[♻️ refactor] 컨트롤러에 @AuthenticationPrincipal을 사용하여 인증된 사용자 ID 연동#139
Merged
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR refactors controller methods to inject the authenticated user ID via Spring Security’s @AuthenticationPrincipal and removes hard-coded user IDs and TODOs; it also introduces a custom @WithMockCustomUser annotation and TestSecurityConfig to mock authentication in controller tests.
- Controllers now accept
@AuthenticationPrincipal userId: Longand remove temporary hard-coded IDs. - Added
WithMockCustomUserannotation and corresponding security context factory for tests. - Updated all controller tests to import
TestSecurityConfig, use@WithMockCustomUser, and adjust CSRF handling and status assertions.
Reviewed Changes
Copilot reviewed 17 out of 19 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/test/kotlin/com/terning/server/kotlin/ui/api/SearchControllerTest.kt | Imported TestSecurityConfig, removed @WithMockUser, added @WithMockCustomUser per test |
| src/test/kotlin/com/terning/server/kotlin/ui/api/ScrapControllerTest.kt | Added @WithMockCustomUser, removed hard-coded auth setup |
| src/test/kotlin/com/terning/server/kotlin/ui/api/MyPageControllerTest.kt | Added @WithMockCustomUser, imported CSRF for patch, changed status assertion |
| src/test/kotlin/com/terning/server/kotlin/ui/api/HomeControllerTest.kt | Imported TestSecurityConfig, replaced @WithMockUser, added @WithMockCustomUser |
| src/test/kotlin/com/terning/server/kotlin/ui/api/FilterControllerTest.kt | Added @WithMockCustomUser, imported CSRF for POST/PUT |
| src/test/kotlin/com/terning/server/kotlin/ui/api/CalendarControllerTest.kt | Imported TestSecurityConfig, replaced @WithMockUser, added @WithMockCustomUser |
| src/test/kotlin/com/terning/server/kotlin/ui/api/AuthControllerTest.kt | Added @WithMockCustomUser on logout test, updated display names |
| src/test/kotlin/com/terning/server/kotlin/ui/api/AnnouncementControllerTest.kt | Imported TestSecurityConfig, replaced @WithMockUser, added @WithMockCustomUser |
| src/test/kotlin/com/terning/server/kotlin/support/WithMockCustomUserSecurityContextFactory.kt | New security context factory for WithMockCustomUser annotation |
| src/test/kotlin/com/terning/server/kotlin/support/WithMockCustomUser.kt | New annotation to mock a Long principal in tests |
| src/main/kotlin/com/terning/server/kotlin/ui/api/SearchController.kt | Added @AuthenticationPrincipal userId, removed hard-coded IDs/TODOs |
| src/main/kotlin/com/terning/server/kotlin/ui/api/ScrapController.kt | Added @AuthenticationPrincipal userId, removed hard-coded IDs/TODOs |
| src/main/kotlin/com/terning/server/kotlin/ui/api/MyPageController.kt | Added @AuthenticationPrincipal userId, removed hard-coded IDs/TODOs |
| src/main/kotlin/com/terning/server/kotlin/ui/api/HomeController.kt | Added @AuthenticationPrincipal userId, removed hard-coded IDs/TODOs |
| src/main/kotlin/com/terning/server/kotlin/ui/api/FilterController.kt | Added @AuthenticationPrincipal userId, removed hard-coded IDs/TODOs |
| src/main/kotlin/com/terning/server/kotlin/ui/api/CalendarController.kt | Added @AuthenticationPrincipal userId, removed hard-coded IDs/TODOs |
| src/main/kotlin/com/terning/server/kotlin/ui/api/AnnouncementController.kt | Added @AuthenticationPrincipal userId, removed hard-coded IDs/TODOs |
Comments suppressed due to low confidence (3)
src/test/kotlin/com/terning/server/kotlin/ui/api/ScrapControllerTest.kt:57
- POST endpoint tests should include a CSRF token when CSRF protection is enabled. Add
with(csrf())inside the mockMvc.post block.
// when & then
src/test/kotlin/com/terning/server/kotlin/ui/api/ScrapControllerTest.kt:69
- PATCH endpoint tests should include a CSRF token. Add
with(csrf())inside the mockMvc.patch block.
@DisplayName("스크랩 색상을 업데이트한다")
src/test/kotlin/com/terning/server/kotlin/ui/api/ScrapControllerTest.kt:81
- DELETE endpoint tests should include a CSRF token. Add
with(csrf())inside the mockMvc.delete block.
}.andExpect {
| @WebMvcTest(SearchController::class) | ||
| @WithMockUser | ||
| @Import(TestSecurityConfig::class) | ||
| @ActiveProfiles("test") |
There was a problem hiding this comment.
[nitpick] Consider moving @WithMockCustomUser(userId = 1L) to the class level to avoid repeating it on every test method.
Suggested change
| @ActiveProfiles("test") | |
| @ActiveProfiles("test") | |
| @WithMockCustomUser(userId = 1L) |
leeeyubin
approved these changes
Jun 27, 2025
leeeyubin
left a comment
leeeyubin
left a comment
Member
There was a problem hiding this comment.
변경된 사항 확인했습니다! TODO로 된 부분 많았을 텐데 수정해주셔서 감사해요!
장순님이 @WithMockCustomUser 만드신 거 좋은 것 같아요!
더 좋은 방법 찾으면 저도 공유해보도록 하겠습니다~ 수고하셨어요!
Comment on lines
+6
to
+8
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | ||
| cancel-in-progress: true |
Member
There was a problem hiding this comment.
오 여러 워크플로우에 대한 동시성 설정인가요?! 신기하군요
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📄 Work Description
@AuthenticationPrincipal적용: 모든 컨트롤러에서 하드코딩 되어있던 userId를 제거하고, Spring Security의@AuthenticationPrincipal을 통해 동적으로 인증된 사용자 ID를 받아오도록 수정했습니다.@WithMockCustomUser추가: 컨트롤러 테스트 시,@AuthenticationPrincipal로 주입되는 Long 타입의 사용자 ID를 간단하게 모킹(Mocking)하기 위한 커스텀 어노테이션과 Security Context Factory를 구현했습니다.@WithMockCustomUser를 적용하고 관련 로직을 수정했습니다.💭 Thoughts
@WithMockCustomUser를 만든 이유:@AuthenticationPrincipalLong userId 형태로 사용자 ID를 직접 받고 있습니다. 하지만 Spring Security Test의 기본@WithMockUser는 principal을 String 타입의 username으로 설정하여 저희 로직과 맞지 않았습니다.@WithMockCustomUser어노테이션을 만들어 테스트의 편의성과 코드의 일관성을 높였습니다.✅ Testing Result
🗂 Related Issue