feat :: admin password path 추가

[ByunDohwi]

Summary by CodeRabbit

릴리스 노트

• 기타 (Chores)
  • 공개 접근 가능한 엔드포인트 목록을 업데이트하였습니다.
  • 보안 설정 포맷을 수정하였습니다.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

SecurityConfig에서 공개 엔드포인트 목록에 "/admin/password" 경로를 추가하고, "/admin/key" 다음의 쉼표를 수정합니다. 다른 공개 엔드포인트나 접근 제어는 변경 없습니다.

Changes

Cohort / File(s)	Change Summary
보안 설정 업데이트 src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt	"/admin/password" 엔드포인트를 permitAll 공개 경로 목록에 추가하고, "/admin/key" 뒤의 쉼표 누락 문제 수정

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• 단일 파일의 간단한 설정 변경
• 기존 보안 구조 또는 로직에 영향 없음
• 엔드포인트 목록 확장만 해당

Poem

🐰 어드민 경로를 열어주니,
비밀번호 문도 활짝 띄네!
쉼표 하나 제자리 찾았고,
보안 설정 깔끔하게 정렬됐네. ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Pull request title clearly summarizes the main change: adding the admin password endpoint path to SecurityConfig's public endpoints list.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 574-stag-admin-password-path-추가

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt (1)

56-57: Restrict /admin/password to POST method in Security Config for clarity and defense-in-depth

While the /admin/password endpoint is currently POST-only at the controller level and includes robust validation (email verification code verification + password strength requirements via @Valid), the Security Config's permitAll() rule on lines 56-57 applies to all HTTP methods.

Although unimplemented HTTP methods would return 405 Method Not Allowed, it's better practice to explicitly restrict this endpoint to POST in the Security Config to make the intent clear and prevent accidental exposure if additional HTTP methods are added later.

Consider updating the Security Config to:

.antMatchers(
    "/admin/login",
    "/admin/refresh",
    // ... other endpoints ...
    "/admin/key"
).permitAll()
.antMatchers(HttpMethod.POST, "/admin/password").permitAll()

This way, only POST requests to /admin/password are publicly accessible, while other HTTP methods fall through to the authentication rules below.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 5ec9562 and 9307697.

📒 Files selected for processing (1)

• src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt (1 hunks)