Merge pull request #162 from SookmyungTackit/dev

yeongsinkeem · web-flow · commit bb300c78bc15 · 2025-12-02T22:52:43.000+09:00
[Release] v5 배포 (dev → main 병합)
diff --git a/src/main/java/org/example/tackit/config/Redis/RedisUtil.java b/src/main/java/org/example/tackit/config/Redis/RedisUtil.java
@@ -16,6 +16,9 @@ public void save(String key, String value) {
         redisTemplate.opsForValue().set(key, value);
     }
 
+    // 저장 2 : 비밀번호 재설정 토큰의 만료 시간 지정을 위해
+    public void save(String key, String value, long timeoutSeconds) { redisTemplate.opsForValue().set(key, value, timeoutSeconds, TimeUnit.SECONDS); }
+
     // 조회 (refreshToken 비교용)
     public String getData(String key) {
         return redisTemplate.opsForValue().get(key);
diff --git a/src/main/java/org/example/tackit/config/SecurityConfig.java b/src/main/java/org/example/tackit/config/SecurityConfig.java
@@ -70,7 +70,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
                 .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests
                         .requestMatchers("/api/admin/**").hasAuthority("ADMIN") // 관리자 페이지 role 추가
-                        .requestMatchers("/auth/**") // 로그인, 회원가입은 열어주기
+                        .requestMatchers("/auth/**") // 로그인, 회원가입, 이메일 및 비밀번호 찾기는 열어주기
                         .permitAll()
                         .requestMatchers("/api/s3/**").permitAll()
                         .requestMatchers("/api/actuator/**").permitAll() // actuator 경로 열기
diff --git a/src/main/java/org/example/tackit/config/jwt/JwtFilter.java b/src/main/java/org/example/tackit/config/jwt/JwtFilter.java
@@ -38,6 +38,13 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         filterChain.doFilter(request, response);
     }
 
+    // 필터를 적용하지 않을 경로 지정
+    // auth/reset-password 요청은 토큰 인증 건너뛰도록
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        return request.getRequestURI().equals("/auth/reset-password") && request.getMethod().equals("PATCH");
+    }
+
     private String resolveToken(HttpServletRequest request) {
         String bearerToken = request.getHeader(AUTHORIZATION_HEADER);
         if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(BEARER_PREFIX)) {
diff --git a/src/main/java/org/example/tackit/config/jwt/TokenProvider.java b/src/main/java/org/example/tackit/config/jwt/TokenProvider.java
@@ -11,14 +11,12 @@
 import org.example.tackit.domain.entity.Member;
 import org.example.tackit.domain.entity.Status;
 import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.core.userdetails.User;
 import org.example.tackit.domain.auth.login.dto.TokenDto;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 
 import java.security.Key;
@@ -35,6 +33,9 @@ public class TokenProvider {
     private static final String BEARER_TYPE = "Bearer";
     private static final long ACCESS_TOKEN_EXPIRE_TIME = 1000 * 60 * 60 * 24;            // 1일
     private static final long REFRESH_TOKEN_EXPIRE_TIME = 1000 * 60 * 60 * 24 * 7;  // 7일
+
+    //  비밀번호 재설정 토큰 (5분)
+    private static final long RESET_TOKEN_EXPIRE_TIME = 1000 * 60 * 5;
     private final Key key;
     private final RedisUtil redisUtil;
     private final MemberRepository memberRepository;
@@ -68,6 +69,24 @@ public TokenDto generateTokenDto(Authentication authentication) {
                 .build();
     }
 
+    // 비밀번호 재설정 전용 일회성 토큰
+    // 보안 원칙 : 최소 권한 부여
+    // authorities 클레임을 포함시키지 않게 하여, 다른 API 호출하지 않도록
+    public String generateResetToken(String email) {
+        long now = (new Date()).getTime();
+
+        return Jwts.builder()
+                .setSubject(email)
+                .setExpiration(new Date(now + RESET_TOKEN_EXPIRE_TIME))
+                .claim("isResetToken", true)
+                .signWith(key, SignatureAlgorithm.HS512)
+                .compact();
+    }
+
+    // 비밀번호 재설정 토큰의 만료 시간 반환
+    public long getResetTokenExpiresIn() {
+        return RESET_TOKEN_EXPIRE_TIME;
+    }
 
 
     public TokenDto reissueAccessToken(String refreshToken) {
@@ -195,6 +214,17 @@ public boolean validateToken(String token) {
         return false;
     }
 
