Merge pull request #66 from IT-Cotato/feat/#65-mypage-change-password

kingmingyu · web-flow · commit f1420d72b58a · 2026-02-05T16:27:32.000+09:00
Feat/#65 mypage change password
diff --git a/src/main/java/com/finsight/finsight/domain/mypage/application/dto/request/ChangePasswordRequest.java b/src/main/java/com/finsight/finsight/domain/mypage/application/dto/request/ChangePasswordRequest.java
@@ -0,0 +1,11 @@
+package com.finsight.finsight.domain.mypage.application.dto.request;
+
+import jakarta.validation.constraints.NotBlank;
+
+public record ChangePasswordRequest(
+        @NotBlank(message = "현재 비밀번호는 필수입니다.")
+        String currentPassword,
+
+        @NotBlank(message = "새 비밀번호는 필수입니다.")
+        String newPassword
+) {}
diff --git a/src/main/java/com/finsight/finsight/domain/mypage/domain/service/MypageService.java b/src/main/java/com/finsight/finsight/domain/mypage/domain/service/MypageService.java
@@ -6,6 +6,7 @@
 import com.finsight.finsight.domain.category.domain.service.CategoryService;
 import com.finsight.finsight.domain.category.persistence.repository.UserCategoryOrderRepository;
 import com.finsight.finsight.domain.category.persistence.repository.UserCategoryRepository;
+import com.finsight.finsight.domain.mypage.application.dto.request.ChangePasswordRequest;
 import com.finsight.finsight.domain.mypage.application.dto.request.UpdateProfileRequest;
 import com.finsight.finsight.domain.mypage.application.dto.response.LearningReportResponse;
 import com.finsight.finsight.domain.mypage.application.dto.response.MypageResponse;
@@ -18,9 +19,12 @@
 import com.finsight.finsight.domain.storage.persistence.entity.FolderType;
 import com.finsight.finsight.domain.storage.persistence.repository.FolderItemRepository;
 import com.finsight.finsight.domain.storage.persistence.repository.FolderRepository;
+import com.finsight.finsight.domain.user.domain.constant.AuthType;
+import com.finsight.finsight.domain.user.persistence.entity.UserAuthEntity;
 import com.finsight.finsight.domain.user.persistence.entity.UserEntity;
 import com.finsight.finsight.domain.user.persistence.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -46,6 +50,7 @@ public class MypageService {
     private final QuizAttemptRepository quizAttemptRepository;
     private final FolderRepository folderRepository;
     private final UserCategoryOrderRepository userCategoryOrderRepository;
+    private final PasswordEncoder passwordEncoder;
 
     public MypageResponse.MemberProfileResponse getUserProfile(Long userId) {
         // db에서 조회에 실패한 경우
@@ -266,6 +271,39 @@ private List<LearningReportResponse.ChecklistStatus> buildChecklistStatus(
         return result;
     }
 
+    /**
+     * 비밀번호 변경 (카카오 계정 불가)
+     */
+    @Transactional
+    public void changePassword(Long userId, ChangePasswordRequest request) {
+        UserEntity user = userRepository.findById(userId)
+                .orElseThrow(() -> new MypageException(MypageErrorCode.MEMBER_NOT_FOUND));
+
+        // 카카오 계정 체크 (EMAIL 타입이 없으면 카카오 전용 계정)
+        UserAuthEntity auth = user.getUserAuths().stream()
+                .filter(a -> a.getAuthType() == AuthType.EMAIL)
+                .findFirst()
+                .orElseThrow(() -> new MypageException(MypageErrorCode.KAKAO_PASSWORD_NOT_ALLOWED));
+
+        // 현재 비밀번호 확인
+        if (!passwordEncoder.matches(request.currentPassword(), auth.getPasswordHash())) {
+            throw new MypageException(MypageErrorCode.INVALID_CURRENT_PASSWORD);
+        }
+
+        // 새 비밀번호 형식 검증
+        if (!request.newPassword().matches("^(?=.*[a-zA-Z])(?=.*\\d)[a-zA-Z\\d]{6,18}$")) {
+            throw new MypageException(MypageErrorCode.INVALID_NEW_PASSWORD_FORMAT);
+        }
+
+        // 현재와 동일한지 체크
+        if (passwordEncoder.matches(request.newPassword(), auth.getPasswordHash())) {
+            throw new MypageException(MypageErrorCode.SAME_AS_CURRENT_PASSWORD);
+        }
+
+        // 비밀번호 변경
+        auth.updatePassword(passwordEncoder.encode(request.newPassword()));
+    }
+
     private String getDayOfWeekKorean(DayOfWeek dayOfWeek) {
         return switch (dayOfWeek) {
             case MONDAY -> "월";
diff --git a/src/main/java/com/finsight/finsight/domain/mypage/exception/code/MypageErrorCode.java b/src/main/java/com/finsight/finsight/domain/mypage/exception/code/MypageErrorCode.java
@@ -11,7 +11,13 @@ public enum MypageErrorCode implements BaseErrorCode {
 
