Merge pull request #15 from FlipNoteTeam/feat/password-reset

dungbik · web-flow · commit b2b1505142c8 · 2025-07-26T00:11:43.000+09:00
Feat: [FN-66] 비밀번호 재설정
diff --git a/src/main/java/project/flipnote/auth/controller/AuthController.java b/src/main/java/project/flipnote/auth/controller/AuthController.java
@@ -4,6 +4,7 @@
 import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.CookieValue;
+import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -14,6 +15,7 @@
 import project.flipnote.auth.model.EmailVerificationConfirmRequest;
 import project.flipnote.auth.model.EmailVerificationRequest;
 import project.flipnote.auth.model.PasswordResetCreateRequest;
+import project.flipnote.auth.model.PasswordResetRequest;
 import project.flipnote.auth.model.TokenPair;
 import project.flipnote.auth.model.UserLoginRequest;
 import project.flipnote.auth.model.UserLoginResponse;
@@ -99,4 +101,13 @@ public ResponseEntity<Void> requestPasswordReset(
 
 		return ResponseEntity.noContent().build();
 	}
+
+	@PatchMapping("/password-resets")
+	public ResponseEntity<Void> resetPassword(
+		@Valid @RequestBody PasswordResetRequest req
+	) {
+		authService.resetPassword(req);
+
+		return ResponseEntity.noContent().build();
+	}
 }
diff --git a/src/main/java/project/flipnote/auth/exception/AuthErrorCode.java b/src/main/java/project/flipnote/auth/exception/AuthErrorCode.java
@@ -17,7 +17,8 @@ public enum AuthErrorCode implements ErrorCode {
 	EXISTING_EMAIL(HttpStatus.CONFLICT, "AUTH_005", "이미 가입된 이메일입니다. 다른 이메일을 사용해 주세요."),
 	INVALID_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "AUTH_006", "인증 정보가 유효하지 않습니다."),
 	UNVERIFIED_EMAIL(HttpStatus.FORBIDDEN, "AUTH_007", "인증되지 않은 이메일입니다. 이메일 인증을 완료해 주세요."),
-	ALREADY_SENT_PASSWORD_RESET_LINK(HttpStatus.CONFLICT, "AUTH_008", "이미 유효한 비밀번호 재설정 링크가 존재합니다. 이메일을 확인해주세요.");
+	ALREADY_SENT_PASSWORD_RESET_LINK(HttpStatus.CONFLICT, "AUTH_008", "이미 유효한 비밀번호 재설정 링크가 존재합니다. 이메일을 확인해주세요."),
+	INVALID_PASSWORD_RESET_TOKEN(HttpStatus.NOT_FOUND, "AUTH_009", "비밀번호 재설정 링크가 유효하지 않거나 만료되었습니다.");
 
 	private final HttpStatus httpStatus;
 	private final String code;
diff --git a/src/main/java/project/flipnote/auth/model/PasswordResetRequest.java b/src/main/java/project/flipnote/auth/model/PasswordResetRequest.java
@@ -0,0 +1,14 @@
+package project.flipnote.auth.model;
+
+import jakarta.validation.constraints.NotBlank;
+import project.flipnote.common.validation.annotation.ValidPassword;
+
+public record PasswordResetRequest(
+
+	@NotBlank
+	String token,
+
+	@ValidPassword
+	String password
+) {
+}
diff --git a/src/main/java/project/flipnote/auth/repository/PasswordResetRedisRepository.java b/src/main/java/project/flipnote/auth/repository/PasswordResetRedisRepository.java
@@ -47,11 +47,20 @@ public Optional<String> findEmailByToken(String token) {
 	}
 
 	public void deleteToken(String email, String token) {
-		String tokenKey = AuthRedisKey.PASSWORD_RESET_TOKEN.key(token);
-		stringRedisTemplate.delete(tokenKey);
+		stringRedisTemplate.execute(new SessionCallback<List<Object>>() {
+			@Override
+			public List<Object> execute(RedisOperations operations) throws DataAccessException {
+				operations.multi();
+
+				String tokenKey = AuthRedisKey.PASSWORD_RESET_TOKEN.key(token);
+				stringRedisTemplate.delete(tokenKey);
 
-		String emailKey = AuthRedisKey.PASSWORD_RESET_EMAIL.key(email);
-		stringRedisTemplate.delete(emailKey);
+				String emailKey = AuthRedisKey.PASSWORD_RESET_EMAIL.key(email);
+				stringRedisTemplate.delete(emailKey);
+
+				return operations.exec();
+			}
+		});
 	}
 
 	public boolean hasActiveToken(String email) {
diff --git a/src/main/java/project/flipnote/auth/service/AuthService.java b/src/main/java/project/flipnote/auth/service/AuthService.java
@@ -5,6 +5,7 @@
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -15,6 +16,7 @@
 import project.flipnote.auth.model.EmailVerificationConfirmRequest;
 import project.flipnote.auth.model.EmailVerificationRequest;
 import project.flipnote.auth.model.PasswordResetCreateRequest;
+import project.flipnote.auth.model.PasswordResetRequest;
 import project.flipnote.auth.model.TokenPair;
 import project.flipnote.auth.model.UserLoginRequest;
 import project.flipnote.auth.repository.EmailVerificationRedisRepository;
@@ -107,6 +109,19 @@ public void requestPasswordReset(PasswordResetCreateRequest req) {
 		}
 	}
 
