model.User;
 import com.cuoco.shared.model.ErrorDescription;
-import com.cuoco.shared.utils.JwtUtil;
+import com.cuoco.application.utils.JwtUtil;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.security.crypto.password.PasswordEncoder;
