fix(member-social): 애플 로그인 aud 검증에 serviceId를 포함한다

2026-03-30 09:21:59 +09:00
parent 2160e7b9dd
commit a4ffab0351
4 changed files with 109 additions and 3 deletions
--- a/src/test/kotlin/kr/co/vividnext/sodalive/member/social/apple/AppleIdentityTokenVerifierTest.kt
+++ b/src/test/kotlin/kr/co/vividnext/sodalive/member/social/apple/AppleIdentityTokenVerifierTest.kt
@@ -0,0 +1,40 @@
+package kr.co.vividnext.sodalive.member.social.apple
+
+import org.junit.jupiter.api.Assertions.assertFalse
+import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.DisplayName
+import org.junit.jupiter.api.Test
+
+class AppleIdentityTokenVerifierTest {
+    @Test
+    @DisplayName("aud가 bundleId와 일치하면 허용된다")
+    fun shouldAcceptBundleIdAudience() {
+        val verifier = AppleIdentityTokenVerifier(bundleId = "kr.co.vividnext.sodalive", serviceId = "com.vividnext.sodalive.web")
+
+        assertTrue(verifier.isSupportedAudience(listOf("kr.co.vividnext.sodalive")))
+    }
+
+    @Test
+    @DisplayName("aud가 serviceId와 일치하면 허용된다")
+    fun shouldAcceptServiceIdAudience() {
+        val verifier = AppleIdentityTokenVerifier(bundleId = "kr.co.vividnext.sodalive", serviceId = "com.vividnext.sodalive.web")
+
+        assertTrue(verifier.isSupportedAudience(listOf("com.vividnext.sodalive.web")))
+    }
+
+    @Test
+    @DisplayName("aud가 bundleId와 serviceId 모두 다르면 거부된다")
+    fun shouldRejectUnknownAudience() {
+        val verifier = AppleIdentityTokenVerifier(bundleId = "kr.co.vividnext.sodalive", serviceId = "com.vividnext.sodalive.web")
+
+        assertFalse(verifier.isSupportedAudience(listOf("com.other.app")))
+    }
+
+    @Test
+    @DisplayName("bundleId와 serviceId가 모두 비어있으면 거부된다")
+    fun shouldRejectWhenExpectedAudienceIsMissing() {
+        val verifier = AppleIdentityTokenVerifier(bundleId = " ", serviceId = "")
+
+        assertFalse(verifier.isSupportedAudience(listOf("com.vividnext.sodalive.web")))
+    }
+}