Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ public Request toEntity(
.containerImage(image)
.ubuntuUsername(ubuntuUsername)
.ubuntuPassword(ubuntuPasswordBase64)
.ubuntuPasswordBase64(ubuntuPassword)
.ubuntuPasswordBase64(ubuntuPasswordBase64)
Comment on lines 79 to +80
.volumeSizeGiB(volumeSizeGiB)
.usagePurpose(usagePurpose)
.formAnswers(formAnswersJson)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ public interface RequestRepository extends JpaRepository<Request, Long> {
Optional<Request> findByUbuntuUsername(String username);
List<Request> findAllByUser_UserId(Long userId);
List<Request> findAllByStatus(Status status);
Optional<Request> findByUbuntuUsernameAndUbuntuPassword(String username, String passwordBase64);
Optional<Request> findByUbuntuUsernameAndUbuntuPasswordBase64(String username, String passwordBase64);
List<Request> findByUserUserIdAndStatus(Long userId, Status status);
boolean existsByUbuntuUsername(String ubuntuUsername);
List<Request> findAllByUser_UserIdAndStatus(Long userId, Status status);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,19 +61,19 @@ public UserAuthResponseDTO userAuth(UserAuthRequestDTO dto) {
log.info("사용자 인증을 시작합니다. username: {}", dto.username());

// 2. 비밀번호 확인
String encodedPassword = dto.passwordBase64();
String passwordBase64 = dto.passwordBase64();
log.debug("비밀번호를 확인합니다. username: {}", dto.username());

// 3. 사용자 및 비밀번호 일치 여부 확인
Request request = requestRepository.findByUbuntuUsernameAndUbuntuPassword(dto.username(), encodedPassword)
Request request = requestRepository.findByUbuntuUsernameAndUbuntuPasswordBase64(dto.username(), passwordBase64)
.orElseThrow(() -> {
// 3-1. 사용자 정보를 찾을 수 없을 때의 로그
log.warn("사용자 '{}'를 찾을 수 없거나 비밀번호가 일치하지 않습니다.", dto.username());
return new UnauthorizedException(ErrorCode.USER_NOT_FOUND);
});

// 4. 추가 비밀번호 일치 확인 (Optional: Optional로 처리되었기 때문에 이중 확인)
if (!encodedPassword.equals(request.getUbuntuPassword())) {
if (!passwordBase64.equals(request.getUbuntuPasswordBase64())) {
// 4-1. 비밀번호 불일치 로그
log.error("사용자 '{}'에 대해 데이터베이스 비밀번호와 암호화된 비밀번호가 일치하지 않습니다. (내부 로직 오류 가능성)", dto.username());
throw new UnauthorizedException(ErrorCode.INVALID_LOGIN_INFO);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -196,8 +196,8 @@ void userAuth_success() {

Request request = mock(Request.class);
when(request.getUbuntuUsername()).thenReturn("testuser");
when(request.getUbuntuPassword()).thenReturn(passwordBase64);
when(requestRepository.findByUbuntuUsernameAndUbuntuPassword("testuser", passwordBase64))
when(request.getUbuntuPasswordBase64()).thenReturn(passwordBase64);
when(requestRepository.findByUbuntuUsernameAndUbuntuPasswordBase64("testuser", passwordBase64))
.thenReturn(Optional.of(request));

UserAuthRequestDTO dto = new UserAuthRequestDTO("testuser", passwordBase64);
Expand All @@ -210,7 +210,7 @@ void userAuth_success() {
@Test
@DisplayName("존재하지 않는 username으로 인증하면 UnauthorizedException을 던진다")
void userAuth_throwsException_whenUsernameNotFound() {
when(requestRepository.findByUbuntuUsernameAndUbuntuPassword(anyString(), anyString()))
when(requestRepository.findByUbuntuUsernameAndUbuntuPasswordBase64(anyString(), anyString()))
.thenReturn(Optional.empty());

UserAuthRequestDTO dto = new UserAuthRequestDTO("unknownuser", "dGVzdA==");
Expand Down