From 920c98a8f833a665a770d98b95bb16b41915bce5 Mon Sep 17 00:00:00 2001 From: kyy Date: Tue, 27 Jan 2026 15:11:55 +0900 Subject: [PATCH 1/3] =?UTF-8?q?=ED=9A=8C=EC=9B=90=EA=B0=80=EC=9E=85=20Desc?= =?UTF-8?q?ope=20=EB=B9=84=EB=B0=80=EB=B2=88=ED=98=B8=20=EC=A0=95=EC=B1=85?= =?UTF-8?q?=20=EB=8F=99=EA=B8=B0=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/presentation/signup_screen.dart | 69 ++++++++++++++++--- 1 file changed, 58 insertions(+), 11 deletions(-) diff --git a/frontend/lib/features/auth/presentation/signup_screen.dart b/frontend/lib/features/auth/presentation/signup_screen.dart index bf705a41..82cfb6b7 100644 --- a/frontend/lib/features/auth/presentation/signup_screen.dart +++ b/frontend/lib/features/auth/presentation/signup_screen.dart @@ -35,6 +35,8 @@ class _SignupScreenState extends State { bool _termsAccepted = false; bool _privacyAccepted = false; bool _isLoading = false; + Map? _policy; + bool _isPolicyLoading = false; // Inline Errors String? _emailError; @@ -58,6 +60,24 @@ class _SignupScreenState extends State { 'baroncs.co.kr': 'BARON', }; + @override + void initState() { + super.initState(); + _loadPolicy(); + } + + Future _loadPolicy() async { + setState(() => _isPolicyLoading = true); + try { + final policy = await AuthProxyService.fetchPasswordPolicy(); + if (mounted) setState(() => _policy = policy); + } catch (_) { + // Ignore errors, will use defaults + } finally { + if (mounted) setState(() => _isPolicyLoading = false); + } + } + @override void dispose() { _emailTimer?.cancel(); @@ -757,13 +777,40 @@ class _SignupScreenState extends State { ); } + String _buildPolicyDescription() { + if (_isPolicyLoading) { + return "비밀번호 정책을 불러오는 중입니다..."; + } + final minLength = (_policy?['minLength'] as int?) ?? 8; + final requiresLower = _policy?['lowercase'] ?? true; + final requiresUpper = _policy?['uppercase'] ?? true; + final requiresNumber = _policy?['number'] ?? true; + final requiresSymbol = _policy?['nonAlphanumeric'] ?? true; + + final parts = ["최소 $minLength자 이상"]; + if (requiresUpper) parts.add("대문자"); + if (requiresLower) parts.add("소문자"); + if (requiresNumber) parts.add("숫자"); + if (requiresSymbol) parts.add("특수문자"); + + return "보안 정책: ${parts.join(', ')}를 각각 최소 1자 이상 포함해야 합니다."; + } + Widget _buildStepPassword() { String p = _passwordController.text; - bool hasUpper = p.contains(RegExp(r'[A-Z]')); - bool hasLower = p.contains(RegExp(r'[a-z]')); - bool hasDigit = p.contains(RegExp(r'[0-9]')); - bool hasSpecial = p.contains(RegExp(r'[!@#$%^&*(),.?":{}|<>]')); - bool hasLength = p.length >= 12; + + // Default Policy Fallback + final minLength = (_policy?['minLength'] as int?) ?? 8; + final requiresLower = _policy?['lowercase'] ?? true; + final requiresUpper = _policy?['uppercase'] ?? true; + final requiresNumber = _policy?['number'] ?? true; + final requiresSymbol = _policy?['nonAlphanumeric'] ?? true; + + bool hasLength = p.length >= minLength; + bool hasUpper = !requiresUpper || p.contains(RegExp(r'[A-Z]')); + bool hasLower = !requiresLower || p.contains(RegExp(r'[a-z]')); + bool hasDigit = !requiresNumber || p.contains(RegExp(r'[0-9]')); + bool hasSpecial = !requiresSymbol || p.contains(RegExp(r'[!@#$%^&*(),.?":{}|<>]')); return Column( crossAxisAlignment: CrossAxisAlignment.stretch, @@ -780,7 +827,7 @@ class _SignupScreenState extends State { const SizedBox(width: 10), Expanded( child: Text( - '보안 정책: 12자 이상, 대문자/소문자/숫자/특수문자를 각각 최소 1자 이상 포함해야 합니다.', + _buildPolicyDescription(), style: TextStyle(fontSize: 12, color: Colors.blue[800], fontWeight: FontWeight.w500), ), ), @@ -802,11 +849,11 @@ class _SignupScreenState extends State { Wrap( spacing: 10, children: [ - _cryptoCheck('12자 이상', hasLength), - _cryptoCheck('대문자', hasUpper), - _cryptoCheck('소문자', hasLower), - _cryptoCheck('숫자', hasDigit), - _cryptoCheck('특수문자', hasSpecial), + _cryptoCheck('$minLength자 이상', hasLength), + if (requiresUpper) _cryptoCheck('대문자', hasUpper), + if (requiresLower) _cryptoCheck('소문자', hasLower), + if (requiresNumber) _cryptoCheck('숫자', hasDigit), + if (requiresSymbol) _cryptoCheck('특수문자', hasSpecial), ], ), const SizedBox(height: 16), From 1f7835f5a90be79d8d949ba35bf186f6c3e87a8c Mon Sep 17 00:00:00 2001 From: kyy Date: Tue, 27 Jan 2026 15:37:55 +0900 Subject: [PATCH 2/3] =?UTF-8?q?