feat: 인증 사용자 닉네임 변경 제한 및 인증 요약 조회 Public API 추가#23
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds functionality to prevent verified users from changing their nickname or server name, and introduces a new public API endpoint for retrieving user verification summaries. The changes also include Swagger/OpenAPI documentation updates and improvements to input validation behavior.
Changes:
- Added validation to block verified users from changing their nicknames in the user info update flow
- Created a new public endpoint
/api/user/verification/public/users/{userId}/summaryfor retrieving verification status and history - Added Swagger
@Operationannotations to all verification controller endpoints - Changed
normalizeLimitto throw exceptions for invalid values instead of silently clamping them - Added
serverNameandverifiedfields toUserInfoResponse - Fixed profile image handling to preserve existing images when no new file is uploaded
- Updated
.gitignoreto include additional environment file variations
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| UserVerificationController.java | Added @Operation annotations for API documentation and new public summary endpoint |
| UserVerificationPublicSummaryResponse.java | New response DTO for public verification summary with user status and history |
| UserVerificationService.java | Added getUserVerificationPublicSummary method and changed normalizeLimit to throw exceptions instead of clamping |
| UserInfoResponse.java | Added serverName and verified fields to expose verification status |
| UserService.java | Added validation logic to block verified users from changing nicknames, with nickname format validation and availability checks |
| GlobalExceptionCode.java | Added error codes for identity update restrictions and invalid limit values |
| SecurityConfig.java | Configured public access for /api/user/verification/public/** endpoints |
| .gitignore | Added additional environment file patterns |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/main/java/until/the/eternity/das/user/application/UserService.java
Outdated
Show resolved
Hide resolved
| String nextNickname = resolveNextNickname(request.nickname(), user.getNickname()); | ||
|
|
||
| boolean wantsNicknameChange = !Objects.equals(nextNickname, user.getNickname()); | ||
| ensureIdentityUpdateAllowed(user, wantsNicknameChange, false); |
There was a problem hiding this comment.
The second parameter wantsServerNameChange is hardcoded to false, but the UserInfoUpdateRequest doesn't have a serverName field. The PR title mentions blocking server name changes for verified users, but since there's no server name change functionality in this update flow, this parameter serves no purpose here. Either the PR title is misleading, or server name change functionality needs to be implemented. Consider clarifying the intent or removing the unused parameter from this call.
|
|
||
| // User | ||
| USER_INFO_UPDATE_FAILED(INTERNAL_SERVER_ERROR, "사용자 정보 수정에 실패했습니다. 잠시 후 다시 시도해주세요."), | ||
| USER_VERIFICATION_REQUIRED_FOR_IDENTITY_UPDATE(HttpStatus.BAD_REQUEST, "인증된 계정은 닉네임 또는 서버명을 변경하기 전에 재인증이 필요합니다."), |
There was a problem hiding this comment.
The error message says users need "재인증" (re-verification) before changing nickname or server name. However, looking at the logic, verified users are completely blocked from making these changes. The message should clarify what action users need to take - do they need to revoke their current verification first, or is there a specific re-verification process? If they simply cannot change these fields while verified, the message should state that more clearly.
| USER_VERIFICATION_REQUIRED_FOR_IDENTITY_UPDATE(HttpStatus.BAD_REQUEST, "인증된 계정은 닉네임 또는 서버명을 변경하기 전에 재인증이 필요합니다."), | |
| USER_VERIFICATION_REQUIRED_FOR_IDENTITY_UPDATE(HttpStatus.BAD_REQUEST, "인증된 계정은 닉네임 또는 서버명을 변경할 수 없습니다."), |
src/main/java/until/the/eternity/das/verification/presentation/UserVerificationController.java
Show resolved
Hide resolved
| String nextNickname = resolveNextNickname(request.nickname(), user.getNickname()); | ||
|
|
||
| boolean wantsNicknameChange = !Objects.equals(nextNickname, user.getNickname()); | ||
| ensureIdentityUpdateAllowed(user, wantsNicknameChange, false); | ||
| if (wantsNicknameChange) { | ||
| validateNickname(nextNickname); | ||
| ensureNicknameAvailable(nextNickname, userId); | ||
| } |
There was a problem hiding this comment.
The new validation logic for blocking verified users from changing nicknames lacks test coverage. Given that the codebase has test coverage for similar services (e.g., AuthServiceTest), consider adding tests for the following scenarios: 1) verified user attempting nickname change (should throw exception), 2) non-verified user changing nickname (should succeed), 3) verified user updating profile image without changing nickname (should succeed), 4) nickname validation and availability checks.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
dev-ant
changed the title
1 participant
📋 상세 설명
📊 체크리스트