+    // 비밀번호 재설정 토큰인지 확인
+    public boolean isResetToken(String token) {
+        try {
+            Claims claims = parseClaims(token);
+            Object resetClaim = claims.get("isResetToken");
+            return resetClaim instanceof Boolean && (Boolean) resetClaim;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
 
     private Claims parseClaims(String accessToken) {
         try {
diff --git a/src/main/java/org/example/tackit/domain/admin/repository/MemberRepository.java b/src/main/java/org/example/tackit/domain/admin/repository/MemberRepository.java
@@ -1,8 +1,10 @@
 package org.example.tackit.domain.admin.repository;
 
 import org.example.tackit.domain.entity.Member;
+import org.example.tackit.domain.entity.Role;
 import org.example.tackit.domain.entity.Status;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
 
@@ -27,6 +29,17 @@ public interface MemberRepository extends JpaRepository<Member, Long> {
 
     // 탈퇴 회원 통계
     List<Member> findByStatus(Status status);
-    Long countByStatus(Status status);
+
+    // 1년마다 뉴비 -> 시니어 자동 갱신
+    @Modifying(clearAutomatically = true, flushAutomatically = true)
+    @Query("UPDATE Member m " +
+            "SET m.role = :newRole " +
+            "WHERE m.role = :oldRole " +
+            "AND m.joinedYear <= :thresholdYear")
+    int bulkUpdateRole(@Param("oldRole") Role oldRole,
+                       @Param("newRole") Role newRole,
+                       @Param("thresholdYear") int thresholdYear);
+    // 닉네임 중복확인
+    boolean existsByNickname(String nickname);
 
 }
diff --git a/src/main/java/org/example/tackit/domain/auth/login/controller/AuthController.java b/src/main/java/org/example/tackit/domain/auth/login/controller/AuthController.java
@@ -54,5 +54,30 @@ public ResponseEntity<FindEmailRespDto> findEmail(
 
         return ResponseEntity.ok(resp);
     }
+
+    // 비밀번호 찾기
+    @PostMapping("/find-password")
+    public ResponseEntity<ResetTokenDto> findPassword(
+            @RequestBody FindPwReqDto findPwReqDto
+    ) {
+        ResetTokenDto tokenDto = authService.findPwByIdentity(
+                findPwReqDto.getName(),
+                findPwReqDto.getOrganization(),
+                findPwReqDto.getEmail()
+        );
+
+        return ResponseEntity.ok(tokenDto);
+    }
+
+    // 비밀번호 재설정
+    @PatchMapping("/reset-password")
+    public ResponseEntity<?> resetPassword(
+            @RequestHeader("Authorization") String authorizationHeader,
+            @RequestBody ResetPwReqDto resetPwReqDto
+    ) {
+        authService.resetPassword(authorizationHeader, resetPwReqDto.getNewPassword());
+
+        return ResponseEntity.ok().body(Map.of("status", "OK", "message", "비밀번호가 성공적으로 변경되었습니다."));
+    }
 }
 
diff --git a/src/main/java/org/example/tackit/domain/auth/login/dto/FindPwReqDto.java b/src/main/java/org/example/tackit/domain/auth/login/dto/FindPwReqDto.java
@@ -0,0 +1,10 @@
+package org.example.tackit.domain.auth.login.dto;
+
+import lombok.Data;
+
+@Data
+public class FindPwReqDto {
+    private String organization;
+    private String name;
+    private String email;
+}
diff --git a/src/main/java/org/example/tackit/domain/auth/login/dto/ResetPwReqDto.java b/src/main/java/org/example/tackit/domain/auth/login/dto/ResetPwReqDto.java
@@ -0,0 +1,8 @@
+package org.example.tackit.domain.auth.login.dto;
+
+import lombok.Data;
+
+@Data
+public class ResetPwReqDto {
+    private String newPassword;
+}
diff --git a/src/main/java/org/example/tackit/domain/auth/login/dto/ResetTokenDto.java b/src/main/java/org/example/tackit/domain/auth/login/dto/ResetTokenDto.java
@@ -0,0 +1,12 @@
+package org.example.tackit.domain.auth.login.dto;
+
+import lombok.Builder;
+import lombok.Data;
+
+@Builder
+@Data
+public class ResetTokenDto {
+    private String grantType;
+    private String resetToken;
+    private Long expiresIn;
+}
diff --git a/src/main/java/org/example/tackit/domain/auth/login/repository/UserRepository.java b/src/main/java/org/example/tackit/domain/auth/login/repository/UserRepository.java
@@ -18,5 +18,7 @@ public interface UserRepository extends JpaRepository<Member, Long> {
     Optional<Member> findByOrganizationAndName(String organization, String name);
 
