spring-org · SeokRae · Oct 18, 2021 · Oct 18, 2021 · Oct 18, 2021
diff --git a/build.gradle b/build.gradle
@@ -46,6 +46,10 @@ dependencies {
 
     // https://www.archunit.org/getting-started
     testImplementation 'com.tngtech.archunit:archunit-junit5:0.21.0'
+
+    // https://mvnrepository.com/artifact/io.rest-assured/rest-assured
+    testImplementation 'io.rest-assured:rest-assured:4.4.0'
+
 }
 
 test {

diff --git a/src/main/java/com/example/realworld/application/articles/dto/RequestUpdateArticle.java b/src/main/java/com/example/realworld/application/articles/dto/RequestUpdateArticle.java
@@ -3,10 +3,8 @@
 import lombok.AccessLevel;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
-import lombok.ToString;
 
 @Getter
-@ToString
 @NoArgsConstructor(access = AccessLevel.PROTECTED)
 public class RequestUpdateArticle {
 

diff --git a/src/main/java/com/example/realworld/application/users/dto/RequestLoginUser.java b/src/main/java/com/example/realworld/application/users/dto/RequestLoginUser.java
@@ -1,19 +1,21 @@
 package com.example.realworld.application.users.dto;
 
-import com.example.realworld.application.users.persistence.User;
+import lombok.AccessLevel;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.ToString;
 
 import javax.validation.constraints.NotEmpty;
 
 @Getter
 @ToString
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
 public class RequestLoginUser {
 
     @NotEmpty(message = "email is not empty")
-    private final String email;
+    private String email;
     @NotEmpty(message = "password is not empty")
-    private final String password;
+    private String password;
 
     private RequestLoginUser(String email, String password) {
         this.email = email;
@@ -23,8 +25,4 @@ private RequestLoginUser(String email, String password) {
     public static RequestLoginUser of(String email, String password) {
         return new RequestLoginUser(email, password);
     }
-
-    public static User toEntity(RequestLoginUser loginUser) {
-        return User.of(loginUser.getEmail(), loginUser.getPassword());
-    }
 }
diff --git a/src/main/java/com/example/realworld/application/users/dto/RequestSaveUser.java b/src/main/java/com/example/realworld/application/users/dto/RequestSaveUser.java
@@ -1,22 +1,25 @@
 package com.example.realworld.application.users.dto;
 
 import com.example.realworld.application.users.persistence.User;
+import lombok.AccessLevel;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.ToString;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 import javax.validation.constraints.NotEmpty;
 
 @Getter
 @ToString
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
 public class RequestSaveUser {
 
     @NotEmpty(message = "email is not empty")
-    private final String email;
+    private String email;
     @NotEmpty(message = "userName is not empty")
-    private final String userName;
+    private String userName;
     @NotEmpty(message = "password is not empty")
-    private final String password;
+    private String password;
 
     private RequestSaveUser(String email, String userName, String password) {
         this.email = email;

diff --git a/src/main/java/com/example/realworld/application/users/dto/RequestUpdateUser.java b/src/main/java/com/example/realworld/application/users/dto/RequestUpdateUser.java
@@ -1,30 +1,28 @@
 package com.example.realworld.application.users.dto;
 
+import lombok.AccessLevel;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.ToString;
 
-import javax.validation.constraints.NotEmpty;
-
 @Getter
 @ToString
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
 public class RequestUpdateUser {
 
-    @NotEmpty(message = "email is not empty")
-    private final String email;
-    private final String userName;
-    private final String password;
-    private final String image;
-    private final String bio;
+    private String userName;
+    private String password;
+    private String image;
+    private String bio;
 
-    private RequestUpdateUser(String email, String userName, String password, String image, String bio) {
-        this.email = email;
+    private RequestUpdateUser(String userName, String password, String image, String bio) {
         this.userName = userName;
         this.password = password;
         this.image = image;
         this.bio = bio;
     }
 
-    public static RequestUpdateUser of(String email, String userName, String password, String image, String bio) {
-        return new RequestUpdateUser(email, userName, password, image, bio);
+    public static RequestUpdateUser of(String userName, String password, String image, String bio) {
+        return new RequestUpdateUser(userName, password, image, bio);
     }
 }
diff --git a/src/main/java/com/example/realworld/application/users/persistence/User.java b/src/main/java/com/example/realworld/application/users/persistence/User.java
@@ -88,9 +88,6 @@ public User generateToken(String generateToken) {
 
     // 프로필 업데이트
     public void update(RequestUpdateUser updateUser) {
-        if (StringUtils.hasText(updateUser.getEmail())) {
-            this.email = updateUser.getEmail();
-        }
         if (StringUtils.hasText(updateUser.getPassword())) {
             this.password = updateUser.getPassword();
         }

diff --git a/src/main/java/com/example/realworld/application/users/presentation/UserApi.java b/src/main/java/com/example/realworld/application/users/presentation/UserApi.java
@@ -2,7 +2,6 @@
 
 import com.example.realworld.application.users.dto.RequestUpdateUser;
 import com.example.realworld.application.users.dto.ResponseUser;
-import com.example.realworld.application.users.exception.UnauthorizedUserException;
 import com.example.realworld.application.users.service.UserService;
 import com.example.realworld.core.security.context.UserDetailsContext;
 import lombok.RequiredArgsConstructor;
@@ -49,11 +48,6 @@ public ResponseEntity<ResponseUser> putUser(
             @Valid @RequestBody RequestUpdateUser updateUser) {
 
         String email = userDetailsContext.getUsername();
-        // 일단 이메일 정보가 일치해야 수정이 가능한 것으로 간주.
-        if (!email.equals(updateUser.getEmail())) {
-            throw new UnauthorizedUserException();
-        }
-
         ResponseUser responseUser = userService.updateUser(email, updateUser);
 
         return ResponseEntity.status(HttpStatus.OK).body(responseUser);

diff --git a/src/main/java/com/example/realworld/application/users/service/UserBusinessService.java b/src/main/java/com/example/realworld/application/users/service/UserBusinessService.java
@@ -72,7 +72,7 @@ public ResponseUser getUserByEmail(String email) {
     /**
      * 현재 사용자의 프로필 정보 조회
      *
-     * @param email 현재 사용자의 이메일 정보
+     * @param toEmail 현재 사용자의 이메일 정보
      * @return 현재 사용자의 프로필 정보 반환
      */
     @Override

diff --git a/src/main/java/com/example/realworld/core/config/SecurityConfig.java b/src/main/java/com/example/realworld/core/config/SecurityConfig.java
@@ -74,7 +74,10 @@ protected void configure(HttpSecurity http) throws Exception {
         http
                 .authorizeRequests()
                 .antMatchers(POST, "/api/users/login", "/api/users").permitAll()
-                .antMatchers(GET, "/api/tags", "/api/articles", "/api/articles/feed", "/api/profiles/*").permitAll()
+                .antMatchers(GET,
+                        "/api/tags", "/api/articles", "/api/articles/*",
+                        "/api/articles/feed", "/api/profiles/*", "/api/articles/*/comments"
+                ).permitAll()
                 .anyRequest().authenticated()
                 .and()
                 .addFilter(jwtAuthenticationFilter())