refactor: 회원가입 토큰 검증 시, 서버에 저장된 값과 동일한지 검증 추가

nayonsoso · nayonsoso · commit 05bb08835730 · 2025-08-25T22:15:23.000+09:00
- code rabbit 리뷰 반영: #479 (comment)
diff --git a/src/main/java/com/example/solidconnection/auth/controller/AuthController.java b/src/main/java/com/example/solidconnection/auth/controller/AuthController.java
@@ -10,10 +10,10 @@
 import com.example.solidconnection.auth.dto.oauth.OAuthResponse;
 import com.example.solidconnection.auth.dto.oauth.OAuthSignInResponse;
 import com.example.solidconnection.auth.service.AuthService;
+import com.example.solidconnection.auth.service.oauth.OAuthService;
 import com.example.solidconnection.auth.service.signin.EmailSignInService;
 import com.example.solidconnection.auth.service.signup.EmailSignUpTokenProvider;
 import com.example.solidconnection.auth.service.signup.SignUpService;
-import com.example.solidconnection.auth.service.oauth.OAuthService;
 import com.example.solidconnection.common.exception.CustomException;
 import com.example.solidconnection.common.exception.ErrorCode;
 import com.example.solidconnection.common.resolver.AuthorizedUser;
diff --git a/src/main/java/com/example/solidconnection/auth/service/signup/SignUpTokenProvider.java b/src/main/java/com/example/solidconnection/auth/service/signup/SignUpTokenProvider.java
@@ -1,7 +1,6 @@
 package com.example.solidconnection.auth.service.signup;
 
 import static com.example.solidconnection.common.exception.ErrorCode.SIGN_UP_TOKEN_INVALID;
-import static com.example.solidconnection.common.exception.ErrorCode.SIGN_UP_TOKEN_NOT_ISSUED_BY_SERVER;
 
 import com.example.solidconnection.auth.domain.SignUpToken;
 import com.example.solidconnection.auth.domain.Subject;
@@ -41,8 +40,7 @@ public void deleteByEmail(String email) {
 
     public void validateSignUpToken(String token) {
         validateFormatAndExpiration(token);
-        String email = parseEmail(token);
-        validateIssuedByServer(email);
+        validateIssuedByServer(token);
     }
 
     private void validateFormatAndExpiration(String token) { // 파싱되는지, AuthType이 포함되어있는지 검증
@@ -54,9 +52,11 @@ private void validateFormatAndExpiration(String token) { // 파싱되는지, Aut
         }
     }
 
-    private void validateIssuedByServer(String email) {
+    private void validateIssuedByServer(String token) {
+        String email = parseEmail(token);
         tokenStorage.findToken(new Subject(email), SignUpToken.class)
-                .orElseThrow(() -> new CustomException(SIGN_UP_TOKEN_NOT_ISSUED_BY_SERVER));
+                .filter(foundToken -> foundToken.equals(token))
+                .orElseThrow(() -> new CustomException(SIGN_UP_TOKEN_INVALID));
     }
 
     public String parseEmail(String token) {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,6 @@`
`1`	`1`	`package com.example.solidconnection.auth.service.signup;`
`2`	`2`
`3`	`3`	`import static com.example.solidconnection.common.exception.ErrorCode.SIGN_UP_TOKEN_INVALID;`
`4`		`-import static com.example.solidconnection.common.exception.ErrorCode.SIGN_UP_TOKEN_NOT_ISSUED_BY_SERVER;`
`5`	`4`
`6`	`5`	`import com.example.solidconnection.auth.domain.SignUpToken;`
`7`	`6`	`import com.example.solidconnection.auth.domain.Subject;`
`@@ -41,8 +40,7 @@ public void deleteByEmail(String email) {`
`41`	`40`
`42`	`41`	`public void validateSignUpToken(String token) {`
`43`	`42`	`validateFormatAndExpiration(token);`
`44`		`- String email = parseEmail(token);`
`45`		`- validateIssuedByServer(email);`
	`43`	`+ validateIssuedByServer(token);`
`46`	`44`	`}`
`47`	`45`
`48`	`46`	`private void validateFormatAndExpiration(String token) { // 파싱되는지, AuthType이 포함되어있는지 검증`
`@@ -54,9 +52,11 @@ private void validateFormatAndExpiration(String token) { // 파싱되는지, Aut`
`54`	`52`	`}`
`55`	`53`	`}`
`56`	`54`
`57`		`- private void validateIssuedByServer(String email) {`
	`55`	`+ private void validateIssuedByServer(String token) {`
	`56`	`+ String email = parseEmail(token);`
`58`	`57`	`tokenStorage.findToken(new Subject(email), SignUpToken.class)`
`59`		`- .orElseThrow(() -> new CustomException(SIGN_UP_TOKEN_NOT_ISSUED_BY_SERVER));`
	`58`	`+ .filter(foundToken -> foundToken.equals(token))`
	`59`	`+ .orElseThrow(() -> new CustomException(SIGN_UP_TOKEN_INVALID));`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`public String parseEmail(String token) {`