🐛 fix: 평문과 암호문 비밀번호 비교 수정

Central-MakeUs · Aug 24, 2024 · 8d3c289 · 8d3c289
1 parent 248ed85
commit 8d3c289
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 14 deletions.
diff --git a/purithm/src/main/java/com/example/purithm/domain/user/service/UserService.java b/purithm/src/main/java/com/example/purithm/domain/user/service/UserService.java
@@ -5,6 +5,7 @@
 import com.example.purithm.domain.user.dto.response.AccountInfoDto;
 import com.example.purithm.domain.user.dto.response.UserInfoDto;
 import com.example.purithm.domain.user.entity.Provider;
+import com.example.purithm.global.auth.dto.request.LoginRequestDto;
 import com.example.purithm.global.auth.dto.response.SignUpUserInfoDto;
 import com.example.purithm.domain.user.entity.User;
 import com.example.purithm.domain.user.repository.UserRepository;
@@ -14,13 +15,15 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 @Slf4j
 @Service
 @RequiredArgsConstructor
 public class UserService {
   private final UserRepository userRepository;
+  private final PasswordEncoder passwordEncoder;
 
   public Long signUp(SignUpUserInfoDto socialUserInfoDto) {
     if (socialUserInfoDto.getProvider().equals(Provider.PURITHM)
@@ -43,6 +46,7 @@ public Long signUp(SignUpUserInfoDto socialUserInfoDto) {
         .email(socialUserInfoDto.getEmail())
         .terms(false)
         .membership(Membership.BASIC)
+        .password(passwordEncoder.encode(socialUserInfoDto.getPassword()))
         .build();
 
     User savedUser = userRepository.save(user);
@@ -99,11 +103,11 @@ public void updateProfile(UserInfoRequestDto userInfo, Long userId) {
     userRepository.save(user);
   }
 
-  public Long getUserId(String id, String password) {
-    User user = userRepository.findByProviderId(id)
+  public Long getUserId(LoginRequestDto loginRequestDto) {
+    User user = userRepository.findByProviderId(loginRequestDto.id())
         .orElseThrow(() -> CustomException.of(Error.NOT_FOUND_ERROR));
 
-    if (!user.getPassword().equals(password)) {
+    if (!passwordEncoder.matches(loginRequestDto.password(), user.getPassword())) {
       throw CustomException.of(Error.INVALID_ID_PASSWORD);
     }
     return user.getId();

diff --git a/purithm/src/main/java/com/example/purithm/global/auth/controller/AuthController.java b/purithm/src/main/java/com/example/purithm/global/auth/controller/AuthController.java
@@ -18,7 +18,6 @@
 import java.text.ParseException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.MediaType;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -36,11 +35,10 @@ public class AuthController implements AuthControllerDocs {
   private final WebClientConfig webClientConfig;
   private final UserService userService;
   private final JWTUtil jwtUtil;
-  private final PasswordEncoder passwordEncoder;
 
   @PostMapping("/login")
   public SuccessResponse<LoginDto> login(LoginRequestDto loginRequestDto) {
-      Long id = userService.getUserId(loginRequestDto.id(), passwordEncoder.encode(loginRequestDto.password()));
+      Long id = userService.getUserId(loginRequestDto);
       String jwtToken = jwtUtil.createJwt(id, 60 * 60 * 60 * 1000L);
 
       LoginDto loginDto = LoginDto.builder()
@@ -56,7 +54,7 @@ public SuccessResponse signup(SignUpRequestDto signUpRequestDto) {
           .provider(Provider.PURITHM)
           .providerId(signUpRequestDto.id())
           .email(signUpRequestDto.email())
-          .password(passwordEncoder.encode(signUpRequestDto.password()))
+          .password(signUpRequestDto.password())
           .build();
 
       Long id = userService.signUp(userInfoDto);
@@ -77,12 +75,13 @@ public Mono<SuccessResponse<LoginDto>> kakaoLogin(String token) {
         .flatMap(res -> {
 
             SignUpUserInfoDto userInfoDto = SignUpUserInfoDto.builder()
-              .profile(res.getProperties().getProfile_image())
-              .username(res.getProperties().getNickname())
-              .provider(Provider.KAKAO)
-              .providerId(String.valueOf(res.getId()))
-              .email(res.getKakao_account().getEmail())
-              .build();
+                .profile(res.getProperties().getProfile_image())
+                .username(res.getProperties().getNickname())
+                .provider(Provider.KAKAO)
+                .providerId(String.valueOf(res.getId()))
+                .email(res.getKakao_account().getEmail())
+                .password(null)
+                .build();
           Long id = userService.signUp(userInfoDto);
           String jwtToken = jwtUtil.createJwt(id, 60 * 60 * 60 * 1000L);
 
@@ -109,6 +108,7 @@ public SuccessResponse<LoginDto> appleLogin(String token, String username)
             .provider(Provider.APPLE)
             .providerId((String) claims.get("sub"))
             .email((String) claims.get("email"))
+            .password(null)
             .build();
 
         Long id = userService.signUp(userInfoDto);

diff --git a/purithm/src/main/java/com/example/purithm/global/exception/Error.java b/purithm/src/main/java/com/example/purithm/global/exception/Error.java
@@ -16,7 +16,7 @@ public enum Error {
   /* 401 */
   INVALID_TOKEN_ERROR(HttpStatus.UNAUTHORIZED, 40100, "유효하지 않은 토큰입니다."),
   EXPIRED_TOKEN_ERROR(HttpStatus.UNAUTHORIZED, 40101, "만료된 토큰입니다."),
-  INVALID_ID_PASSWORD(HttpStatus.UNAUTHORIZED, 40102, "이메일/비밀번호가 적절하지 않습니다."),
+  INVALID_ID_PASSWORD(HttpStatus.UNAUTHORIZED, 40102, "아이디/비밀번호가 적절하지 않습니다."),
 
   /* 403 */
   NOT_AGREED_TERM(HttpStatus.FORBIDDEN, 40300, "이용약관 동의가 필요합니다"),