Merge pull request #148 from KUIT-Space/feat/#147/passwordencode

Feat/#147/ 비밀번호 암호화
KUIT-Space · Sep 11, 2024 · 6b3bea9 · 6b3bea9
2 parents 1f51533 + 0537c63
commit 6b3bea9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 5 deletions.
diff --git a/src/main/java/space/space_spring/config/SecurityConfig.java b/src/main/java/space/space_spring/config/SecurityConfig.java
@@ -5,11 +5,18 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -18,6 +25,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .csrf((csrfConfig) ->
                         csrfConfig.disable()
                 )
+                // HTTP 인증 요구 비활성화
+//                .authorizeHttpRequests(auth -> auth
+//                        .anyRequest().authenticated()
+//                )
+                // Session 사용 설정 해제
+                .sessionManagement(session -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
                 // h2 console 화면을 사용하기 위해 해당 옵션들 disable
                 .headers((headerConfig) ->
                         headerConfig.frameOptions(frameOptionsConfig ->

diff --git a/src/main/java/space/space_spring/entity/User.java b/src/main/java/space/space_spring/entity/User.java
@@ -34,8 +34,6 @@ public void saveUser(String email, String password, String userName, UserSignupT
         initializeBaseEntityFields();
     }
 
-    public boolean passwordMatch(String password) {
-        return this.password.equals(password);
-    }
+
 
 }
diff --git a/src/main/java/space/space_spring/service/UserService.java b/src/main/java/space/space_spring/service/UserService.java
@@ -2,6 +2,7 @@
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import space.space_spring.dao.UserSpaceDao;
@@ -35,6 +36,7 @@ public class UserService {
     private final JwtLoginProvider jwtLoginProvider;
     private final UserSpaceDao userSpaceDao;
     private final UserUtils userUtils;
+    private final PasswordEncoder passwordEncoder;
 
     @Transactional
     public Long signup(PostUserSignupRequest postUserSignupRequest) {
@@ -45,7 +47,7 @@ public Long signup(PostUserSignupRequest postUserSignupRequest) {
 
         // TODO 2. 회원정보 db insert
         String email = postUserSignupRequest.getEmail();
-        String password = postUserSignupRequest.getPassword();
+        String password = passwordEncoder.encode(postUserSignupRequest.getPassword());
         String userName = postUserSignupRequest.getUserName();
 
         User saveUser = userDao.saveUser(email, password, userName, LOCAL);
@@ -79,9 +81,11 @@ public PostLoginDto login(PostLoginDto.Request request) {
     }
 
     private void validatePassword(User userByEmail, String password) {
-        if (!userByEmail.passwordMatch(password)) {
+        String encodePassword = userByEmail.getPassword();
+        if(!passwordEncoder.matches(password,encodePassword)){
             throw new CustomException(PASSWORD_NO_MATCH);
         }
+
     }
 
     @Transactional