Merge pull request #81 from wooyeon0626/feature/join

[REFACTOR] 회원가입 과정 중, DB에 insert하는 최종 비밀번호 암호화 방법을 SHA256+salt -> PassswordEncoder(Spring Security)로 변경 (로그인 비밀번호를 PasswordEncoder 사용으로 인한 충돌 수정)

src/main/java/com/wooyeon/yeon/user/controller/UserController.java

@@ -42,8 +42,7 @@ public SseEmitter sendEmailVerify(@RequestBody EmailRequestDto emailRequestDto)
         userEmitters.put(emailRequestDto.getEmail(), emitter);
 
         EmailResponseDto emailResponseDto = emailAuthService.sendEmail(emailRequestDto);
-
-        log.info("userEmitter: "+userEmitters);
+        log.info("userEmitter: " + userEmitters);
 
         // SSE 연결 여부 메시지 전송
         try {
@@ -52,7 +51,7 @@ public SseEmitter sendEmailVerify(@RequestBody EmailRequestDto emailRequestDto)
         } catch (IOException e) {
             emitter.completeWithError(e);
         }
-        log.info("SSE MSG : "+emitter);
+        log.info("SSE MSG : " + emitter);
 
         return emitter;
     }
@@ -64,8 +63,8 @@ public ModelAndView verifyEmail(@RequestParam String auth) {
         EmailAuthResponseDto emailAuthResponseDto = emailAuthService.verifyEmail(auth);
         sendSseEmitter(emailAuthResponseDto);
 
-        log.info("verify request : "+auth);
-        log.info("verify 프론트에게 : "+emailAuthResponseDto);
+        log.info("verify request : " + auth);
+        log.info("verify 프론트에게 : " + emailAuthResponseDto);
 
         ModelAndView mv = new ModelAndView("email_auth_verify");
         mv.addObject("backgroundImg", emailAuthBackgroundImg);
@@ -101,7 +100,7 @@ public ResponseEntity<ProfileResponseDto> insertProfile(@RequestPart(value = "pr
     public SseEmitter sendSseEmitter(EmailAuthResponseDto emailAuthResponseDto) {
         SseEmitter emitter = userEmitters.get(emailAuthResponseDto.getEmail());
 
-        log.info("SSE EMITTER(VERIFY) : "+emitter);
+        log.info("SSE EMITTER(VERIFY) : " + emitter);
 
         if (emitter != null) {
             try {

src/main/java/com/wooyeon/yeon/user/service/EmailAuthService.java

@@ -46,35 +46,34 @@ public EmailResponseDto sendEmail(EmailRequestDto emailRequestDto) throws Messag
         // certification이 false이면서(=인증되지 않았으면서) 인증 코드 만료 시간이 지난 데이터 삭제
         deleteExpiredStatusIfExpired();
 
-        EmailResponseDto emailResponseDto;
-
         // 이메일 중복 확인 로직 추가
         if (validateDuplicated(emailRequestDto.getEmail())) {
 
             log.info("certification: " + emailAuthRepository.findEmailAuthByEmail(emailRequestDto.getEmail()).isCertification());
 
-            emailResponseDto = EmailResponseDto.builder()
+            EmailResponseDto emailResponseDto = EmailResponseDto.builder()
                     .statusCode(HttpStatus.SC_OK) // 오류코드 대신 200 부탁함
                     .email(emailRequestDto.getEmail())
                     .build();
 
-
             if (emailAuthRepository.findEmailAuthByEmail(emailRequestDto.getEmail()).isCertification()) {
                 emailResponseDto.updateStatusName("completed");
+                return emailResponseDto;
             } else {
                 emailResponseDto.updateStatusName("duplicated");
+                return emailResponseDto;
             }
 
         } else {
             // 이메일 인증 링크 발송
             sendEmailVerification(emailRequestDto);
-            emailResponseDto = EmailResponseDto.builder()
+            EmailResponseDto emailResponseDto = EmailResponseDto.builder()
                     .statusCode(HttpStatus.SC_ACCEPTED)
                     .email(emailRequestDto.getEmail())
                     .statusName("success")
                     .build();
+            return emailResponseDto;
         }
-        return emailResponseDto;
     }
 
