Skip to content

Commit

Permalink
Merge pull request #61 from 100-hours-a-week/hotfix/auth
Browse files Browse the repository at this point in the history 
hotfix: 잘못된 access token 재발급 수정, 쿠키 `setHttpOnly(true);` 적용
  • Loading branch information
@Namgyu11
Namgyu11 authored Aug 24, 2024
2 parents e883b7c + 691af89 commit d83d807
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/main/java/connectripbe/connectrip_be/auth/jwt/JwtAuthenticationFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,12 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
}
}

if (refreshToken == null || accessToken == null || refreshToken.isBlank() || accessToken.isBlank()) {
if (refreshToken == null || refreshToken.isBlank()) {
filterChain.doFilter(request, response);
return;
}

if (!jwtProvider.validateToken(accessToken)) {
if (accessToken == null || !jwtProvider.validateToken(accessToken)) {
if (!jwtProvider.validateToken(refreshToken)) {
filterChain.doFilter(request, response);
return;
Expand Down
2 changes: 2 additions & 0 deletions src/main/java/connectripbe/connectrip_be/auth/web/AuthController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,12 +93,14 @@ private void addJwtToCookie(
Cookie refreshTokenCookie = new Cookie("refreshToken", tokenDto.getRefreshToken());
refreshTokenCookie.setPath("/");
refreshTokenCookie.setMaxAge(tokenDto.getRefreshTokenExpirationTime());
refreshTokenCookie.setHttpOnly(true);

response.addCookie(refreshTokenCookie);

Cookie accessTokenCookie = new Cookie("accessToken", tokenDto.getAccessToken());
accessTokenCookie.setPath("/");
accessTokenCookie.setMaxAge(tokenDto.getAccessTokenExpirationTime());
accessTokenCookie.setHttpOnly(true);

response.addCookie(accessTokenCookie);
}
Expand Down

0 comments on commit d83d807

Please sign in to comment.