=EB=B9=84=EB=B0=80=EB=B2=88=ED=98=B8=20?= =?UTF-8?q?=EC=A0=95=EC=B1=85=20=EC=9C=A0=ED=9A=A8=EC=84=B1=20=EA=B2=80?= =?UTF-8?q?=EC=82=AC=20=EC=9D=B4=EC=8A=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/internal/handler/auth_handler.go | 122 +++++++++-------------- 1 file changed, 49 insertions(+), 73 deletions(-) diff --git a/backend/internal/handler/auth_handler.go b/backend/internal/handler/auth_handler.go index 020506f0..95f63389 100644 --- a/backend/internal/handler/auth_handler.go +++ b/backend/internal/handler/auth_handler.go @@ -749,44 +749,6 @@ func (h *AuthHandler) PasswordLogin(c *fiber.Ctx) error { ale.Log(slog.LevelInfo, "Attempting to login") - // Validate password complexity before sending to Descope - password := req.Password - if len(password) < 8 { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must be at least 8 characters long" - ale.Log(slog.LevelWarn, "Validation failed: password too short") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must be at least 8 characters long"}) - } - if ok, _ := regexp.MatchString(`[a-z]`, password); !ok { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must contain at least one lowercase letter" - ale.Log(slog.LevelWarn, "Validation failed: no lowercase letter") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one lowercase letter"}) - } - if ok, _ := regexp.MatchString(`[A-Z]`, password); !ok { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must contain at least one uppercase letter" - ale.Log(slog.LevelWarn, "Validation failed: no uppercase letter") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one uppercase letter"}) - } - if ok, _ := regexp.MatchString(`[0-9]`, password); !ok { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must contain at least one number" - ale.Log(slog.LevelWarn, "Validation failed: no number") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one number"}) - } - if ok, _ := regexp.MatchString(`[\W_]`, password); !ok { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must contain at least one special character" - ale.Log(slog.LevelWarn, "Validation failed: no special character") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one special character"}) - } - if h.DescopeClient == nil { ale.Status = fiber.StatusInternalServerError ale.LatencyMs = time.Since(startTime) @@ -1076,41 +1038,55 @@ func (h *AuthHandler) CompletePasswordReset(c *fiber.Ctx) error { // 디버깅을 위해 요청된 새 비밀번호를 로그로 출력 ale.Log(slog.LevelInfo, "Received new password for reset") - // Validate password complexity - if len(req.NewPassword) < 8 { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must be at least 8 characters long" - ale.Log(slog.LevelWarn, "Validation failed: password too short") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must be at least 8 characters long"}) - } - if ok, _ := regexp.MatchString(`[a-z]`, req.NewPassword); !ok { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must contain at least one lowercase letter" - ale.Log(slog.LevelWarn, "Validation failed: no lowercase letter") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one lowercase letter"}) - } - if ok, _ := regexp.MatchString(`[A-Z]`, req.NewPassword); !ok { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must contain at least one uppercase letter" - ale.Log(slog.LevelWarn, "Validation failed: no uppercase