fix[jwt]: 비밀번호 검수를 통해 재설정을 하는 로직에 레디스에 검수 여부 저장하는 부분 수정

asowjdan · asowjdan · commit 9cee43ec2960 · 2025-10-01T10:01:03.000+09:00
diff --git a/backend/src/main/java/com/ai/lawyer/domain/member/controller/MemberController.java b/backend/src/main/java/com/ai/lawyer/domain/member/controller/MemberController.java
@@ -307,7 +307,8 @@ public ResponseEntity<VerificationResponse> verifyPassword(
     public ResponseEntity<PasswordResetResponse> resetPassword(
             @RequestBody ResetPasswordRequestDto request,
             Authentication authentication,
-            HttpServletRequest httpRequest) {
+            HttpServletRequest httpRequest,
+            HttpServletResponse httpResponse) {
 
         // 입력값 검증
         if (request.getNewPassword() == null || request.getNewPassword().isBlank()) {
@@ -353,7 +354,10 @@ public ResponseEntity<PasswordResetResponse> resetPassword(
 
         memberService.resetPassword(loginId, request.getNewPassword(), request.getSuccess());
 
-        log.info("비밀번호 재설정 성공: email={}", loginId);
+        // 비밀번호 재설정 성공 시 로그아웃 처리
+        memberService.logout(loginId, httpResponse);
+
+        log.info("비밀번호 재설정 및 로그아웃 성공: email={}", loginId);
         return ResponseEntity.ok(PasswordResetResponse.success("비밀번호가 성공적으로 재설정되었습니다.", loginId));
     }
 
diff --git a/backend/src/main/java/com/ai/lawyer/domain/member/service/MemberService.java b/backend/src/main/java/com/ai/lawyer/domain/member/service/MemberService.java
@@ -126,7 +126,14 @@ public boolean verifyPassword(String loginId, String password) {
         Member member = memberRepository.findByLoginId(loginId)
                 .orElseThrow(() -> new IllegalArgumentException("존재하지 않는 회원입니다."));
 
-        return passwordEncoder.matches(password, member.getPassword());
+        boolean isValid = passwordEncoder.matches(password, member.getPassword());
+
+        // 비밀번호 검증 성공 시 Redis에 인증 성공 표시 저장
+        if (isValid) {
+            emailAuthService.markPasswordVerified(loginId);
+        }
+
+        return isValid;
     }
 
     @Transactional
diff --git a/backend/src/main/java/com/ai/lawyer/global/email/service/EmailAuthService.java b/backend/src/main/java/com/ai/lawyer/global/email/service/EmailAuthService.java
@@ -38,6 +38,14 @@ public boolean verifyAuthCode(String loginId, String inputCode) {
         return false;
     }
 
+    /**
+     * 비밀번호 검증 성공 표시 (로그인 사용자용)
+     */
+    public void markPasswordVerified(String loginId) {
+        String successKey = buildSuccessKey(loginId);
+        redisTemplate.opsForValue().set(successKey, "true", EXPIRATION_MINUTES, TimeUnit.MINUTES);
+    }
+
     /**
      * 이메일 인증 성공 여부 확인
      */
diff --git a/backend/src/main/java/com/ai/lawyer/global/jwt/JwtAuthenticationFilter.java b/backend/src/main/java/com/ai/lawyer/global/jwt/JwtAuthenticationFilter.java
@@ -188,10 +188,7 @@ protected boolean shouldNotFilter(HttpServletRequest request) {
         String path = request.getRequestURI();
         return path.equals("/api/auth/signup") ||
                path.equals("/api/auth/login") ||
-               path.equals("/api/auth/refresh") ||
                path.startsWith("/api/public/") ||
-               path.startsWith("/api/redis-test/") ||
-               path.startsWith("/swagger-") ||
                path.startsWith("/v3/api-docs") ||
                path.equals("/actuator/health") ||
                path.startsWith("/h2-console");
diff --git a/backend/src/test/java/com/ai/lawyer/domain/member/service/MemberServiceTest.java b/backend/src/test/java/com/ai/lawyer/domain/member/service/MemberServiceTest.java
@@ -652,6 +652,7 @@ void verifyPassword_Success() {
 
         given(memberRepository.findByLoginId(loginId)).willReturn(Optional.of(member));
         given(passwordEncoder.matches(password, member.getPassword())).willReturn(true);
+        doNothing().when(emailAuthService).markPasswordVerified(loginId);
         log.info("Mock 설정 완료: 회원 존재, 비밀번호 일치");
 
         // when
@@ -666,6 +667,8 @@ void verifyPassword_Success() {
         log.info("회원 존재 여부 조회 호출 확인");
         verify(passwordEncoder).matches(password, member.getPassword());
         log.info("비밀번호 일치 여부 검증 호출 확인");
+        verify(emailAuthService).markPasswordVerified(loginId);
+        log.info("Redis에 비밀번호 검증 성공 표시 저장 호출 확인");
         log.info("=== 비밀번호 검증 성공 테스트 완료 ===");
     }
 
@@ -685,6 +688,7 @@ void verifyPassword_Fail_PasswordMismatch() {
         assertThat(result).as("비밀번호 불일치로 검증 실패").isFalse();
         verify(memberRepository).findByLoginId(loginId);
         verify(passwordEncoder).matches(password, member.getPassword());
+        verify(emailAuthService, never()).markPasswordVerified(anyString());
     }
 
     @Test
