fix : 전화번호 중복 검증 추가 #652

backend/core/src/main/java/site/timecapsulearchive/core/domain/auth/exception/PhoneDuplicationException.java

@@ -0,0 +1,11 @@
+package site.timecapsulearchive.core.domain.auth.exception;
+
+import site.timecapsulearchive.core.global.error.ErrorCode;
+import site.timecapsulearchive.core.global.error.exception.BusinessException;
+
+public class PhoneDuplicationException extends BusinessException {
+
+    public PhoneDuplicationException() {
+        super(ErrorCode.PHONE_DUPLICATION_ERROR);
+    }
+}

backend/core/src/main/java/site/timecapsulearchive/core/domain/auth/service/MessageVerificationService.java

@@ -9,7 +9,9 @@
 import site.timecapsulearchive.core.domain.auth.data.dto.VerificationMessageSendDto;
 import site.timecapsulearchive.core.domain.auth.exception.CertificationNumberNotFoundException;
 import site.timecapsulearchive.core.domain.auth.exception.CertificationNumberNotMatchException;
+import site.timecapsulearchive.core.domain.auth.exception.PhoneDuplicationException;
 import site.timecapsulearchive.core.domain.auth.repository.MessageAuthenticationCacheRepository;
+import site.timecapsulearchive.core.domain.member.repository.MemberRepository;
 import site.timecapsulearchive.core.global.security.encryption.HashEncryptionManager;
 import site.timecapsulearchive.core.infra.sms.data.response.SmsApiResponse;
 import site.timecapsulearchive.core.infra.sms.manager.SmsApiManager;
@@ -27,6 +29,7 @@ public class MessageVerificationService {
     private final MessageAuthenticationCacheRepository messageAuthenticationCacheRepository;
     private final SmsApiManager smsApiManager;
     private final HashEncryptionManager hashEncryptionManager;
+    private final MemberRepository memberRepository;
 
     /**
      * 사용자 아이디와 수신자 핸드폰을 받아서 인증번호를 발송한다.
@@ -40,13 +43,18 @@ public VerificationMessageSendDto sendVerificationMessage(
         final String receiver,
         final String appHashKey
     ) {
+        final byte[] plain = receiver.getBytes(StandardCharsets.UTF_8);
+        byte[] encrypt = hashEncryptionManager.encrypt(plain);
+
+        boolean isDuplicated = memberRepository.checkPhoneHashDuplication(encrypt);
+        if (isDuplicated) {
+            throw new PhoneDuplicationException();
+        }
+
         final String code = generateRandomCode();
         final String message = generateMessage(code, appHashKey);
         final SmsApiResponse apiResponse = smsApiManager.sendMessage(receiver, message);
 
-        final byte[] plain = receiver.getBytes(StandardCharsets.UTF_8);
-        byte[] encrypt = hashEncryptionManager.encrypt(plain);
-
         messageAuthenticationCacheRepository.save(memberId, encrypt, code);
 
         return VerificationMessageSendDto.success(apiResponse.resultCode(),

backend/core/src/main/java/site/timecapsulearchive/core/domain/member/repository/MemberQueryRepository.java

@@ -31,4 +31,5 @@ Optional<VerifiedCheckDto> findVerifiedCheckDtoByAuthIdAndSocialType(
 
     Optional<ByteArrayWrapper> findMemberPhoneHash(final Long memberId);
 
+    boolean checkPhoneHashDuplication(byte[] encrypt);
 }

backend/core/src/main/java/site/timecapsulearchive/core/domain/member/repository/MemberQueryRepositoryImpl.java

@@ -151,4 +151,14 @@ public Optional<ByteArrayWrapper> findMemberPhoneHash(final Long memberId) {
 
         return Optional.empty();
     }
+
+    @Override
+    public boolean checkPhoneHashDuplication(final byte[] encrypt) {
+        final Integer count = jpaQueryFactory.selectOne()
+            .from(member)
+            .where(member.phoneHash.eq(encrypt))
+            .fetchFirst();
+
+        return count != null;
+    }
 }

backend/core/src/main/java/site/timecapsulearchive/core/global/error/ErrorCode.java

@@ -23,6 +23,7 @@ public enum ErrorCode {
     AUTHENTICATION_ERROR(401, "AUTH-003", "인증에 실패했습니다. 인증 수단이 유효한지 확인하세요."),
     AUTHORIZATION_ERROR(403, "AUTH-004", "권한이 존재하지 않습니다."),
     CREDENTIALS_NOT_MATCHED_ERROR(401, "AUTH-005", "이메일과 비밀번호 인증에 실패했습니다."),
+    PHONE_DUPLICATION_ERROR(400, "AUTH-006", "중복된 전화번호입니다."),
 
     //message
     TOO_MANY_REQUEST_ERROR(429, "MESSAGE-001", "너무 많은 인증 메시지를 요청했습니다. 24시간 후 요청해주세요."),

backend/core/src/test/java/site/timecapsulearchive/core/domain/auth/service/MessageVerificationServiceTest.java

@@ -14,7 +14,9 @@
 import site.timecapsulearchive.core.domain.auth.data.dto.VerificationMessageSendDto;
 import site.timecapsulearchive.core.domain.auth.exception.CertificationNumberNotFoundException;
 import site.timecapsulearchive.core.domain.auth.exception.CertificationNumberNotMatchException;
+import site.timecapsulearchive.core.domain.auth.exception.PhoneDuplicationException;
 import site.timecapsulearchive.core.domain.auth.repository.MessageAuthenticationCacheRepository;
+import site.timecapsulearchive.core.domain.member.repository.MemberRepository;
 import site.timecapsulearchive.core.infra.sms.manager.SmsApiManager;
 
 class MessageVerificationServiceTest {
@@ -26,16 +28,33 @@ class MessageVerificationServiceTest {
     private final MessageAuthenticationCacheRepository messageAuthenticationCacheRepository = mock(
         MessageAuthenticationCacheRepository.class);
     private final SmsApiManager smsApiManager = UnitTestDependency.smsApiManager();
+    private final MemberRepository memberRepository = mock(MemberRepository.class);
 
     private final MessageVerificationService messageVerificationService = new MessageVerificationService(
         messageAuthenticationCacheRepository,
         smsApiManager,
-        UnitTestDependency.hashEncryptionManager()
+        UnitTestDependency.hashEncryptionManager(),
+        memberRepository
     );
 
+    @Test
+    void 중복된_번호가_있으면_예외가_발생한다() {
+        // given
+        given(memberRepository.checkPhoneHashDuplication(any())).willReturn(true);
+
+        // when
+        // then
+        assertThatThrownBy(
+            () -> messageVerificationService.sendVerificationMessage(MEMBER_ID, RECEIVER,
+                APP_HASH_KEY))
+            .isInstanceOf(PhoneDuplicationException.class);
+    }
+
     @Test
     void 인증번호를_전송하면_성공한다() {
         //given
+        given(memberRepository.checkPhoneHashDuplication(any())).willReturn(false);
+
         //when
         VerificationMessageSendDto verificationMessageSendDto = messageVerificationService.sendVerificationMessage(
             MEMBER_ID, RECEIVER, APP_HASH_KEY);