Merge pull request #151 from KUIT-Space/develop

24.09.11 배포

.github/workflows/gradle.yml

@@ -113,7 +113,7 @@ jobs:
 
     - name: Set YML
       run: |
-        echo "${{ secrets.APPLICATION_YML_DEV }}" | base64 --decode > src/main/resources/application.yml
+        echo "${{ secrets.APPLICATION_YML_DEV }}" > src/main/resources/application.yml
 
       # (5) Gradle build (Test 제외)
     - name: Build with Gradle

src/main/java/space/space_spring/config/SecurityConfig.java

@@ -5,11 +5,18 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -18,6 +25,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .csrf((csrfConfig) ->
                         csrfConfig.disable()
                 )
+                // HTTP 인증 요구 비활성화
+//                .authorizeHttpRequests(auth -> auth
+//                        .anyRequest().authenticated()
+//                )
+                // Session 사용 설정 해제
+                .sessionManagement(session -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
                 // h2 console 화면을 사용하기 위해 해당 옵션들 disable
                 .headers((headerConfig) ->
                         headerConfig.frameOptions(frameOptionsConfig ->

src/main/java/space/space_spring/entity/User.java

@@ -34,8 +34,6 @@ public void saveUser(String email, String password, String userName, UserSignupT
         initializeBaseEntityFields();
     }
 
-    public boolean passwordMatch(String password) {
-        return this.password.equals(password);
-    }
+
 
 }

src/main/java/space/space_spring/service/UserService.java

@@ -2,6 +2,7 @@
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import space.space_spring.dao.UserSpaceDao;
@@ -35,6 +36,7 @@ public class UserService {
     private final JwtLoginProvider jwtLoginProvider;
     private final UserSpaceDao userSpaceDao;
     private final UserUtils userUtils;
+    private final PasswordEncoder passwordEncoder;
 
     @Transactional
     public Long signup(PostUserSignupRequest postUserSignupRequest) {
@@ -45,7 +47,7 @@ public Long signup(PostUserSignupRequest postUserSignupRequest) {
 
         // TODO 2. 회원정보 db insert
         String email = postUserSignupRequest.getEmail();
-        String password = postUserSignupRequest.getPassword();
+        String password = passwordEncoder.encode(postUserSignupRequest.getPassword());
         String userName = postUserSignupRequest.getUserName();
 
         User saveUser = userDao.saveUser(email, password, userName, LOCAL);
@@ -79,9 +81,11 @@ public PostLoginDto login(PostLoginDto.Request request) {
     }
 
     private void validatePassword(User userByEmail, String password) {
-        if (!userByEmail.passwordMatch(password)) {
+        String encodePassword = userByEmail.getPassword();
+        if(!passwordEncoder.matches(password,encodePassword)){
             throw new CustomException(PASSWORD_NO_MATCH);
         }
+
     }
 
     @Transactional