Merge pull request #42 from TogetherWithOcean-TWO/SCRUM-105-pwEncode

Scrum 105 pw encode
TogetherWithOcean-TWO · Jul 23, 2024 · 8602ea6 · 8602ea6
2 parents 69a23aa + 7cfc333
commit 8602ea6
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 23 deletions.
diff --git a/TWO/src/main/java/com/togetherwithocean/TWO/Jwt/JwtAuthenticationFilter.java b/TWO/src/main/java/com/togetherwithocean/TWO/Jwt/JwtAuthenticationFilter.java
@@ -36,33 +36,24 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
                 }
             }
             catch (ExpiredJwtException e) {
+                // 3. 액세스 토큰이 만료된 경우 리프레쉬 토큰을 통해 액세스 토큰 재발급을 시도한다.
                 if (refreshToken != null && jwtProvider.refreshTokenValidation(refreshToken, e.getClaims().getSubject())) {
                     String email = e.getClaims().getSubject();
                     String newAccessToken = jwtProvider.createAccessToken(email);
                     String newRefreshToken = jwtProvider.createRefreshToken(email);
                     HttpServletResponse httpResponse = (HttpServletResponse) response;
                     httpResponse.setHeader("AccessToken", newAccessToken);
                     httpResponse.setHeader("RefreshToken", newRefreshToken);
+                    System.out.println("액세스 토큰 재발급");
+                    System.out.println(newAccessToken);
+                    System.out.println(newRefreshToken);
                     SecurityContextHolder.getContext().setAuthentication(jwtProvider.getAuthentication(newAccessToken));
                     }
                 else {
                     ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid JWT Token");
                     return;
                 }
             }
-            else if (refreshToken != null && jwtProvider.refreshTokenValidation(refreshToken, jwtProvider.parseClaims(accessToken).getSubject())) {
-                System.out.println("액세스 토큰 만료");
-                String email = jwtProvider.parseClaims(accessToken).getSubject();
-                String newAccessToken = jwtProvider.createAccessToken(email);
-                String newRefreshToken = jwtProvider.createRefreshToken(email);
-                HttpServletResponse httpResponse = (HttpServletResponse) response;
-                httpResponse.setHeader("AccessToken", newAccessToken);
-                httpResponse.setHeader("RefreshToken", newRefreshToken);
-                SecurityContextHolder.getContext().setAuthentication(jwtProvider.getAuthentication(newAccessToken));
-                System.out.println("액세스 토큰 재발급");
-                System.out.println(newAccessToken);
-                System.out.println(newRefreshToken);
-            }
 
             chain.doFilter(request, response); // 다음 필터로 넘어가거나, 요청 처리 진행
         }

diff --git a/TWO/src/main/java/com/togetherwithocean/TWO/Member/Controller/MemberController.java b/TWO/src/main/java/com/togetherwithocean/TWO/Member/Controller/MemberController.java
@@ -15,6 +15,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.bind.annotation.PatchMapping;
@@ -32,7 +33,7 @@ public class MemberController {
     private final MemberService memberService;
     private final MemberRepository memberRepository;
     private final StatService statService;
-    private final RankingService rankingService;
+    private final PasswordEncoder passwordEncoder;
 
     // 이메일 찾기 api
     @PostMapping("/find-email")
@@ -110,7 +111,7 @@ public ResponseEntity<PostSignInRes> sign_in(@RequestBody PostSignInReq postSign
         Member member = memberRepository.findMemberByEmail(postSignInReq.getEmail());
 
         // 유효하지 않은 로그인 요청인 경우
-        if (member == null || !member.getPasswd().equals(postSignInReq.getPasswd()))
+        if (member == null || !passwordEncoder.matches(postSignInReq.getPasswd(), member.getPasswd())) // 순서 중요
             return ResponseEntity.status(HttpStatus.OK).body(null);
 
         MemberRes memberRes = MemberRes.builder()

diff --git a/TWO/src/main/java/com/togetherwithocean/TWO/Member/Service/MemberService.java b/TWO/src/main/java/com/togetherwithocean/TWO/Member/Service/MemberService.java
@@ -1,28 +1,23 @@
 package com.togetherwithocean.TWO.Member.Service;
 
-import com.togetherwithocean.TWO.Badge.Domain.Badge;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import com.togetherwithocean.TWO.Badge.Service.BadgeService;
 import com.togetherwithocean.TWO.Item.Service.ItemSerivce;
 import com.togetherwithocean.TWO.Jwt.JwtProvider;
 import com.togetherwithocean.TWO.Jwt.TokenDto;
-import com.togetherwithocean.TWO.Member.Authority;
 import com.togetherwithocean.TWO.Member.DTO.*;
 import com.togetherwithocean.TWO.Member.Domain.Member;
 import com.togetherwithocean.TWO.Member.Repository.MemberRepository;
-import com.togetherwithocean.TWO.MemberBadge.Domain.MemberBadge;
-import com.togetherwithocean.TWO.MemberBadge.Repository.MemberBadgeRepository;
 import com.togetherwithocean.TWO.Ranking.Domain.Ranking;
 import com.togetherwithocean.TWO.Ranking.Repository.RankingRepository;
 import com.togetherwithocean.TWO.Stat.Domain.Stat;
 import com.togetherwithocean.TWO.Stat.Repository.StatRepository;
-import com.togetherwithocean.TWO.Stat.Service.StatService;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import lombok.AllArgsConstructor;
 import lombok.RequiredArgsConstructor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -40,6 +35,8 @@ public class MemberService {
     private final ItemSerivce itemSerivce;
     private final JwtProvider jwtProvider;
     private final StringRedisTemplate redisTemplate;
+    private final PasswordEncoder passwordEncoder;
+
     private final String PREFIX_LOGOUT = "LOGOUT:";
     private final String PREFIX_LOGOUT_REFRESH = "LOGOUT_REFRESH:";
 
@@ -60,6 +57,10 @@ public boolean isEmailDuplicate(String email) {
         return memberRepository.existsByEmail(email);
     }
 
+    public boolean equalEncodePassword(String encodePassword, String password) {
+        return encodePassword.equals(passwordEncoder.encode(password));
+    }
+
     @Transactional
     public MemberRes save(MemberJoinReq memberSave) {
         System.out.println(memberSave.getPasswd() + " "+ memberSave.getCheckPasswd());
@@ -70,12 +71,11 @@ public MemberRes save(MemberJoinReq memberSave) {
 
         Ranking ranking = Ranking.builder().build();
 
-        System.out.println("비밀번호 일치?");
         Member member = Member.builder()
                 .realName(memberSave.getRealName())
                 .nickname(memberSave.getNickname())
                 .email(memberSave.getEmail())
-                .passwd(memberSave.getPasswd())
+                .passwd(passwordEncoder.encode(memberSave.getPasswd()))
                 .phoneNumber(memberSave.getPhoneNumber())
                 .postalCode(memberSave.getPostalCode())
                 .address(memberSave.getAddress())