관리자 비밀번호 변경을 Kratos 해시 업데이트 방식으로 수정

backend/internal/handler/user_handler_test.go

@@ -488,6 +488,117 @@ func TestUserHandler_UpdateUser_LoginIDSync(t *testing.T) {
 	})
 }
 
+func TestUserHandler_UpdateUser_PasswordUsesProvider(t *testing.T) {
+	app := fiber.New()
+	mockKratos := new(MockKratosAdmin)
+	mockOry := new(MockOryProvider)
+	mockTenant := new(MockTenantServiceForUser)
+	h := &UserHandler{
+		KratosAdmin:   mockKratos,
+		OryProvider:   mockOry,
+		TenantService: mockTenant,
+	}
+
+	app.Put("/users/:id", func(c *fiber.Ctx) error {
+		c.Locals("user_profile", &domain.UserProfileResponse{Role: domain.RoleSuperAdmin})
+		return h.UpdateUser(c)
+	})
+
+	userID := "u-1"
+	mockKratos.On("GetIdentity", mock.Anything, userID).Return(&service.KratosIdentity{
+		ID: userID,
+		Traits: map[string]interface{}{
+			"id":          "dyddus1210",
+			"email":       "dyddus1210@gmail.com",
+			"companyCode": "test-tenant",
+		},
+	}, nil).Once()
+
+	mockTenant.On("GetTenantBySlug", mock.Anything, "test-tenant").Return(&domain.Tenant{
+		ID:   "t-1",
+		Slug: "test-tenant",
+	}, nil)
+	mockTenant.On("ListManageableTenants", mock.Anything, userID).Return([]domain.Tenant{}, nil).Once()
+
+	mockKratos.On("UpdateIdentity", mock.Anything, userID, mock.MatchedBy(func(traits map[string]interface{}) bool {
+		return traits["id"] == "dyddus1210"
+	}), "").Return(&service.KratosIdentity{
+		ID: userID,
+		Traits: map[string]interface{}{
+			"id":    "dyddus1210",
+			"email": "dyddus1210@gmail.com",
+		},
+	}, nil).Once()
+
+	mockOry.On("UpdateUserPassword", "dyddus1210", "asdfzxcv1234!", (*http.Request)(nil)).Return(nil).Once()
+
+	payload := map[string]interface{}{
+		"password": "asdfzxcv1234!",
+	}
+	body, _ := json.Marshal(payload)
+	req := httptest.NewRequest("PUT", "/users/"+userID, bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, _ := app.Test(req)
+	assert.Equal(t, 200, resp.StatusCode)
+	mockOry.AssertExpectations(t)
+	mockKratos.AssertNotCalled(t, "UpdateIdentityPassword", mock.Anything, mock.Anything, mock.Anything)
+}
+
+func TestUserHandler_UpdateUser_PasswordFallsBackToEmail(t *testing.T) {
+	app := fiber.New()
+	mockKratos := new(MockKratosAdmin)
+	mockOry := new(MockOryProvider)
+	mockTenant := new(MockTenantServiceForUser)
+	h := &UserHandler{
+		KratosAdmin:   mockKratos,
+		OryProvider:   mockOry,
+		TenantService: mockTenant,
+	}
+
+	app.Put("/users/:id", func(c *fiber.Ctx) error {
+		c.Locals("user_profile", &domain.UserProfileResponse{Role: domain.RoleSuperAdmin})
+		return h.UpdateUser(c)
+	})
+
+	userID := "u-2"
+	mockKratos.On("GetIdentity", mock.Anything, userID).Return(&service.KratosIdentity{
+		ID: userID,
+		Traits: map[string]interface{}{
+			"email":       "dyddus1210@gmail.com",
+			"companyCode": "test-tenant",
+		},
+	}, nil).Once()
+
+	mockTenant.On("GetTenantBySlug", mock.Anything, "test-tenant").Return(&domain.Tenant{
+		ID:   "t-1",
+		Slug: "test-tenant",
+	}, nil)
+	mockTenant.On("ListManageableTenants", mock.Anything, userID).Return([]domain.Tenant{}, nil).Once()
+
+	mockKratos.On("UpdateIdentity", mock.Anything, userID, mock.MatchedBy(func(traits map[string]interface{}) bool {
+		return traits["email"] == "dyddus1210@gmail.com"
+	}), "").Return(&service.KratosIdentity{
+		ID: userID,
+		Traits: map[string]interface{}{
+			"email": "dyddus1210@gmail.com",
+		},
+	}, nil).Once()
+
+	mockOry.On("UpdateUserPassword", "dyddus1210@gmail.com", "asdfzxcv1234!", (*http.Request)(nil)).Return(nil).Once()
+
+	payload := map[string]interface{}{
+		"password": "asdfzxcv1234!",
+	}
+	body, _ := json.Marshal(payload)
+	req := httptest.NewRequest("PUT", "/users/"+userID, bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, _ := app.Test(req)
+	assert.Equal(t, 200, resp.StatusCode)
+	mockOry.AssertExpectations(t)
+}
+
 func TestUserHandler_CreateUser_LoginIDSync(t *testing.T) {
 	t.Run("Success - Sync LoginID from namespaced metadata", func(t *testing.T) {
 		app := fiber.New()