     MEMBER_NOT_FOUND(HttpStatus.NOT_FOUND, "USER-001", "유저 정보를 찾지 못했습니다."),
     UNAUTHORIZED_ACCESS(HttpStatus.UNAUTHORIZED, "USER-002", "허용되지 않은 유저입니다."),
-    DUPLICATE_NICKNAME(HttpStatus.CONFLICT, "USER-003", "이미 사용 중인 닉네임입니다.");
+    DUPLICATE_NICKNAME(HttpStatus.CONFLICT, "USER-003", "이미 사용 중인 닉네임입니다."),
+
+    // 비밀번호 변경
+    INVALID_CURRENT_PASSWORD(HttpStatus.BAD_REQUEST, "USER-004", "현재 비밀번호가 일치하지 않습니다."),
+    INVALID_NEW_PASSWORD_FORMAT(HttpStatus.BAD_REQUEST, "USER-005", "비밀번호는 영문, 숫자 조합 6-18자리여야 합니다."),
+    SAME_AS_CURRENT_PASSWORD(HttpStatus.BAD_REQUEST, "USER-006", "현재 비밀번호와 동일합니다."),
+    KAKAO_PASSWORD_NOT_ALLOWED(HttpStatus.BAD_REQUEST, "USER-007", "카카오 계정은 비밀번호를 변경할 수 없습니다.");
 
     private final HttpStatus httpStatus;
     private final String message;
diff --git a/src/main/java/com/finsight/finsight/domain/mypage/presentation/MypageController.java b/src/main/java/com/finsight/finsight/domain/mypage/presentation/MypageController.java
@@ -1,6 +1,7 @@
 package com.finsight.finsight.domain.mypage.presentation;
 
 import com.finsight.finsight.domain.auth.application.dto.request.CheckNicknameRequest;
+import com.finsight.finsight.domain.mypage.application.dto.request.ChangePasswordRequest;
 import com.finsight.finsight.domain.mypage.application.dto.request.UpdateProfileRequest;
 import com.finsight.finsight.domain.mypage.application.dto.response.LearningReportResponse;
 import com.finsight.finsight.domain.mypage.application.dto.response.MypageResponse;
@@ -123,4 +124,21 @@ public ResponseEntity<DataResponse<LearningReportResponse.Report>> getLearningRe
         return ResponseEntity.ok(
                 DataResponse.from(myPageService.getLearningReport(userId, targetMonday, targetSunday, validWeeksAgo)));
     }
+
+    @Operation(summary = "비밀번호 변경", description = "현재 비밀번호를 확인 후 새 비밀번호로 변경합니다. (카카오 계정 불가)")
+    @ApiResponses({
+            @io.swagger.v3.oas.annotations.responses.ApiResponse(responseCode = "200", description = "비밀번호 변경 성공"),
+            @io.swagger.v3.oas.annotations.responses.ApiResponse(responseCode = "400", description = "비밀번호 변경 실패")
+    })
+    @PutMapping("/me/change-password")
+    public ResponseEntity<DataResponse<Void>> changePassword(
+            @AuthenticationPrincipal CustomUserDetails customUserDetails,
+            @Valid @RequestBody ChangePasswordRequest request
+    ) {
+        if (customUserDetails == null) {
+            throw new MypageException(MypageErrorCode.UNAUTHORIZED_ACCESS);
+        }
+        myPageService.changePassword(customUserDetails.getUserId(), request);
+        return ResponseEntity.ok(DataResponse.ok());
+    }
 }