     Optional<Member> findByEmailAndOrganization(String email, String organization);
+
+    Optional<Member> findByNameAndOrganizationAndEmail(String name, String organization, String email);
 }
 
diff --git a/src/main/java/org/example/tackit/domain/auth/login/service/AuthService.java b/src/main/java/org/example/tackit/domain/auth/login/service/AuthService.java
@@ -4,18 +4,17 @@
 import lombok.extern.slf4j.Slf4j;
 import org.example.tackit.config.Redis.RedisUtil;
 import org.example.tackit.config.jwt.TokenProvider;
-import org.example.tackit.domain.auth.login.dto.FindEmailRespDto;
+import org.example.tackit.domain.admin.repository.MemberRepository;
+import org.example.tackit.domain.auth.login.dto.*;
 import org.example.tackit.domain.entity.Member;
 import org.example.tackit.domain.entity.Status;
-import org.example.tackit.domain.auth.login.dto.SignInDto;
-import org.example.tackit.domain.auth.login.dto.SignUpDto;
-import org.example.tackit.domain.auth.login.dto.TokenDto;
 import org.example.tackit.domain.auth.login.repository.UserRepository;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -34,6 +33,7 @@ public class AuthService {
     private final AuthenticationManager authenticationManager;
     private final TokenProvider tokenProvider;
     private final RedisUtil redisUtil;
+    private final MemberRepository memberRepository;
 
     @Transactional
     public void signup(SignUpDto signUpDto) {
@@ -79,7 +79,7 @@ public TokenDto signIn(SignInDto signInDto) {
     }
 
     // Bearer 제거 및 형식 검증
-    public String resolveRefreshToken(String refreshToken) {
+    public String resolveBearerToken(String refreshToken) {
         if (refreshToken == null || !refreshToken.startsWith("Bearer ")) {
             throw new BadCredentialsException("리프레시 토큰이 누락되었거나 올바르지 않습니다.");
         }
@@ -89,7 +89,7 @@ public String resolveRefreshToken(String refreshToken) {
     // 토큰 재발급 처리
     @Transactional
     public TokenDto reissue(String bearerToken) {
-        String refreshToken = resolveRefreshToken(bearerToken);
+        String refreshToken = resolveBearerToken(bearerToken);
         return tokenProvider.reissueAccessToken(refreshToken);
     }
 
@@ -98,7 +98,6 @@ public TokenDto reissue(String bearerToken) {
     public FindEmailRespDto findEmailbyOrgAndNickname(String organization, String name) {
         Optional<Member> memberOptional = userRepository.findByOrganizationAndName(organization, name);
 
