초기비밀번호로 로그인시 비밀번호변경 모달 오픈
eapim-admin CI / build (push) Has been cancelled

This commit is contained in:
eastargh
2026-07-01 14:23:55 +09:00
parent 8494758fcd
commit 61d710dd8c
5 changed files with 74 additions and 32 deletions
@@ -42,7 +42,7 @@ import lombok.RequiredArgsConstructor;
@RequiredArgsConstructor
public class UserManService extends BaseService {
private final String DEFAULT_PASSWORD_SUBFIX = "@!";
private final UserInfoService userInfoService;
private final UserRoleService userRoleService;
@@ -100,9 +100,11 @@ public class UserManService extends BaseService {
UserInfo userInfo = userUIMapper.toEntity(userUI);
userInfo.setRoleidnfiname(CommonConstants.DEPT_DEVELOPER);
String subfix = monitoringContext.getStringProperty(MonitoringContext.RMS_PASSWORD_INIT_SUBFIX, "@!");
try {
userInfo.setPassword(DamoManager.getInstance().hash(DamoManager.SHA256,userUI.getUserId()+DEFAULT_PASSWORD_SUBFIX));
userInfo.setPassword(DamoManager.getInstance().hash(DamoManager.SHA256,userUI.getUserId()+subfix));
} catch (Exception e) {
throw new RuntimeException("Error encrypting password", e);
}
@@ -142,8 +144,9 @@ public class UserManService extends BaseService {
}
public void updatePassword(UserUI userUI) throws Exception {
String subfix = monitoringContext.getStringProperty(MonitoringContext.RMS_PASSWORD_INIT_SUBFIX, "@!");
UserInfo userInfo = userInfoService.getById(userUI.getUserId());
userInfo.setPassword(DamoManager.getInstance().hash(DamoManager.SHA256, userUI.getUserId()+DEFAULT_PASSWORD_SUBFIX));
userInfo.setPassword(DamoManager.getInstance().hash(DamoManager.SHA256, userUI.getUserId()+subfix));
userUIMapper.updateToEntity(userUI, userInfo);
userInfoService.save(userInfo);
}
@@ -262,6 +262,9 @@ public interface MonitoringContext {
public static final String API_WEBHOOK_RETRY_COUNT = "api.webhook.retry_count";
public static final String API_WEBHOOK_RETRY_TIME = "api.webhook.retry_time";
//비밀번호 초기화 접미사
public static final String RMS_PASSWORD_INIT_SUBFIX = "rms.password.init.subfix";
public abstract String getStringProperty(String propertyName);
@@ -45,4 +45,9 @@ public class LoginResponseDto {
* 에러 메시지 (로그인 실패 시)
*/
private String errorMessage;
/**
* 초기 비밀번호 변경 필요 여부
*/
private boolean changePassword;
}
@@ -191,6 +191,19 @@ public class MainController implements InterceptorSkipController {
.redirectUrl(redirectUrl)
.build();
}
// 2.1 초기 비밀번호인 경우, 비밀번호 변경해야 함
String subfix = monitoringContext.getStringProperty(MonitoringContext.RMS_PASSWORD_INIT_SUBFIX, "@!");
if (userInfo.getPassword().equals(DamoManager.getInstance().hash(DamoManager.SHA256, userInfo.getUserid()+subfix))
|| userInfo.getPassword().equals(DamoManager.getInstance().hash(DamoManager.SHA256, userInfo.getUserid()))) {
return LoginResponseDto.builder()
.success(false)
.changePassword(true)
.errorMessage("비밀번호 변경후 사용가능합니다.")
.build();
}
// 3. SMS 인증 필요 여부 체크
SmsAuthService smsAuthService = getSmsAuthService();
@@ -758,6 +771,9 @@ public class MainController implements InterceptorSkipController {
String changePassword, String confirmPassword,
String resetUserId, String resetPassword) {
HttpSession session = request.getSession();
// AJAX 로그인 인증 후 초기비밀번호 변경 경로에서 세션에 부분 로그인 상태가 남아
// root emergency.jsp가 main.do로 잘못 리다이렉트하는 것을 방지
session.removeAttribute(CommonConstants.LOGIN);
try {
@@ -815,6 +831,8 @@ public class MainController implements InterceptorSkipController {
.getString("login.pwdchanged"));
session.setAttribute(RESULT_MSG, localeMessage
.getString("login.pwdchanged"));
logger.debug("\n\n\n\n===================" + localeMessage
.getString("login.pwdchanged"));
return REDIRECT_LOGIN_URL;
} catch (Exception e) {