From dad8eb9da13692dba2291074119cd8e1fb7a0e09 Mon Sep 17 00:00:00 2001 From: kjh2064 Date: Tue, 7 Jul 2026 23:44:21 +0900 Subject: [PATCH] Remove local login bypass --- README.md | 2 -- docs/ENGINEERING_HARNESS.md | 4 ++-- src/TaxBaik.Web/Services/AuthService.cs | 27 ------------------------- 3 files changed, 2 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 90f362c..4bc835b 100644 --- a/README.md +++ b/README.md @@ -136,8 +136,6 @@ dotnet watch run --project .\src\TaxBaik.Web\TaxBaik.Web.csproj - **username**: `admin` - **password**: `` or current rotated admin password -- 개발 환경에서는 `test_admin / admin123` 로도 로그인 가능 - > ⚠️ **중요**: 프로덕션 배포 시 비밀번호 변경 필수이며, 검증용 비밀번호는 Gitea Secrets로 관리 --- diff --git a/docs/ENGINEERING_HARNESS.md b/docs/ENGINEERING_HARNESS.md index 251d20d..1bda597 100644 --- a/docs/ENGINEERING_HARNESS.md +++ b/docs/ENGINEERING_HARNESS.md @@ -64,8 +64,8 @@ dotnet watch run --project .\src\TaxBaik.Web\TaxBaik.Web.csproj - [`src/TaxBaik.Web/appsettings.json`](/D:/JobRoomz/taxbaik/src/TaxBaik.Web/appsettings.json) - [`src/TaxBaik.Web/appsettings.Development.json`](/D:/JobRoomz/taxbaik/src/TaxBaik.Web/appsettings.Development.json) - 로그인 검증: - - 개발 우회 계정 `test_admin / admin123` - - 또는 로컬 DB의 `admin` 계정 + - 로컬 DB의 실제 관리자 계정 + - 로그인 실패 시 DB 연결 오류와 자격 증명 오류를 구분해서 본다 ### Production diff --git a/src/TaxBaik.Web/Services/AuthService.cs b/src/TaxBaik.Web/Services/AuthService.cs index 23badc0..ee54710 100644 --- a/src/TaxBaik.Web/Services/AuthService.cs +++ b/src/TaxBaik.Web/Services/AuthService.cs @@ -46,18 +46,6 @@ public class AuthService } catch (Exception ex) when (_environment.IsDevelopment()) { - if (IsLocalE2ETestCredentials(username, password)) - { - _logger.LogWarning(ex, "개발 환경에서 DB 없이 로컬 E2E 관리자 로그인 허용: {Username}", username); - return AuthResult.Success(GenerateTokenPair(new AdminUser - { - Id = 0, - Username = username, - PasswordHash = string.Empty, - CreatedAt = DateTime.UtcNow - })); - } - _logger.LogWarning(ex, "개발 환경에서 관리자 로그인 DB 조회 실패: {Username}", username); return AuthResult.DatabaseUnavailable(); } @@ -70,18 +58,6 @@ public class AuthService if (user == null) { _logger.LogWarning("로그인 시도: 존재하지 않는 사용자 '{Username}'", username); - if (_environment.IsDevelopment() && IsLocalE2ETestCredentials(username, password)) - { - _logger.LogWarning("개발 환경에서 시드 계정 없이 로컬 E2E 관리자 로그인 허용: {Username}", username); - return AuthResult.Success(GenerateTokenPair(new AdminUser - { - Id = 0, - Username = username, - PasswordHash = string.Empty, - CreatedAt = DateTime.UtcNow - })); - } - return AuthResult.InvalidCredentials(); } @@ -265,9 +241,6 @@ public class AuthService && System.Security.Cryptography.CryptographicOperations.FixedTimeEquals(valueBytes, expectedBytes); } - private static bool IsLocalE2ETestCredentials(string username, string password) => - string.Equals(username, "test_admin", StringComparison.OrdinalIgnoreCase) && - string.Equals(password, "admin123", StringComparison.Ordinal); } public class AuthTokenPair(string accessToken, string refreshToken, int expiresIn)