-
         Member member = memberOptional.orElseThrow(() ->
                 new ResponseStatusException(HttpStatus.NOT_FOUND, "회원을 찾을 수 없습니다.")
         );
@@ -107,5 +106,81 @@ public FindEmailRespDto findEmailbyOrgAndNickname(String organization, String na
                 .email(member.getEmail())
                 .build();
     }
+
+    // 비밀번호 찾기
+    @Transactional
+    public ResetTokenDto findPwByIdentity(String name, String organization, String email) {
+        try {
+            // 1. 정보 일치 확인 및 회원 조회
+            log.info("비밀번호 찾기 본인 확인 시도: 이름={}, 소속={}, 이메일={}", name, organization, email);
+
+            Optional<Member> memberOptional = userRepository.findByNameAndOrganizationAndEmail(name, organization, email);
+
+            // 2. 일치하는 회원이 없을 경우 예외
+            Member member = memberOptional.orElseThrow( () -> {
+                log.error("본인 확인 실패: 정보 불일치");
+
+                // 404 Not Found
+                return new ResponseStatusException(HttpStatus.NOT_FOUND, "회원 정보가 일치하지 않습니다.");
+            });
+
+            log.info("본인 확인 성공: 사용자 이메일={}", member.getEmail());
+
+            // 3. 재설정 전용 일회성 토큰 발급
+            String resetToken = tokenProvider.generateResetToken(member.getEmail());
+
+            // 4. Redis에 토큰 저장 (일회용 보장 및 유효성 관리)
+            long expirationTimeSeconds = tokenProvider.getResetTokenExpiresIn() / 1000;
+
+            // Key는 "reset:" + 이메일로 설정 -> 일반 Refresh Token과 구분
+            redisUtil.save(
+                    "reset:" + member.getEmail(),
+                    resetToken,
+                    expirationTimeSeconds
+            );
+
+            // 5. 토큰 반환
+            return ResetTokenDto.builder()
+                    .grantType("Bearer")
+                    .resetToken(resetToken)
+                    .expiresIn(expirationTimeSeconds)
+                    .build();
+        } catch (Exception e) {
+            log.error("비밀번호 찾기 처리 중 에러 발생", e);
+            throw new RuntimeException("서버 오류가 발생했습니다.", e);
+        }
+    }
+
+    // 비밀번호 찾기 ) 비밀번호 재설정
+    @Transactional
+    public void resetPassword(String authorizationHeader, String newPassword) {
+        // 1. 토큰 추출 및 형식 검증
+        String resetToken = resolveBearerToken(authorizationHeader);
+
+        // 2. JWT 유효성 및 용도 확인
+        if( !tokenProvider.validateToken(resetToken) || !tokenProvider.isResetToken(resetToken) ) {
+            throw new BadCredentialsException("유효하지 않거나 만료된 재설정 토큰입니다.");
+        }
+
+        // 3. 토큰에서 이메일 추출
+        String email = tokenProvider.getEmailFromToken(resetToken);
+
+        // 4. Redis에 저장된 토큰과 일치하는지 확인
+        String token = redisUtil.getData("reset:" + email);
+        if( token == null || !token.equals(resetToken) ) {
+            // 이미 사용되었거나 만료된 토큰
+            throw new BadCredentialsException("이미 사용되었거나 유효하지 않은 토큰입니다.");
+        }
+
+        // 5. 비밀번호 업데이트
+        Member member = memberRepository.findByEmail(email)
+                .orElseThrow(() -> new UsernameNotFoundException(email + " not found"));
+
+        String encodedNewPassword = passwordEncoder.encode(newPassword);
+        member.changePassword(encodedNewPassword);
+
+        // 6. Redis에서 토큰 삭제
+        redisUtil.delete("reset:" + email);
+    }
 }
 
diff --git a/src/main/java/org/example/tackit/domain/mypage/repository/MemberDetailRepository.java b/src/main/java/org/example/tackit/domain/mypage/repository/MemberDetailRepository.java
diff --git a/src/main/java/org/example/tackit/domain/mypage/service/MemberScheduler.java b/src/main/java/org/example/tackit/domain/mypage/service/MemberScheduler.java
diff --git a/src/main/java/org/example/tackit/domain/mypage/service/MemberService.java b/src/main/java/org/example/tackit/domain/mypage/service/MemberService.java
diff --git a/src/main/java/org/example/tackit/domain/mypage/service/UpdateMemberService.java b/src/main/java/org/example/tackit/domain/mypage/service/UpdateMemberService.java
diff --git a/src/test/java/org/example/tackit/MemberSchedulerTest.java b/src/test/java/org/example/tackit/MemberSchedulerTest.java

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,9 @@ public void save(String key, String value) {`
`16`	`16`	`redisTemplate.opsForValue().set(key, value);`
`17`	`17`	`}`
`18`	`18`
	`19`	`+ // 저장 2 : 비밀번호 재설정 토큰의 만료 시간 지정을 위해`
	`20`	`+ public void save(String key, String value, long timeoutSeconds) { redisTemplate.opsForValue().set(key, value, timeoutSeconds, TimeUnit.SECONDS); }`
	`21`	`+`
`19`	`22`	`// 조회 (refreshToken 비교용)`
`20`	`23`	`public String getData(String key) {`
`21`	`24`	`return redisTemplate.opsForValue().get(key);`
Original file line number	Diff line number	Diff line change
`@@ -18,5 +18,7 @@ public interface UserRepository extends JpaRepository<Member, Long> {`
`18`	`18`	`Optional<Member> findByOrganizationAndName(String organization, String name);`
`19`	`19`
`20`	`20`	`Optional<Member> findByEmailAndOrganization(String email, String organization);`
	`21`	`+`
	`22`	`+ Optional<Member> findByNameAndOrganizationAndEmail(String name, String organization, String email);`
`21`	`23`	`}`
`22`	`24`