MOSU-216 refactor: OAuth 인증 처리

[wlgns12370]

✨ 구현한 기능

• Gender Enum 한국어로 반환
• exam 날짜 변경
• ServiceTerm 등록 로직 추가

📢 논의하고 싶은 내용

• 기존의 받아오는 정보에서 ServiceTerm을 불러오는 get 요청을 WebClient로 구현했습니다. 그러나 한번더 송수신을 하니
• 속도가 느려졌다고 체감 됩니다. 후속 최적화 작업이 필요할 것 같습니다.

🎸 기타

• x

Summary by CodeRabbit

• Bug Fixes

  • Changed the default gender for new users with missing gender information from "Male" to "Pending".
  • Improved the display of user gender information with a more specific format.

• New Features

  • Added marketing agreement status retrieval during OAuth login with Kakao.
  • Extended OAuth2 scope to include service terms consent.
  • Enhanced OAuth2 authorization requests to include service terms parameters.

• Chores

  • Updated the exam date for a specific school in the DAEGU area.
  • Disabled the creation of certain event entries during database initialization.
  • Removed unused imports to streamline the codebase.
  • Removed deprecated OAuth2 authorization request resolver configuration.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

The changes add support for fetching and processing Kakao service terms to determine user marketing agreement status during OAuth login. They extend the OAuthUserInfo record, modify user creation to reflect marketing agreement and default gender, update OAuth2 authorization request handling to include service terms, adjust Kakao OAuth scopes, and remove an obsolete OAuth2 authorization request resolver configuration. Minor database initialization and user response formatting adjustments are also included.

Changes

Cohort / File(s)	Change Summary
OAuth User Service & OAuthUserInfo Enhancements src/main/java/life/mosu/mosuserver/application/oauth/OAuthUserService.java, src/main/java/life/mosu/mosuserver/application/oauth/OAuthUserInfo.java	Added WebClient call to Kakao API to fetch service terms; extracted marketing agreement status; extended OAuthUserInfo with marketingAgreed; changed default gender to PENDING; removed debug log of OAuth2 attributes.
Authorization Request Redirect Handling & Config src/main/java/life/mosu/mosuserver/global/resolver/AuthorizationRequestRedirectResolver.java, src/main/java/life/mosu/mosuserver/global/config/OAuth2AuthorizationRequestResolverConfig.java, src/main/resources/security-config.yml	Removed OAuth2AuthorizationRequestResolverConfig class; modified AuthorizationRequestRedirectResolver constructor and logic to add service_terms parameter; added service-terms: terms_03 scope to Kakao OAuth client config.
Database Initialization Adjustments src/main/java/life/mosu/mosuserver/global/initializer/DatabaseInitializer.java	Removed unused imports; changed an exam date; commented out event entity creation and saving in initialization.
User Info Response Gender Formatting src/main/java/life/mosu/mosuserver/presentation/user/dto/response/UserInfoResponse.java	Updated gender string extraction to use getGenderName() instead of enum name in user info response.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant OAuthUserService
    participant KakaoAPI
    participant UserRepository

    Client->>OAuthUserService: OAuth2 login request with access token
    OAuthUserService->>KakaoAPI: Fetch service terms with access token
    KakaoAPI-->>OAuthUserService: Return service terms JSON
    OAuthUserService->>UserRepository: Find or create user with marketing agreement and gender info
    UserRepository-->>OAuthUserService: Return user entity
    OAuthUserService-->>Client: Return authenticated user info with marketing agreement status

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• MOSU-40 Test: API 연동을 위한 PR #61: Introduced the initial implementation of AuthorizationRequestRedirectResolver, which the current PR modifies and extends.
• MOSU-216 feat: 카카오 심사 성공에 따른 필드 추가 #219: Refactored OAuthUserInfo.ofKakao method, related to user info parsing but without marketing agreement handling.
• MOSU-165 feat: OAuth Auth 회원가입 로직 병합 #167: Modified OAuthUserInfo.ofKakao method with different user info changes, without marketing agreement integration.

Suggested labels

우선순위 중

Poem

A rabbit fetches terms with care,
Marketing consent now laid bare.
Gender pending, logs made light,
OAuth flows now shining bright.
Exams date-shift, events on hold,
Code hops forward, brave and bold! 🐇✨

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 53f4a37 and 48ac0c6.

📒 Files selected for processing (5)

• src/main/java/life/mosu/mosuserver/application/oauth/OAuthUserInfo.java (2 hunks)
• src/main/java/life/mosu/mosuserver/application/oauth/OAuthUserService.java (6 hunks)
• src/main/java/life/mosu/mosuserver/global/config/OAuth2AuthorizationRequestResolverConfig.java (0 hunks)
• src/main/java/life/mosu/mosuserver/global/resolver/AuthorizationRequestRedirectResolver.java (2 hunks)
• src/main/resources/security-config.yml (1 hunks)

💤 Files with no reviewable changes (1)

• src/main/java/life/mosu/mosuserver/global/config/OAuth2AuthorizationRequestResolverConfig.java

✅ Files skipped from review due to trivial changes (1)

• src/main/resources/security-config.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• src/main/java/life/mosu/mosuserver/application/oauth/OAuthUserService.java

🔇 Additional comments (6)

src/main/java/life/mosu/mosuserver/application/oauth/OAuthUserInfo.java (3)

20-22: Inconsistency between PR title and actual changes.

The PR title mentions "Gender Enum 한국어로 반환" (Gender Enum to return Korean values), but the actual changes add marketing agreement functionality without any Gender enum localization. Verify if Gender enum changes are missing or if the PR title needs updating.

Likely an incorrect or invalid review comment.

---

24-33: LGTM! Method signature properly updated.

