From 081326b1ab3fcf8502a151a66e2ae783aad8ca21 Mon Sep 17 00:00:00 2001 From: insanity Date: Wed, 28 Jun 2017 15:41:23 +0900 Subject: [PATCH] member password security --- .../loafle/overflow/module/member/model/Member.java | 11 ----------- .../overflow/module/member/service/MemberService.java | 8 ++++++-- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/loafle/overflow/module/member/model/Member.java b/src/main/java/com/loafle/overflow/module/member/model/Member.java index 18bb290..2d75fd3 100644 --- a/src/main/java/com/loafle/overflow/module/member/model/Member.java +++ b/src/main/java/com/loafle/overflow/module/member/model/Member.java @@ -15,7 +15,6 @@ public class Member { private long id; private String email; private String pw; - private String pwSalt; private String name; private String phone; private String companyName; @@ -59,16 +58,6 @@ public class Member { this.pw = pw; } - @Basic - @Column(name = "PW_SALT", nullable = true, length = 32) - public String getPwSalt() { - return pwSalt; - } - - public void setPwSalt(String pwSalt) { - this.pwSalt = pwSalt; - } - @Basic @Column(name = "NAME", nullable = true, length = 50) public String getName() { diff --git a/src/main/java/com/loafle/overflow/module/member/service/MemberService.java b/src/main/java/com/loafle/overflow/module/member/service/MemberService.java index 7e5551b..4a22f14 100644 --- a/src/main/java/com/loafle/overflow/module/member/service/MemberService.java +++ b/src/main/java/com/loafle/overflow/module/member/service/MemberService.java @@ -3,6 +3,7 @@ package com.loafle.overflow.module.member.service; import com.loafle.overflow.module.member.dao.MemberDAO; import com.loafle.overflow.module.member.model.Member; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; /** @@ -13,6 +14,8 @@ public class MemberService { @Autowired private MemberDAO memberDAO; + @Autowired + private BCryptPasswordEncoder passwordEncoder; public Member signin(Member member) throws Exception { Member m = this.memberDAO.findByEmail(member); @@ -25,14 +28,15 @@ public class MemberService { throw new Exception("Email Auth Confirm Check"); } - // Todo member.pw m.pw compare + Boolean match = this.passwordEncoder.matches(member.getPw(), m.getPw()); + if(!match) return null; return m; } public Member signup(Member member) { - + member.setPw(this.passwordEncoder.encode(member.getPw())); return this.memberDAO.save(member); }