GSM-MSG · Umjiseung · Mar 14, 2024 · Mar 13, 2024 · Mar 13, 2024 · Mar 13, 2024
@@ -5,6 +5,7 @@ import com.msg.gauth.domain.auth.presentation.dto.request.SignInRequestDto
 import com.msg.gauth.domain.auth.presentation.dto.response.RefreshResponseDto
 import com.msg.gauth.domain.auth.service.*
 import com.msg.gauth.domain.auth.presentation.dto.request.PasswordInitReqDto
+import com.msg.gauth.domain.auth.presentation.dto.request.PasswordUpdateRequestDto
 import com.msg.gauth.domain.auth.presentation.dto.response.SignInResponseDto
 import com.msg.gauth.domain.auth.presentation.dto.response.SignUpImageResDto
 import com.msg.gauth.domain.auth.service.InitPasswordService
@@ -23,6 +24,7 @@ class AuthController(
     private val signUpService: SignUpService,
     private val initPasswordService: InitPasswordService,
     private val signUpImageUploadService: SignUpImageUploadService,
+    private val updatePasswordService: UpdatePasswordService
 ) {
     @PatchMapping
     fun refresh(@RequestHeader("RefreshToken") refreshToken: String): ResponseEntity<RefreshResponseDto> {
@@ -60,4 +62,10 @@ class AuthController(
         initPasswordService.execute(passwordInitReqDto)
         return ResponseEntity.noContent().build()
     }
+
+    @PatchMapping("/password")
+    fun updatePassword(@RequestBody passwordUpdateRequestDto: PasswordUpdateRequestDto): ResponseEntity<Void> {
+        updatePasswordService.execute(passwordUpdateRequestDto)
+        return ResponseEntity.noContent().build()
+    }
 }
@@ -0,0 +1,13 @@
+package com.msg.gauth.domain.auth.presentation.dto.request
+
+import com.msg.gauth.domain.user.User
+import javax.validation.constraints.NotBlank
+import javax.validation.constraints.Pattern
+
+data class PasswordUpdateRequestDto(
+    @field:NotBlank
+    val password: String,
+    @field:NotBlank
+    @field:Pattern(regexp = "^(?=.*[a-zA-Z])(?=.*[!@#\$%^*+=-?<>])(?=.*[0-9]).{8,20}\$")
+    val newPassword: String
+)
@@ -0,0 +1,42 @@
+package com.msg.gauth.domain.auth.service
+
+import com.msg.gauth.domain.auth.exception.PasswordMismatchException
+import com.msg.gauth.domain.auth.presentation.dto.request.PasswordUpdateRequestDto
+import com.msg.gauth.domain.user.User
+import com.msg.gauth.domain.user.repository.UserRepository
+import com.msg.gauth.domain.user.util.UserUtil
+import com.msg.gauth.global.annotation.service.TransactionalService
+import org.springframework.security.crypto.password.PasswordEncoder
+
+@TransactionalService
+class UpdatePasswordService(
+    private val passwordEncoder: PasswordEncoder,
+    private val userUtil: UserUtil,
+    private val userRepository: UserRepository
+) {
+
+    fun execute(passwordUpdateRequestDto: PasswordUpdateRequestDto) {
+        val currentUser = userUtil.fetchCurrentUser()
+
+        if (!passwordEncoder.matches(passwordUpdateRequestDto.password, currentUser.password)) {
+            throw PasswordMismatchException()
+        }
+
+        val newPassword = passwordEncoder.encode(passwordUpdateRequestDto.newPassword)
+
+        val user = User(
+            id = currentUser.id,
+            email = currentUser.email,
+            password = newPassword,
+            gender = currentUser.gender,
+            name = currentUser.name,
+            grade = currentUser.grade,
+            classNum = currentUser.classNum,
+            num = currentUser.num,
+            state = currentUser.state,
+            profileUrl = currentUser.profileUrl
+        )
+
+        userRepository.save(user)
+    }
+}
@@ -49,6 +49,7 @@ class SecurityConfig(
             .antMatchers(HttpMethod.PATCH, "/auth/password/initialize").permitAll()
             .antMatchers(HttpMethod.PATCH, "/auth/image").permitAll()
             .antMatchers(HttpMethod.DELETE, "/auth/image").permitAll()
+            .antMatchers(HttpMethod.PATCH, "/auth/password").authenticated()
 
             // Email
             .antMatchers(HttpMethod.POST, "/email").permitAll()