From 87b990c04e907b7e59b83dc71b2d2fac23da7379 Mon Sep 17 00:00:00 2001
From: kim_sang_ june <79149384+drbug2000@users.noreply.github.com>
Date: Sun, 8 Sep 2024 01:01:33 +0900
Subject: [PATCH 1/4] [feat] SecurityConfig

---
 .../java/space/space_spring/config/SecurityConfig.java   | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/main/java/space/space_spring/config/SecurityConfig.java b/src/main/java/space/space_spring/config/SecurityConfig.java
index 96713a03..b6030745 100644
--- a/src/main/java/space/space_spring/config/SecurityConfig.java
+++ b/src/main/java/space/space_spring/config/SecurityConfig.java
@@ -5,6 +5,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
@@ -18,6 +19,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .csrf((csrfConfig) ->
                         csrfConfig.disable()
                 )
+                // HTTP 인증 요구 비활성화
+//                .authorizeHttpRequests(auth -> auth
+//                        .anyRequest().authenticated()
+//                )
+                // Session 사용 설정 해제
+                .sessionManagement(session -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
                 // h2 console 화면을 사용하기 위해 해당 옵션들 disable
                 .headers((headerConfig) ->
                         headerConfig.frameOptions(frameOptionsConfig ->

From cfd840b9be8f39df5dbd44c9cd7ddc4a22e5a97d Mon Sep 17 00:00:00 2001
From: kim_sang_ june <79149384+drbug2000@users.noreply.github.com>
Date: Sun, 8 Sep 2024 01:07:53 +0900
Subject: [PATCH 2/4] [feat] password encoding in signup

---
 src/main/java/space/space_spring/config/SecurityConfig.java | 6 ++++++
 src/main/java/space/space_spring/service/UserService.java   | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/space/space_spring/config/SecurityConfig.java b/src/main/java/space/space_spring/config/SecurityConfig.java
index b6030745..e5168428 100644
--- a/src/main/java/space/space_spring/config/SecurityConfig.java
+++ b/src/main/java/space/space_spring/config/SecurityConfig.java
@@ -6,11 +6,17 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
diff --git a/src/main/java/space/space_spring/service/UserService.java b/src/main/java/space/space_spring/service/UserService.java
index 95439c75..d5b21829 100644
--- a/src/main/java/space/space_spring/service/UserService.java
+++ b/src/main/java/space/space_spring/service/UserService.java
@@ -2,6 +2,7 @@
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import space.space_spring.dao.UserSpaceDao;
@@ -35,6 +36,7 @@ public class UserService {
     private final JwtLoginProvider jwtLoginProvider;
     private final UserSpaceDao userSpaceDao;
     private final UserUtils userUtils;
+    private final PasswordEncoder passwordEncoder;
 
     @Transactional
     public Long signup(PostUserSignupRequest postUserSignupRequest) {
@@ -45,7 +47,7 @@ public Long signup(PostUserSignupRequest postUserSignupRequest) {
 
         // TODO 2. 회원정보 db insert
         String email = postUserSignupRequest.getEmail();
-        String password = postUserSignupRequest.getPassword();
+        String password = passwordEncoder.encode(postUserSignupRequest.getPassword());
         String userName = postUserSignupRequest.getUserName();
 
         User saveUser = userDao.saveUser(email, password, userName, LOCAL);

From 3c34350223f02d7e758b89c2258334e6430f7e6f Mon Sep 17 00:00:00 2001
From: kim_sang_ june <79149384+drbug2000@users.noreply.github.com>
Date: Sun, 8 Sep 2024 01:16:25 +0900
Subject: [PATCH 3/4] [feat] encoding password in login

delete User.mathchPassword
---
 src/main/java/space/space_spring/entity/User.java         | 4 +---
 src/main/java/space/space_spring/service/UserService.java | 4 +++-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/java/space/space_spring/entity/User.java b/src/main/java/space/space_spring/entity/User.java
index 120ed335..9bddd8b2 100644
--- a/src/main/java/space/space_spring/entity/User.java
+++ b/src/main/java/space/space_spring/entity/User.java
@@ -34,8 +34,6 @@ public void saveUser(String email, String password, String userName, UserSignupT
         initializeBaseEntityFields();
     }
 
-    public boolean passwordMatch(String password) {
-        return this.password.equals(password);
-    }
+
 
 }
diff --git a/src/main/java/space/space_spring/service/UserService.java b/src/main/java/space/space_spring/service/UserService.java
index d5b21829..9420a2d9 100644
--- a/src/main/java/space/space_spring/service/UserService.java
+++ b/src/main/java/space/space_spring/service/UserService.java
@@ -81,9 +81,11 @@ public PostLoginDto login(PostLoginDto.Request request) {
     }
 
     private void validatePassword(User userByEmail, String password) {
-        if (!userByEmail.passwordMatch(password)) {
+        String encodePassword = userByEmail.getPassword();
+        if(!passwordEncoder.matches(password,encodePassword)){
             throw new CustomException(PASSWORD_NO_MATCH);
         }
+
     }
 
     @Transactional

From 4afefb4585fbb47b0c106108c0ed0343573333c8 Mon Sep 17 00:00:00 2001
From: kim_sang_ june <79149384+drbug2000@users.noreply.github.com>
Date: Sun, 8 Sep 2024 22:12:06 +0900
Subject: [PATCH 4/4] [chore] update set yml

---
 .github/workflows/gradle.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index be058b0c..aae6a402 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -113,7 +113,7 @@ jobs:
 
     - name: Set YML
       run: |
-        echo "${{ secrets.APPLICATION_YML_DEV }}" | base64 --decode > src/main/resources/application.yml
+        echo "${{ secrets.APPLICATION_YML_DEV }}" > src/main/resources/application.yml
 
       # (5) Gradle build (Test 제외)
     - name: Build with Gradle