The addition of the marketingAgreed parameter follows the existing pattern and maintains clean separation between the generic factory method and provider-specific implementations.

---

35-76: LGTM! Marketing agreement parameter correctly integrated.

The marketingAgreed parameter is properly added to the method signature and passed through to the builder. The implementation treats marketing agreement as optional (not validated), which is appropriate since this represents user consent that may not be required.

src/main/java/life/mosu/mosuserver/global/resolver/AuthorizationRequestRedirectResolver.java (3)

23-32: LGTM! Constructor properly implements dependency injection.

The constructor correctly initializes the DefaultOAuth2AuthorizationRequestResolver with the provided ClientRegistrationRepository and uses the appropriate base URI constant. The @Value injection for Kakao service terms follows Spring configuration patterns.

---

66-71: LGTM! Service terms parameter properly added to valid redirect flow.

The existing logic for valid redirect URLs is preserved while correctly adding the service_terms parameter to the additional parameters. This maintains backward compatibility while extending functionality.

---

61-64: Confirm handling of invalid redirect URLs and service_terms addition

We didn’t find any existing tests or documentation covering invalid-redirect handling, yet the logic in
src/main/java/life/mosu/mosuserver/global/resolver/AuthorizationRequestRedirectResolver.java (lines 61–64) now always builds a new OAuth2AuthorizationRequest with the service_terms parameter instead of returning the original request unchanged. This is a potentially breaking behavior change for OAuth2 flows.

• Please verify that this modification is intentional
• Ensure there are (or add) tests/documentation to cover invalid redirect URL scenarios and the new service_terms parameter
• Confirm that existing consumers aren’t relying on the prior behavior and update integration tests if needed

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/mosu-216

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[gemini-code-assist]

Summary of Changes

Hello @wlgns12370, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

I've made several refactoring changes to improve data handling and initialization. The primary goal was to enhance the display of gender information by localizing the Gender Enum output to Korean. Additionally, I've updated an exam date within the database initializer and adjusted the default gender assignment for new users to 'PENDING' for better data neutrality. Minor code cleanup, including the removal of a debug log and commenting out event creation, was also performed.

Highlights

• Gender Enum Localization: I've refactored the Gender Enum handling to return Korean names, ensuring that gender information is displayed in a user-friendly, localized format.
• Default Gender Assignment: I've updated the default gender for newly registered users via OAuth from 'MALE' to 'PENDING', providing a more neutral initial state when gender data is not explicitly provided.
• Exam Date Update: I've adjusted the date for a specific exam entry in the database initializer, reflecting an updated schedule.
• Code Cleanup: I've removed an unnecessary debug logging statement in the OAuth user service, cleaning up the code.
• Event Initialization Adjustment: I've temporarily commented out the event creation logic in the database initializer, which might be for testing or future re-implementation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly implements the change to return the Korean name for the Gender enum in API responses. The associated changes, such as updating the default gender for new OAuth users to PENDING and cleaning up some code, are logical and well-executed. I have one minor suggestion regarding commented-out code in the DatabaseInitializer to improve maintainability. Overall, this is a good set of changes.

[gemini-code-assist]

Commented-out code should generally be removed from the codebase before merging. If this logic for creating events is no longer needed, it's best to delete it to improve code clarity and maintainability. If it might be needed later, it can be retrieved from version control history.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/main/java/life/mosu/mosuserver/global/initializer/DatabaseInitializer.java (1)

315-320: Clarify if event initialization disabling is temporary or permanent.

The event creation logic has been commented out. If this is a permanent change, consider removing the commented code entirely for cleaner codebase maintenance. If temporary, consider adding a TODO comment explaining the reason and timeline for re-enabling.

If permanent, apply this diff to remove the dead code:

-//            eventRepository.save(EventJpaEntity.builder()
-//                    .title("이벤트 " + i)
-//                    .duration(new DurationJpaVO(LocalDate.now().plusDays(i),
-//                            LocalDate.now().plusDays(i + 5)))
-//                    .eventLink("https://mosu.life/event/" + i)
-//                    .build());

If temporary, add a TODO comment explaining the reason.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between adb7ba6 and 53f4a37.

📒 Files selected for processing (3)

• src/main/java/life/mosu/mosuserver/application/oauth/OAuthUserService.java (1 hunks)
• src/main/java/life/mosu/mosuserver/global/initializer/DatabaseInitializer.java (2 hunks)
• src/main/java/life/mosu/mosuserver/presentation/user/dto/response/UserInfoResponse.java (1 hunks)

🔇 Additional comments (3)

src/main/java/life/mosu/mosuserver/application/oauth/OAuthUserService.java (1)

65-65: Approve: Confirmed Gender.PENDING support

Verified that:

• PENDING("미정") is declared in src/main/java/life/mosu/mosuserver/domain/profile/entity/Gender.java.
• Fallback usages in OAuthUserService.java and SignUpAccountRequest.java correctly reference Gender.PENDING.
• All existing getGenderName() calls (in response DTOs and repository mapping) handle PENDING without any missing cases.

No further changes required.

src/main/java/life/mosu/mosuserver/presentation/user/dto/response/UserInfoResponse.java (1)

18-18: Localization Verified for Gender#getGenderName()

The Gender enum uses Lombok’s @Getter on the genderName field, and its constants are defined with the Korean labels (남자, 여자, 미정), so getGenderName() correctly returns the desired localized values. The null‐safe check in UserInfoResponse remains intact.

No further changes required.

src/main/java/life/mosu/mosuserver/global/initializer/DatabaseInitializer.java (1)

196-196: LGTM! Exam date update appears correct.

The date change for "노변중학교" from November 2, 2025 to October 26, 2025 is a straightforward data update with no implementation concerns.