Merge pull request '미사용 계정 로그인 메시지 변경, 로그아웃 수정, 패스워드 변경 수정' (#61) from feat/dev_251201 into develop

Reviewed-on: https://kamco.gitea.gs.dabeeo.com/dabeeo/kamco-dabeeo-backoffice/pulls/61

src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java

@@ -11,6 +11,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 @Component
@@ -19,6 +20,10 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
   private final JwtTokenProvider jwtTokenProvider;
   private final UserDetailsService userDetailsService;
+  private static final AntPathMatcher PATH_MATCHER = new AntPathMatcher();
+  private static final String[] EXCLUDE_PATHS = {
+    "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout", "/api/members/*/password"
+  };
 
   @Override
   protected void doFilterInternal(
@@ -44,10 +49,12 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     String path = request.getServletPath();
 
     // JWT 필터를 타지 않게 할 URL 패턴들
-    return path.startsWith("/api/auth/signin")
-        || path.startsWith("/api/auth/refresh")
-        || path.startsWith("/api/auth/logout")
-        || path.startsWith("/api/members/*/password");
+    for (String pattern : EXCLUDE_PATHS) {
+      if (PATH_MATCHER.match(pattern, path)) {
+        return true;
+      }
+    }
+    return false;
   }
 
   // /api/members/{memberId}/password

src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java

@@ -69,6 +69,7 @@ public class SecurityConfig {
                     .requestMatchers(
                         "/api/auth/signin",
                         "/api/auth/refresh",
+                        "/api/auth/logout",
                         "/swagger-ui/**",
                         "/api/members/*/password",
                         "/v3/api-docs/**")

src/main/java/com/kamco/cd/kamcoback/config/api/ApiResponseDto.java

@@ -167,7 +167,7 @@ public class ApiResponseDto<T> {
     LOGIN_ID_NOT_FOUND("아이디를 잘못 입력하셨습니다."),
     LOGIN_PASSWORD_MISMATCH("비밀번호를 잘못 입력하셨습니다."),
     LOGIN_PASSWORD_EXCEEDED("비밀번호 오류 횟수를 초과하여 이용하실 수 없습니다.\n로그인 오류에 대해 관리자에게 문의하시기 바랍니다."),
-    INACTIVE_ID("미사용 아이디 입니다."),
+    INACTIVE_ID("사용할 수 없는 계정입니다."),
     INVALID_EMAIL_TOKEN(
         "You can only reset your password within 24 hours from when the email was sent.\n"
             + "To reset your password again, please submit a new request through \"Forgot"

src/main/java/com/kamco/cd/kamcoback/members/AuthController.java

@@ -205,7 +205,7 @@ public class AuthController {
     @ApiResponse(
         responseCode = "200",
         description = "로그아웃 성공",
-        content = @Content(schema = @Schema(implementation = Void.class)))
+        content = @Content(schema = @Schema(implementation = Object.class)))
   })
   public ApiResponseDto<ResponseEntity<Object>> logout(
       Authentication authentication, HttpServletResponse response) {

src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java

@@ -111,7 +111,7 @@ public class MembersCoreService {
     }
 
     String password =
-        CommonStringUtils.hashPassword(initReq.getOldPassword(), memberEntity.getEmployeeNo());
+        CommonStringUtils.hashPassword(initReq.getNewPassword(), memberEntity.getEmployeeNo());
 
     memberEntity.setPassword(password);
     memberEntity.setStatus(StatusType.ACTIVE.getId());