diff --git a/app/Http/Middleware/EnsurePasswordChanged.php b/app/Http/Middleware/EnsurePasswordChanged.php new file mode 100644 index 00000000..64a43c2f --- /dev/null +++ b/app/Http/Middleware/EnsurePasswordChanged.php @@ -0,0 +1,39 @@ +user(); + + // 로그인한 사용자가 비밀번호 변경이 필요한 경우 + if ($user && $user->must_change_password) { + // 프로필 관련 라우트는 허용 (무한 리다이렉트 방지) + if ($request->routeIs('profile.*')) { + return $next($request); + } + + // 로그아웃 라우트는 허용 + if ($request->routeIs('logout')) { + return $next($request); + } + + // 그 외 모든 요청은 프로필 페이지로 리다이렉트 + return redirect()->route('profile.index') + ->with('warning', '보안을 위해 비밀번호를 변경해주세요.'); + } + + return $next($request); + } +} diff --git a/app/Models/User.php b/app/Models/User.php index 4b001565..6e7bb039 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -25,6 +25,7 @@ class User extends Authenticatable 'email', 'phone', 'password', + 'must_change_password', 'options', 'profile_photo_path', 'role', @@ -60,6 +61,7 @@ protected function casts(): array 'options' => 'array', 'is_active' => 'boolean', 'is_super_admin' => 'boolean', + 'must_change_password' => 'boolean', ]; } diff --git a/app/Services/ProfileService.php b/app/Services/ProfileService.php index d71d6e12..27b046dc 100644 --- a/app/Services/ProfileService.php +++ b/app/Services/ProfileService.php @@ -40,8 +40,9 @@ public function changePassword(User $user, string $currentPassword, string $newP ]; } - // 비밀번호 업데이트 + // 비밀번호 업데이트 + 비밀번호 변경 필요 플래그 해제 $user->password = Hash::make($newPassword); + $user->must_change_password = false; $user->updated_by = $user->id; $user->save(); diff --git a/app/Services/UserService.php b/app/Services/UserService.php index b360f689..41c8cffd 100644 --- a/app/Services/UserService.php +++ b/app/Services/UserService.php @@ -95,6 +95,9 @@ public function createUser(array $data): User // is_active 처리 $data['is_active'] = isset($data['is_active']) && $data['is_active'] == '1'; + // 최초 로그인 시 비밀번호 변경 필요 + $data['must_change_password'] = true; + // 생성자 정보 $data['created_by'] = auth()->id(); @@ -136,8 +139,9 @@ public function resetPassword(int $id): bool // 임의 비밀번호 생성 $plainPassword = $this->generateRandomPassword(); - // 비밀번호 업데이트 + // 비밀번호 업데이트 + 비밀번호 변경 필요 플래그 $user->password = Hash::make($plainPassword); + $user->must_change_password = true; $user->updated_by = auth()->id(); $user->save(); diff --git a/bootstrap/app.php b/bootstrap/app.php index acfa7c9c..c81249de 100644 --- a/bootstrap/app.php +++ b/bootstrap/app.php @@ -17,6 +17,7 @@ $middleware->alias([ 'hq.member' => \App\Http\Middleware\EnsureHQMember::class, 'super.admin' => \App\Http\Middleware\EnsureSuperAdmin::class, + 'password.changed' => \App\Http\Middleware\EnsurePasswordChanged::class, ]); // auth 미들웨어 그룹에 HQ 검증 추가 diff --git a/resources/views/profile/index.blade.php b/resources/views/profile/index.blade.php index f7dbe44a..4d61c477 100644 --- a/resources/views/profile/index.blade.php +++ b/resources/views/profile/index.blade.php @@ -9,6 +9,34 @@

프로필 설정

+ + @if(auth()->user()->must_change_password) +
+
+ + + +
+

비밀번호 변경이 필요합니다

+

+ 보안을 위해 비밀번호를 변경해주세요. 비밀번호를 변경하기 전까지 다른 기능을 이용할 수 없습니다. +

+
+
+
+ @endif + + @if(session('warning')) +
+
+ + + +

{{ session('warning') }}

+
+
+ @endif +

diff --git a/routes/web.php b/routes/web.php index afbd3c03..52477155 100644 --- a/routes/web.php +++ b/routes/web.php @@ -3,15 +3,16 @@ use App\Http\Controllers\ArchivedRecordController; use App\Http\Controllers\Auth\LoginController; use App\Http\Controllers\BoardController; +use App\Http\Controllers\DailyLogController; use App\Http\Controllers\DepartmentController; use App\Http\Controllers\DevTools\FlowTesterController; use App\Http\Controllers\MenuController; use App\Http\Controllers\PermissionController; -use App\Http\Controllers\DailyLogController; +use App\Http\Controllers\PostController; +use App\Http\Controllers\ProfileController; use App\Http\Controllers\ProjectManagementController; use App\Http\Controllers\RoleController; use App\Http\Controllers\RolePermissionController; -use App\Http\Controllers\ProfileController; use App\Http\Controllers\TenantController; use App\Http\Controllers\UserController; use Illuminate\Support\Facades\Route; @@ -35,7 +36,7 @@ | - hq.member: 본사(HQ) 테넌트 소속 확인 */ -Route::middleware(['auth', 'hq.member'])->group(function () { +Route::middleware(['auth', 'hq.member', 'password.changed'])->group(function () { Route::post('/logout', [LoginController::class, 'logout'])->name('logout'); // 테넌트 전환 @@ -95,6 +96,17 @@ Route::get('/', [BoardController::class, 'index'])->name('index'); Route::get('/create', [BoardController::class, 'create'])->name('create'); Route::get('/{id}/edit', [BoardController::class, 'edit'])->name('edit'); + + // 게시글 CRUD (board 하위 중첩 라우트) + Route::prefix('{board}/posts')->name('posts.')->group(function () { + Route::get('/', [PostController::class, 'index'])->name('index'); + Route::get('/create', [PostController::class, 'create'])->name('create'); + Route::post('/', [PostController::class, 'store'])->name('store'); + Route::get('/{post}', [PostController::class, 'show'])->name('show'); + Route::get('/{post}/edit', [PostController::class, 'edit'])->name('edit'); + Route::put('/{post}', [PostController::class, 'update'])->name('update'); + Route::delete('/{post}', [PostController::class, 'destroy'])->name('destroy'); + }); }); // 역할 권한 관리 (Blade 화면만)