+	@Transactional
+	public void resetPassword(PasswordResetRequest req) {
+		String token = req.token();
+
+		String email = passwordResetRedisRepository.findEmailByToken(token)
+			.orElseThrow(() -> new BizException(AuthErrorCode.INVALID_PASSWORD_RESET_TOKEN));
+
+		String encodedPassword = passwordEncoder.encode(req.password());
+		userRepository.updatePassword(email, encodedPassword);
+
+		passwordResetRedisRepository.deleteToken(email, token);
+	}
+
 	public void validatePasswordMatch(String rawPassword, String encodedPassword) {
 		if (!passwordEncoder.matches(rawPassword, encodedPassword)) {
 			throw new BizException(AuthErrorCode.INVALID_CREDENTIALS);
diff --git a/src/main/java/project/flipnote/common/security/config/SecurityConfig.java b/src/main/java/project/flipnote/common/security/config/SecurityConfig.java
@@ -56,7 +56,11 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 			.sessionManagement(session
 				-> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
 			.authorizeHttpRequests(auth -> auth
-				.requestMatchers(HttpMethod.POST, "/*/users", "/*/auth/token/refresh", "/*/auth/password-resets").permitAll()
+				.requestMatchers(
+					HttpMethod.POST,
+					"/*/users", "/*/auth/token/refresh", "/*/auth/password-resets"
+				).permitAll()
+				.requestMatchers(HttpMethod.PATCH, "/*/auth/password-resets").permitAll()
 				.requestMatchers(
 					HttpMethod.POST,
 					"/*/auth/login", "/*/auth/email", "/*/auth/email/confirm"
diff --git a/src/main/java/project/flipnote/user/repository/UserRepository.java b/src/main/java/project/flipnote/user/repository/UserRepository.java
@@ -24,8 +24,12 @@ public interface UserRepository extends JpaRepository<User, Long> {
 	Optional<Long> findTokenVersionById(@Param("userId") Long userId);
 
 	@Modifying
-	@Query("UPDATE User u SET u.tokenVersion = u.tokenVersion + 1 WHERE u.id = :id")
-	void incrementTokenVersion(@Param("id") Long userId);
+	@Query("UPDATE User u SET u.tokenVersion = u.tokenVersion + 1 WHERE u.id = :userId")
+	void incrementTokenVersion(@Param("userId") Long userId);
 
 	boolean existsByEmailAndStatus(String email, UserStatus status);
+
+	@Modifying
+	@Query("UPDATE User u SET u.password = :password WHERE u.email = :email")
+	void updatePassword(@Param("email") String email, @Param("password") String password);
 }
diff --git a/src/test/java/project/flipnote/auth/service/AuthServiceTest.java b/src/test/java/project/flipnote/auth/service/AuthServiceTest.java
@@ -22,6 +22,7 @@
 import project.flipnote.auth.model.EmailVerificationConfirmRequest;
 import project.flipnote.auth.model.EmailVerificationRequest;
 import project.flipnote.auth.model.PasswordResetCreateRequest;
+import project.flipnote.auth.model.PasswordResetRequest;
 import project.flipnote.auth.model.TokenPair;
 import project.flipnote.auth.model.UserLoginRequest;
 import project.flipnote.auth.repository.EmailVerificationRedisRepository;
@@ -370,4 +371,40 @@ void fail_notExistEmail() {
 			verify(eventPublisher, never()).publishEvent(any(PasswordResetCreateEvent.class));
 		}
 	}
+
+	@DisplayName("비밀번호 재설정 테스트")
+	@Nested
+	class ResetPassword {
+
+		@DisplayName("성공")
+		@Test
+		void success() {
+			String email = "test@test.com";
+			String encodedPass = "encodedPass";
+			String token = "token";
+			PasswordResetRequest req = new PasswordResetRequest(token, "testPass");
+
+			given(passwordResetRedisRepository.findEmailByToken(anyString())).willReturn(Optional.of(email));
+			given(passwordEncoder.encode(anyString())).willReturn(encodedPass);
+
+			authService.resetPassword(req);
+
+			verify(userRepository, times(1)).updatePassword(eq(email), eq(encodedPass));
+			verify(passwordResetRedisRepository, times(1)).deleteToken(eq(email), eq(token));
+		}
+
+		@DisplayName("토큰이 존재하지 않거나 만료되었을 때 예외 발생")
+		@Test
+		void fail_invalidPasswordResetToken() {
+			PasswordResetRequest req = new PasswordResetRequest("token", "testPass");
+
+			given(passwordResetRedisRepository.findEmailByToken(anyString())).willReturn(Optional.empty());
+
+			BizException exception = assertThrows(BizException.class, () -> authService.resetPassword(req));
+			assertThat(exception.getErrorCode()).isEqualTo(AuthErrorCode.INVALID_PASSWORD_RESET_TOKEN);
+
+			verify(userRepository, never()).updatePassword(anyString(), anyString());
+			verify(passwordResetRedisRepository, never()).deleteToken(anyString(), anyString());
+		}
+	}
 }
