Merge pull request #141 from TeamMiso/hotfix/password-check

🔀 :: 로그인 과정에서 비밀번호 일치 검사를 제대로 수행하지 않고 있던 오류 수정
TeamMiso · Aug 28, 2024 · 028d59f · 028d59f
2 parents b73dba5 + 77328b6
commit 028d59f
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/src/main/kotlin/andreas311/miso/domain/auth/application/service/SignInService.kt b/src/main/kotlin/andreas311/miso/domain/auth/application/service/SignInService.kt
@@ -5,6 +5,7 @@ import andreas311.miso.domain.auth.application.event.SaveRefreshTokenEvent
 import andreas311.miso.domain.auth.application.exception.EmailNotValidException
 import andreas311.miso.domain.auth.application.port.input.SignInUseCase
 import andreas311.miso.domain.auth.application.port.input.dto.SignInDto
+import andreas311.miso.domain.auth.application.port.output.PasswordEncodePort
 import andreas311.miso.domain.auth.application.port.output.TokenGeneratePort
 import andreas311.miso.domain.auth.application.port.output.dto.TokenDto
 import andreas311.miso.domain.email.application.port.output.QueryEmailPort
@@ -18,6 +19,7 @@ class SignInService(
     private val queryUserPort: QueryUserPort,
     private val queryEmailPort: QueryEmailPort,
     private val tokenGeneratePort: TokenGeneratePort,
+    private val passwordEncodePort: PasswordEncodePort,
     private val applicationEventPublisher: ApplicationEventPublisher
 ) : SignInUseCase {
     override fun execute(signInDto: SignInDto): TokenDto {
@@ -30,6 +32,8 @@ class SignInService(
             throw EmailNotValidException()
         }
 
+        passwordEncodePort.isPasswordMatch(signInDto.password, user.password)
+
         val token = tokenGeneratePort.generateToken(signInDto.email, user.role)
 
         publishSaveRefreshToken(token, user)

diff --git a/src/main/kotlin/andreas311/miso/domain/auth/application/service/SignUpService.kt b/src/main/kotlin/andreas311/miso/domain/auth/application/service/SignUpService.kt
@@ -1,6 +1,7 @@
 package andreas311.miso.domain.auth.application.service
 
 import andreas311.miso.common.annotation.RollbackService
+import andreas311.miso.domain.auth.application.exception.MismatchPasswordException
 import andreas311.miso.domain.auth.application.exception.UserAlreadyExistException
 import andreas311.miso.domain.auth.application.port.input.SignUpUseCase
 import andreas311.miso.domain.auth.application.port.input.dto.SignUpDto
@@ -24,7 +25,9 @@ class SignUpService(
     private val passwordEncodePort: PasswordEncodePort
 ) : SignUpUseCase {
     override fun execute(signUpDto: SignUpDto) {
-        passwordEncodePort.isPasswordMatch(signUpDto.password, signUpDto.passwordCheck)
+        if (signUpDto.password != signUpDto.passwordCheck) {
+            throw MismatchPasswordException()
+        }
 
         if (!queryUserPort.existsByEmail(signUpDto.email)) {
             emailSendPort.sendEmailAuthKey(signUpDto.email)

diff --git a/src/main/kotlin/andreas311/miso/global/security/adapter/PasswordEncodeAdapter.kt b/src/main/kotlin/andreas311/miso/global/security/adapter/PasswordEncodeAdapter.kt
@@ -12,8 +12,8 @@ class PasswordEncodeAdapter(
     override fun passwordEncode(password: String): String =
         passwordEncoder.encode(password)
 
-    override fun isPasswordMatch(password: String, passwordCheck: String) {
-        if (password != passwordCheck) {
+    override fun isPasswordMatch(passwordCheck: String, password: String) {
+        if (!passwordEncoder.matches(passwordCheck, password)) {
             throw MismatchPasswordException()
         }
     }