letter") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one uppercase letter"}) - } - if ok, _ := regexp.MatchString(`[0-9]`, req.NewPassword); !ok { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must contain at least one number" - ale.Log(slog.LevelWarn, "Validation failed: no number") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one number"}) - } - if ok, _ := regexp.MatchString(`[\W_]`, req.NewPassword); !ok { - ale.Status = fiber.StatusBadRequest - ale.LatencyMs = time.Since(startTime) - ale.DescopeError = "Password must contain at least one special character" - ale.Log(slog.LevelWarn, "Validation failed: no special character") - return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one special character"}) + // Validate password complexity dynamically based on Descope policy + policy, err := h.DescopeClient.Auth.Password().GetPasswordPolicy(context.Background()) + if err != nil { + // If policy fetch fails, log warning and proceed (or fallback to basic check) + ale.Log(slog.LevelWarn, "Failed to fetch password policy, skipping dynamic validation: "+err.Error()) + } else { + if len(req.NewPassword) < int(policy.MinLength) { + ale.Status = fiber.StatusBadRequest + ale.LatencyMs = time.Since(startTime) + ale.DescopeError = fmt.Sprintf("Password must be at least %d characters long", policy.MinLength) + ale.Log(slog.LevelWarn, "Validation failed: password too short") + return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": ale.DescopeError}) + } + if policy.Lowercase { + if ok, _ := regexp.MatchString(`[a-z]`, req.NewPassword); !ok { + ale.Status = fiber.StatusBadRequest + ale.LatencyMs = time.Since(startTime) + ale.DescopeError = "Password must contain at least one lowercase letter" + ale.Log(slog.LevelWarn, "Validation failed: no lowercase letter") + return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one lowercase letter"}) + } + } + if policy.Uppercase { + if ok, _ := regexp.MatchString(`[A-Z]`, req.NewPassword); !ok { + ale.Status = fiber.StatusBadRequest + ale.LatencyMs = time.Since(startTime) + ale.DescopeError = "Password must contain at least one uppercase letter" + ale.Log(slog.LevelWarn, "Validation failed: no uppercase letter") + return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one uppercase letter"}) + } + } + if policy.Number { + if ok, _ := regexp.MatchString(`[0-9]`, req.NewPassword); !ok { + ale.Status = fiber.StatusBadRequest + ale.LatencyMs = time.Since(startTime) + ale.DescopeError = "Password must contain at least one number" + ale.Log(slog.LevelWarn, "Validation failed: no number") + return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one number"}) + } + } + if policy.NonAlphanumeric { + if ok, _ := regexp.MatchString(`[\W_]`, req.NewPassword); !ok { + ale.Status = fiber.StatusBadRequest + ale.LatencyMs = time.Since(startTime) + ale.DescopeError = "Password must contain at least one special character" + ale.Log(slog.LevelWarn, "Validation failed: no special character") + return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Password must contain at least one special character"}) + } + } } ale.Log(slog.LevelInfo, "Attempting to update password via Descope Auth API") From 5c24e6eb4ed1d1ca427b3c00fc09d643ecb622db Mon Sep 17 00:00:00 2001 From: kyy Date: Tue, 27 Jan 2026 15:44:28 +0900 Subject: [PATCH 3/3] =?UTF-8?q?=EB=B6=88=ED=95=84=EC=9A=94=ED=95=9C=20?= =?UTF-8?q?=ED=8C=8C=EC=9D=BC=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gemini/settings.json | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 .gemini/settings.json diff --git a/.gemini/settings.json b/.gemini/settings.json deleted file mode 100644 index b9cfd51a..00000000 --- a/.gemini/settings.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "general": { - "previewFeatures": true - } -} \ No newline at end of file