디버깅 로그 추가

2026-02-19 13:25:45 +09:00
parent 6fd0e5c800
commit f617467082
5 changed files with 334 additions and 23 deletions
--- a/userfront/test/oidc_redirect_guard_test.dart
+++ b/userfront/test/oidc_redirect_guard_test.dart
@@ -5,13 +5,36 @@ void main() {
  group('oidc_redirect_guard', () {
    test('http/https 절대 URL만 허용', () {
      final ok = validateOidcRedirectTarget(
-        'https://sso-test.hmac.kr/oidc/oauth2/auth?client_id=devfront&login_verifier=abc',
+        'https://sso-test.hmac.kr/oidc/oauth2/auth?client_id=devfront&login_verifier=abc&state=xyz&code_challenge=ccc&code_challenge_method=S256&response_type=code&scope=openid%20profile&redirect_uri=http%3A%2F%2Flocalhost%3A5174%2Fcallback',
      );
      expect(ok.isValid, isTrue);
      expect(ok.reason, 'ok');
+      expect(ok.scheme, 'https');
      expect(ok.host, 'sso-test.hmac.kr');
      expect(ok.path, '/oidc/oauth2/auth');
+      expect(ok.isOidcAuthPath, isTrue);
+      expect(ok.queryParamCount, 8);
+      expect(
+        ok.queryKeys,
+        containsAll(['client_id', 'login_verifier', 'state']),
+      );
      expect(ok.hasLoginVerifier, isTrue);
+      expect(ok.loginVerifierLength, 3);
+      expect(ok.hasState, isTrue);
+      expect(ok.stateLength, 3);
+      expect(ok.hasClientId, isTrue);
+      expect(ok.clientId, 'devfront');
+      expect(ok.hasCodeChallenge, isTrue);
+      expect(ok.codeChallengeLength, 3);
+      expect(ok.codeChallengeMethod, 'S256');
+      expect(ok.hasRedirectUri, isTrue);
+      expect(ok.redirectUriScheme, 'http');
+      expect(ok.redirectUriHost, 'localhost');
+      expect(ok.redirectUriPort, 5174);
+      expect(ok.redirectUriPath, '/callback');
+      expect(ok.responseType, 'code');
+      expect(ok.scopeCount, 2);
+      expect(ok.toDiagnostics()['client_id'], 'devfront');

      final relative = validateOidcRedirectTarget('/oidc/oauth2/auth');
      expect(relative.isValid, isFalse);
@@ -27,10 +50,13 @@ void main() {
      expect(empty.isValid, isFalse);
      expect(empty.reason, 'empty');
      expect(empty.length, 0);
+      expect(empty.queryParamCount, 0);
+      expect(empty.hasRedirectUri, isFalse);

      final malformed = validateOidcRedirectTarget('https://[broken');
      expect(malformed.isValid, isFalse);
      expect(malformed.reason, 'parse_error');
+      expect(malformed.queryParamCount, 0);
    });
  });
 }
--- a/userfront/test/password_login_flow_policy_test.dart
+++ b/userfront/test/password_login_flow_policy_test.dart
@@ -0,0 +1,47 @@
+import 'package:flutter_test/flutter_test.dart';
+import 'package:userfront/features/auth/domain/password_login_flow_policy.dart';
+
+void main() {
+  group('password_login_flow_policy', () {
+    test('redirectTo가 있으면 OIDC redirect를 우선한다', () {
+      final action = decidePasswordLoginNextAction(
+        hasLoginChallenge: true,
+        redirectTo:
+            'https://sso-test.hmac.kr/oidc/oauth2/auth?login_verifier=a',
+        jwt: 'jwt-token',
+      );
+
+      expect(action, PasswordLoginNextAction.redirectToOidc);
+    });
+
+    test('OIDC challenge가 있고 redirectTo가 없으면 accept를 시도한다', () {
+      final action = decidePasswordLoginNextAction(
+        hasLoginChallenge: true,
+        redirectTo: null,
+        jwt: 'jwt-token',
+      );
+
+      expect(action, PasswordLoginNextAction.acceptOidc);
+    });
+
+    test('OIDC challenge가 없고 jwt가 있으면 로컬 로그인 완료로 진행한다', () {
+      final action = decidePasswordLoginNextAction(
+        hasLoginChallenge: false,
+        redirectTo: null,
+        jwt: 'jwt-token',
+      );
+
+      expect(action, PasswordLoginNextAction.localLogin);
+    });
+
+    test('redirectTo/jwt 모두 없으면 invalid로 처리한다', () {
+      final action = decidePasswordLoginNextAction(
+        hasLoginChallenge: false,
+        redirectTo: null,
+        jwt: null,
+      );
+
+      expect(action, PasswordLoginNextAction.invalid);
+    });
+  });
+}