fix: 비밀번호 초기화시 "reset-password"라는 목적인지 검증하도록 수정

Solucitation · Jul 23, 2024 · b4734b0 · b4734b0
1 parent e30155f
commit b4734b0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/com/solucitation/midpoint_backend/domain/member/api/MemberController.java b/src/main/java/com/solucitation/midpoint_backend/domain/member/api/MemberController.java
@@ -122,7 +122,7 @@ public ResponseEntity<?> refreshAccessToken(@RequestHeader("Authorization") Stri
     @PostMapping("/reset-pw")
     public ResponseEntity<?> resetPassword(@RequestHeader("X-Reset-Password-Token") String resetToken, @RequestBody @Valid ResetPwRequestDto resetPwRequestDto) {
         String token = jwtTokenProvider.resolveToken(resetToken);
-        if (!jwtTokenProvider.validateTokenByPwConfirm(token, resetToken)) {
+        if (!jwtTokenProvider.validateTokenByPwConfirm(token, "reset-password")) {
             return ResponseEntity.status(401).body(Map.of("error", "unauthorized", "message", "비밀번호를 재설정할 권한이 없습니다"));
         }
         if (!resetPwRequestDto.getNewPassword().equals(resetPwRequestDto.getNewPasswordConfirm())) {