🔒️ 행안부 프리셋 보안 점검 1차 점검
This commit is contained in:
kimjaeyeol
@@ -225,7 +225,7 @@ public class UserApiController {
|
||||
* @return String 사용자 id
|
||||
*/
|
||||
@PutMapping("/api/v1/users/info/{userId}")
|
||||
public String updateInfo(@PathVariable String userId, @RequestBody @Valid UserUpdateInfoRequestDto requestDto) {
|
||||
public String updateInfo(@PathVariable String userId, @RequestBody @Valid UserUpdateInfoRequestDto requestDto) throws BusinessMessageException {
|
||||
final String authUserId = SecurityContextHolder.getContext().getAuthentication().getName();
|
||||
if (!authUserId.equals(userId)) {
|
||||
throw new BusinessMessageException(messageUtil.getMessage("err.access.denied"));
|
||||
|
||||
@@ -5,7 +5,7 @@ public class UserPasswordChangeEmailTemplate {
|
||||
/**
|
||||
* 객체 생성 금지
|
||||
*/
|
||||
private UserPasswordChangeEmailTemplate() {
|
||||
private UserPasswordChangeEmailTemplate() throws IllegalStateException {
|
||||
throw new IllegalStateException("user password change email template class");
|
||||
}
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@ import org.hibernate.annotations.OnDelete;
|
||||
import org.hibernate.annotations.OnDeleteAction;
|
||||
|
||||
import javax.persistence.*;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@@ -89,7 +90,7 @@ public class Authorization extends BaseEntity {
|
||||
this.urlPatternValue = urlPatternValue;
|
||||
this.httpMethodCode = httpMethodCode;
|
||||
this.sortSeq = sortSeq;
|
||||
this.roleAuthorizations = roleAuthorizations;
|
||||
this.roleAuthorizations = new ArrayList<>(roleAuthorizations);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -596,32 +596,9 @@ public class UserService extends AbstractService implements UserDetailsService {
|
||||
*/
|
||||
@Transactional
|
||||
public UserResponseDto loadUserBySocial(UserLoginRequestDto requestDto) {
|
||||
/*SocialUserResponseDto socialUserDto = getSocialUserInfo(requestDto.getProvider(), requestDto.getToken());
|
||||
|
||||
UserResponseDto userDto = getAndSaveSocialUser(requestDto.getProvider(), socialUserDto);
|
||||
|
||||
if (userDto == null) {
|
||||
throw new BusinessMessageException(getMessage("err.user.join.social"));
|
||||
}
|
||||
if (!UserStateCode.NORMAL.getKey().equals(userDto.getUserStateCode())) {
|
||||
throw new BusinessMessageException(getMessage("err.user.state.cantlogin"));
|
||||
}
|
||||
|
||||
return userDto;*/
|
||||
SocialUserResponseDto socialUserResponseDto = getSocialUserInfo(requestDto.getProvider(), requestDto.getToken());
|
||||
|
||||
User user = findSocialUser(requestDto.getProvider(), socialUserResponseDto.getId());
|
||||
|
||||
/*// 이메일이 없는 사용자가 이메일을 직접입력하고 나중에 원래 이메일을 가지고 있는 사용자가 다른 접근할 경우 문제가 생길 수 있음
|
||||
if (user == null && socialUserResponseDto.getEmail() != null) {
|
||||
user = userRepository.findByEmail(socialUserResponseDto.getEmail()).orElse(null);
|
||||
|
||||
// 공급자 id로 조회되지 않지만 이메일로 조회되는 경우 공급자 id 등록
|
||||
if (user != null) {
|
||||
user.setSocial(requestDto.getProvider(), socialUserResponseDto.getId());
|
||||
}
|
||||
}*/
|
||||
|
||||
if (user == null) {
|
||||
throw new BusinessException(ErrorCode.REQUIRE_USER_JOIN);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user