feat: 부원 일괄 비활성화 API 추가 및 온보딩 메일 파라미터 추가#119
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f8d5ac0179
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| @Transactional | ||
| public int deactivateAllActiveMembers() { | ||
| return userRepository.bulkUpdateMemberStatus(MemberStatus.ACTIVE, MemberStatus.INACTIVE); |
There was a problem hiding this comment.
Revoke refresh tokens when deactivating members
When this seasonal deactivation runs for ROLE_USER accounts that are currently logged in, their stored refresh tokens remain valid even though login now rejects non-ACTIVE users. LoginService.refresh only checks that the user is not deleted and that the Redis refresh token matches before issuing a new access token, so inactive members can keep refreshing until the refresh token expires; either invalidate the affected refresh keys here or make refresh enforce the same ACTIVE check.
Useful? React with 👍 / 👎.
🎀 PR 유형
어떤 변경 사항이 있나요?
✨ 추가/수정 내용
🎊 PR Checklist
PR이 다음 요구 사항을 충족하는지 확인하세요.