fix(auth): 활성 계정 조회 조건을 본인인증 식별 조합으로 강화한다

2026-03-05 15:38:47 +09:00
parent 94eb11ad5a
commit 70530f87fc
2 changed files with 17 additions and 4 deletions
--- a/src/main/kotlin/kr/co/vividnext/sodalive/member/auth/AuthRepository.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/member/auth/AuthRepository.kt
@@ -15,7 +15,7 @@ interface AuthQueryRepository {
    fun getMemberIdsByDi(di: String): List<Long>
    fun getMemberIdsByNameAndBirthAndDiAndGender(name: String, birth: String, di: String, gender: Int): List<Long>
    fun getAuthIdByMemberId(memberId: Long): Long?
-    fun getActiveMemberIdsByDi(di: String): List<Long>
+    fun getActiveMemberIdsByNameAndBirthAndDiAndUniqueCi(name: String, birth: String, di: String, uniqueCi: String): List<Long>
 }

 class AuthQueryRepositoryImpl(private val queryFactory: JPAQueryFactory) : AuthQueryRepository {
@@ -60,13 +60,21 @@ class AuthQueryRepositoryImpl(private val queryFactory: JPAQueryFactory) : AuthQ
            .fetchFirst()
    }

-    override fun getActiveMemberIdsByDi(di: String): List<Long> {
+    override fun getActiveMemberIdsByNameAndBirthAndDiAndUniqueCi(
+        name: String,
+        birth: String,
+        di: String,
+        uniqueCi: String
+    ): List<Long> {
        return queryFactory
            .select(member.id)
            .from(member)
            .leftJoin(member.auth, auth)
            .where(
-                auth.di.eq(di)
+                auth.name.eq(name)
+                    .and(auth.birth.eq(birth))
+                    .and(auth.di.eq(di))
+                    .and(auth.uniqueCi.eq(uniqueCi))
                    .and(member.isActive.isTrue)
            )
            .fetch()
--- a/src/main/kotlin/kr/co/vividnext/sodalive/member/auth/AuthService.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/member/auth/AuthService.kt
@@ -81,7 +81,12 @@ class AuthService(

    @Transactional
    fun authenticate(certificate: AuthVerifyCertificate, memberId: Long): AuthResponse {
-        val memberIds = repository.getActiveMemberIdsByDi(di = certificate.di)
+        val memberIds = repository.getActiveMemberIdsByNameAndBirthAndDiAndUniqueCi(
+            name = certificate.name,
+            birth = certificate.birth,
+            di = certificate.di,
+            uniqueCi = certificate.unique
+        )
        if (memberIds.size >= 3) {
            val message = messageSource.getMessage("member.auth.max_accounts", langContext.lang) ?: ""
            throw SodaException(