member password security

This commit is contained in:
insanity 2017-06-28 15:41:23 +09:00
parent ba809a27f5
commit 081326b1ab
2 changed files with 6 additions and 13 deletions

View File

@ -15,7 +15,6 @@ public class Member {
private long id;
private String email;
private String pw;
private String pwSalt;
private String name;
private String phone;
private String companyName;
@ -59,16 +58,6 @@ public class Member {
this.pw = pw;
}
@Basic
@Column(name = "PW_SALT", nullable = true, length = 32)
public String getPwSalt() {
return pwSalt;
}
public void setPwSalt(String pwSalt) {
this.pwSalt = pwSalt;
}
@Basic
@Column(name = "NAME", nullable = true, length = 50)
public String getName() {

View File

@ -3,6 +3,7 @@ package com.loafle.overflow.module.member.service;
import com.loafle.overflow.module.member.dao.MemberDAO;
import com.loafle.overflow.module.member.model.Member;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
/**
@ -13,6 +14,8 @@ public class MemberService {
@Autowired
private MemberDAO memberDAO;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
public Member signin(Member member) throws Exception {
Member m = this.memberDAO.findByEmail(member);
@ -25,14 +28,15 @@ public class MemberService {
throw new Exception("Email Auth Confirm Check");
}
// Todo member.pw m.pw compare
Boolean match = this.passwordEncoder.matches(member.getPw(), m.getPw());
if(!match) return null;
return m;
}
public Member signup(Member member) {
member.setPw(this.passwordEncoder.encode(member.getPw()));
return this.memberDAO.save(member);
}