     // authToken 발급 및 이메일 양식 설정, 전송

src/main/java/com/wooyeon/yeon/user/service/UserService.java

@@ -10,6 +10,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.http.HttpStatus;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -27,6 +28,7 @@ public class UserService {
     private final UserRepository userRepository;
     private final RsaUtil rsaUtil;
     private final AesUtil aesUtil;
+    private final PasswordEncoder passwordEncoder;
 
     @Transactional
     public User findByUserId(Long userId) {
@@ -83,20 +85,21 @@ public PasswordEncryptResponseDto decodeEncrypt(PasswordEncryptRequestDto passwo
         String decodedPassword = aesUtil.decrypt(passwordEncryptRequestDto.getEncryptedPassword(), decodedKey, ivBytes);
         log.info("AES로 복호화한 원문 : {}", decodedPassword);
 
-        // 비밀번호 + salt를 SHA256으로 암호화
-        String salt = createSalt();
-        String password = decodedPassword+salt;
-        String finalPassword = encryptSha256(password);
-        log.info("salt : {}", salt);
-        log.info("finalPassword : {}", finalPassword);
+//        비밀번호 + salt를 SHA256으로 암호화
+//        String salt = createSalt();
+//        String password = decodedPassword+salt;
+//          log.info("salt : {}", salt);
+//          log.info("finalPassword : {}", finalPassword);
+
+        // passwordEncoder로 비밀번호 암호화 (2024.02.06 로그인과 암호화 방식 맞춤 수정)
+        String finalPassword = passwordEncoder.encode(decodedPassword);
 
         // User 테이블에 저장
         User user = User.builder()
                 .email(passwordEncryptRequestDto.getEmail())
                 .emailAuth(true)
                 .userCode(UUID.randomUUID())
                 .password(finalPassword)
-                .salt(salt)
                 .build();
         userRepository.save(user);
 

src/test/java/com/wooyeon/yeon/user/UserTest.java

@@ -1,18 +1,23 @@
-//package com.wooyeon.yeon.user;
-//
-//import com.wooyeon.yeon.user.domain.User;
-//import com.wooyeon.yeon.user.repository.UserRepository;
-//import org.junit.jupiter.api.Test;
-//import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.boot.test.context.SpringBootTest;
-//import org.springframework.security.crypto.password.PasswordEncoder;
-//
-//@SpringBootTest
-//public class UserTest {
-//    @Autowired
-//    private UserRepository userRepository;
-//    @Autowired
-//    private PasswordEncoder passwordEncoder;
+package com.wooyeon.yeon.user;
+
+import com.wooyeon.yeon.user.domain.User;
+import com.wooyeon.yeon.user.repository.UserRepository;
+import com.wooyeon.yeon.user.service.UserService;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import java.util.UUID;
+
+@SpringBootTest
+public class UserTest {
+    @Autowired
+    private UserRepository userRepository;
+    @Autowired
+    private PasswordEncoder passwordEncoder;
+    @Autowired
+    private UserService userService;
 //
 //    @Test
 //    public void createUser() {
@@ -25,4 +30,29 @@
 //        userRepository.save(user);
 //    }
 //
-//}
+    // passwordEncoder 사용
+    /*@Test
+    public void pwEncoderUser() {
+        User user = User.builder()
+                .email("[email protected]")
+                .userCode(UUID.randomUUID())
+                .password(passwordEncoder.encode("1234"))
+                .build();
+        userRepository.save(user);
+    }*/
+
+    // sha256 + salt 사용
+    /*@Test
+    public void shaUser() {
+        String pw = userService.encryptSha256("1234");
+        String salt = userService.createSalt();
+        String fin = userService.encryptSha256("1234"+salt);
+        User usersh = User.builder()
+                .email("[email protected]")
+                .userCode(UUID.randomUUID())
+                .password("{bcrypt}$2a$10$"+salt+fin)
+                .salt(salt)
+                .build();
+        userRepository.save(usersh);
+    }*/
+}