기존 비밀번호 검증 추가 (#77)

wafflestudio · Jan 29, 2025 · 3829015 · 3829015
1 parent 904b294
commit 3829015
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/src/main/kotlin/com/wafflestudio/toyproject/memoWithTags/user/controller/UserController.kt b/src/main/kotlin/com/wafflestudio/toyproject/memoWithTags/user/controller/UserController.kt
@@ -61,7 +61,7 @@ class UserController(
     @Operation(summary = "비밀번호 초기화")
     @PostMapping("/auth/reset-password")
     fun resetPassword(@RequestBody request: ResetPasswordRequest): ResponseEntity<Unit> {
-        userService.resetPassword(request.email, request.verificationCode, request.password)
+        userService.resetPasswordWithEmailVerification(request.email, request.verificationCode, request.password)
         return ResponseEntity.ok().build()
     }
 
@@ -71,7 +71,7 @@ class UserController(
         @AuthUser user: User,
         @RequestBody request: UpdatePasswordRequest
     ): ResponseEntity<User> {
-        return ResponseEntity.ok(userService.updatePassword(user, request.password))
+        return ResponseEntity.ok(userService.updatePassword(user, request.originalPassword, request.newPassword))
     }
 
     @Operation(summary = "닉네임 수정")

diff --git a/src/main/kotlin/com/wafflestudio/toyproject/memoWithTags/user/dto/UserRequest.kt b/src/main/kotlin/com/wafflestudio/toyproject/memoWithTags/user/dto/UserRequest.kt
@@ -28,7 +28,8 @@ sealed class UserRequest {
     ) : UserRequest()
 
     data class UpdatePasswordRequest(
-        val password: String
+        val originalPassword: String,
+        val newPassword: String
     ) : UserRequest()
 
     data class UpdateNicknameRequest(

diff --git a/src/main/kotlin/com/wafflestudio/toyproject/memoWithTags/user/service/UserService.kt b/src/main/kotlin/com/wafflestudio/toyproject/memoWithTags/user/service/UserService.kt
@@ -133,7 +133,7 @@ class UserService(
      * 비밀번호 변경을 위해 보내진 메일 인증을 완료하고, 비밀번호를 변경하는 함수
      */
     @Transactional
-    fun resetPassword(
+    fun resetPasswordWithEmailVerification(
         email: String,
         code: String,
         newPassword: String
@@ -164,9 +164,11 @@ class UserService(
     @Transactional
     fun updatePassword(
         user: User,
+        originalPassword: String,
         newPassword: String
     ): User {
         val userEntity = userRepository.findByEmail(user.email) ?: throw UserNotFoundException()
+        if (!BCrypt.checkpw(originalPassword, userEntity.hashedPassword)) throw SignInInvalidException()
         userEntity.hashedPassword = BCrypt.hashpw(newPassword, BCrypt.gensalt())
         return User.fromEntity(userRepository.save(userEntity))
     }