From ec2eda48810e23b51665fd20cbeea784d741b5ca Mon Sep 17 00:00:00 2001 From: KSJ0128 Date: Tue, 23 Jul 2024 18:03:58 +0900 Subject: [PATCH] =?UTF-8?q?SCRUM-105=20=EB=B9=84=EB=B0=80=EB=B2=88?= =?UTF-8?q?=ED=98=B8=20=EC=95=94=ED=98=B8=ED=99=94=20=EA=B5=AC=ED=98=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../TWO/Jwt/JwtAuthenticationFilter.java | 17 ++++------------- .../TWO/Member/Controller/MemberController.java | 2 +- .../TWO/Member/Service/MemberService.java | 15 ++++++++------- 3 files changed, 13 insertions(+), 21 deletions(-) diff --git a/TWO/src/main/java/com/togetherwithocean/TWO/Jwt/JwtAuthenticationFilter.java b/TWO/src/main/java/com/togetherwithocean/TWO/Jwt/JwtAuthenticationFilter.java index 9a9b58c..1117c65 100644 --- a/TWO/src/main/java/com/togetherwithocean/TWO/Jwt/JwtAuthenticationFilter.java +++ b/TWO/src/main/java/com/togetherwithocean/TWO/Jwt/JwtAuthenticationFilter.java @@ -36,6 +36,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha } } catch (ExpiredJwtException e) { + // 3. 액세스 토큰이 만료된 경우 리프레쉬 토큰을 통해 액세스 토큰 재발급을 시도한다. if (refreshToken != null && jwtProvider.refreshTokenValidation(refreshToken, e.getClaims().getSubject())) { String email = e.getClaims().getSubject(); String newAccessToken = jwtProvider.createAccessToken(email); @@ -43,6 +44,9 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.setHeader("AccessToken", newAccessToken); httpResponse.setHeader("RefreshToken", newRefreshToken); + System.out.println("액세스 토큰 재발급"); + System.out.println(newAccessToken); + System.out.println(newRefreshToken); SecurityContextHolder.getContext().setAuthentication(jwtProvider.getAuthentication(newAccessToken)); } else { @@ -50,19 +54,6 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha return; } } - else if (refreshToken != null && jwtProvider.refreshTokenValidation(refreshToken, jwtProvider.parseClaims(accessToken).getSubject())) { - System.out.println("액세스 토큰 만료"); - String email = jwtProvider.parseClaims(accessToken).getSubject(); - String newAccessToken = jwtProvider.createAccessToken(email); - String newRefreshToken = jwtProvider.createRefreshToken(email); - HttpServletResponse httpResponse = (HttpServletResponse) response; - httpResponse.setHeader("AccessToken", newAccessToken); - httpResponse.setHeader("RefreshToken", newRefreshToken); - SecurityContextHolder.getContext().setAuthentication(jwtProvider.getAuthentication(newAccessToken)); - System.out.println("액세스 토큰 재발급"); - System.out.println(newAccessToken); - System.out.println(newRefreshToken); - } chain.doFilter(request, response); // 다음 필터로 넘어가거나, 요청 처리 진행 } diff --git a/TWO/src/main/java/com/togetherwithocean/TWO/Member/Controller/MemberController.java b/TWO/src/main/java/com/togetherwithocean/TWO/Member/Controller/MemberController.java index 6d54703..b83874d 100644 --- a/TWO/src/main/java/com/togetherwithocean/TWO/Member/Controller/MemberController.java +++ b/TWO/src/main/java/com/togetherwithocean/TWO/Member/Controller/MemberController.java @@ -110,7 +110,7 @@ public ResponseEntity sign_in(@RequestBody PostSignInReq postSign Member member = memberRepository.findMemberByEmail(postSignInReq.getEmail()); // 유효하지 않은 로그인 요청인 경우 - if (member == null || !member.getPasswd().equals(postSignInReq.getPasswd())) + if (member == null || memberService.equalEncodePassword(member.getPasswd(), postSignInReq.getPasswd())) return ResponseEntity.status(HttpStatus.OK).body(null); MemberRes memberRes = MemberRes.builder() diff --git a/TWO/src/main/java/com/togetherwithocean/TWO/Member/Service/MemberService.java b/TWO/src/main/java/com/togetherwithocean/TWO/Member/Service/MemberService.java index 057984c..dd1ab2f 100644 --- a/TWO/src/main/java/com/togetherwithocean/TWO/Member/Service/MemberService.java +++ b/TWO/src/main/java/com/togetherwithocean/TWO/Member/Service/MemberService.java @@ -1,28 +1,23 @@ package com.togetherwithocean.TWO.Member.Service; -import com.togetherwithocean.TWO.Badge.Domain.Badge; import org.springframework.data.redis.core.StringRedisTemplate; import com.togetherwithocean.TWO.Badge.Service.BadgeService; import com.togetherwithocean.TWO.Item.Service.ItemSerivce; import com.togetherwithocean.TWO.Jwt.JwtProvider; import com.togetherwithocean.TWO.Jwt.TokenDto; -import com.togetherwithocean.TWO.Member.Authority; import com.togetherwithocean.TWO.Member.DTO.*; import com.togetherwithocean.TWO.Member.Domain.Member; import com.togetherwithocean.TWO.Member.Repository.MemberRepository; -import com.togetherwithocean.TWO.MemberBadge.Domain.MemberBadge; -import com.togetherwithocean.TWO.MemberBadge.Repository.MemberBadgeRepository; import com.togetherwithocean.TWO.Ranking.Domain.Ranking; import com.togetherwithocean.TWO.Ranking.Repository.RankingRepository; import com.togetherwithocean.TWO.Stat.Domain.Stat; import com.togetherwithocean.TWO.Stat.Repository.StatRepository; -import com.togetherwithocean.TWO.Stat.Service.StatService; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import lombok.AllArgsConstructor; import lombok.RequiredArgsConstructor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -40,6 +35,8 @@ public class MemberService { private final ItemSerivce itemSerivce; private final JwtProvider jwtProvider; private final StringRedisTemplate redisTemplate; + private final PasswordEncoder passwordEncoder; + private final String PREFIX_LOGOUT = "LOGOUT:"; private final String PREFIX_LOGOUT_REFRESH = "LOGOUT_REFRESH:"; @@ -60,6 +57,10 @@ public boolean isEmailDuplicate(String email) { return memberRepository.existsByEmail(email); } + public boolean equalEncodePassword(String encodePassword, String password) { + return encodePassword.equals(passwordEncoder.encode(password)); + } + @Transactional public MemberRes save(MemberJoinReq memberSave) { System.out.println(memberSave.getPasswd() + " "+ memberSave.getCheckPasswd()); @@ -75,7 +76,7 @@ public MemberRes save(MemberJoinReq memberSave) { .realName(memberSave.getRealName()) .nickname(memberSave.getNickname()) .email(memberSave.getEmail()) - .passwd(memberSave.getPasswd()) + .passwd(passwordEncoder.encode(memberSave.getPasswd())) .phoneNumber(memberSave.getPhoneNumber()) .postalCode(memberSave.getPostalCode()) .address(memberSave.getAddress())