1、解决未注册手机号会被枚举用户问题

menduner/menduner-system-api/src/main/java/com/citu/module/menduner/system/enums/ErrorCodeConstants.java

@@ -182,6 +182,8 @@ public interface ErrorCodeConstants {
     ErrorCode MDE_USER_PHONE_INIT_PASSWORD=
             new ErrorCode(1_100_017_022, "密码不安全,请修改密码后登录");
 
+    ErrorCode MDE_USER_PHONE_NOT_EXISTS_ERROR = new ErrorCode(1_100_017_023, "手机号尝试多次,请8个小时后重试");
+
     // ========== 角色模块 1_100_018_000 ==========
     ErrorCode MDE_ROLE_NOT_EXISTS = new ErrorCode(1_100_018_001, "角色不存在");
     ErrorCode MDE_ROLE_NAME_DUPLICATE = new ErrorCode(1_100_018_002, "已经存在名为【{}】的角色");

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/controller/app/jobhunt/user/AppMdeUserController.java

@@ -47,7 +47,8 @@ public class AppMdeUserController {
     @Parameter(name = "id", description = "编号", required = true, example = "1024")
     @ApiSignature(timeout = 30)
     @PreAuthenticated
-    public CommonResult<AppMdeUserRespVO> getMdeUser(@RequestParam("id") Long id) {
+    public CommonResult<AppMdeUserRespVO> getMdeUser() {
+        Long id = LoginUserContext.getUserId();
         MdeUserDO mdeUser = mdeUserService.getMdeUser(id);
         AppMdeUserRespVO resp = BeanUtils.toBean(mdeUser, AppMdeUserRespVO.class);
         resp.setEntitlement(BeanUtils.toBean(userEntitlementService.getByUserId(id), UserEntitlementRespVO.class));

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/dal/redis/RedisKeyConstants.java

@@ -154,6 +154,14 @@ public interface RedisKeyConstants {
      **/
     String MDE_AUTH_USER_PWD_LOCK = "mde_auth_user_pwd_lock:%s";
 
+    /**
+     * 手机号枚举（一个ip一个手机号）
+     * <p>
+     * KEY 格式：mde_auth_user_phone_enum:{phone}
+     * VALUE 数据类型：String
+     **/
+    String MDE_AUTH_USER_PHONE_ENUM = "mde_auth_user_phone_enum:%s";
+
     /**
      * 企业用户密码错误多次锁定
      * <p>

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/service/auth/MdeAuthServiceImpl.java

@@ -54,8 +54,7 @@ import java.util.concurrent.TimeUnit;
 import static com.citu.framework.common.exception.util.ServiceExceptionUtil.exception;
 import static com.citu.framework.common.util.servlet.ServletUtils.getClientIP;
 import static com.citu.framework.web.core.util.WebFrameworkUtils.getTerminal;
-import static com.citu.module.menduner.system.dal.redis.RedisKeyConstants.MDE_AUTH_USER_PWD_LOCK;
-import static com.citu.module.menduner.system.dal.redis.RedisKeyConstants.MDE_AUTH_USER_SMS_CODE_LOCK;
+import static com.citu.module.menduner.system.dal.redis.RedisKeyConstants.*;
 import static com.citu.module.menduner.system.enums.ErrorCodeConstants.*;
 
 /**
@@ -145,8 +144,21 @@ public class MdeAuthServiceImpl implements MdeAuthService {
         // 校验账号是否存在
         MdeUserDO user = userService.getUserByPhone(account);
         if (null == user) {
+            String num =
+                    redisTemplate.opsForValue()
+                            .get(String.format(MDE_AUTH_USER_PHONE_ENUM, account));
+            Integer numInt = Integer.parseInt(null == num ? "0" : num) + 1;
+
+            redisTemplate.opsForValue()
+                    .set(String.format(MDE_AUTH_USER_PHONE_ENUM, account), String.valueOf(numInt), 8, TimeUnit.HOURS);
+
             createLoginLog(null, account, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
-            throw exception(MDE_USER_MOBILE_NOT_EXISTS);
+            if (numInt >= 5) {
+                // 8个小时内输错5次 锁定
+                throw exception(MDE_USER_PHONE_NOT_EXISTS_ERROR);
+            } else {
+                throw exception(MDE_USER_MOBILE_NOT_EXISTS);
+            }
         }
         // 校验是否禁用
         if (ObjectUtil.notEqual(user.getStatus(), MendunerStatusEnum.ENABLE.getStatus())) {

menduner/menduner-system-biz/src/main/resources/i18n/messages_en_US.properties

@@ -144,6 +144,7 @@
 1_100_017_020=Email verification code incorrect
 1_100_017_021=This is your first login, and the initialization password has been sent to your email
 1_100_017_022=Password is not secure, please change your password and log in
+1_100_017_023=Phone number tried multiple times, please try again after 8 hours
 # ========== 角色模块 1_100_018_000 ==========
 1_100_018_001=Character does not exist
 1_100_018_002=A role named [{}] already exists

menduner/menduner-system-biz/src/main/resources/i18n/messages_zh_CN.properties

@@ -144,6 +144,7 @@
 1_100_017_020=邮箱验证码不正确
 1_100_017_021=您是首次登录,初始化密码已发往您的邮箱
 1_100_017_022=密码不安全,请修改密码后登录
+1_100_017_023=手机号尝试多次,请8个小时后重试
 # ========== 角色模块 1_100_018_000 ==========
 1_100_018_001=角色不存在
 1_100_018_002=已经存在名为【{}】的角色