修复漏洞问题——限制注册时候不能修改手机号和openid

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java

@@ -16,7 +16,6 @@ import com.ruoyi.common.utils.ip.IpUtils;
 import com.ruoyi.framework.web.service.OauthLoginHlwService;
 import com.ruoyi.framework.web.service.OauthLoginService;
 import io.swagger.annotations.ApiOperation;
-import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
@@ -248,6 +247,16 @@ public class SysLoginController
             return AjaxResult.error("请求过于频繁，请稍后再试");
         }
 
+        //手机号和openid不能修改
+        if(registerBody.getAppUser()!=null){
+            AppUser appUser=registerBody.getAppUser();
+            if (StringUtils.isNotBlank(appUser.getPhone()) || StringUtils.isNotBlank(appUser.getOpenid())) {
+                return AjaxResult.error("信息完善接口不允许修改手机号或openid");
+            }
+            appUser.setPhone(null);
+            appUser.setOpenid(null);
+        }
+
         String token=loginService.registerAppUser(registerBody);
         return AjaxResult.success().put("token",token);
     }

ruoyi-bussiness/src/main/java/com/ruoyi/cms/service/impl/ESJobSearchImpl.java

@@ -60,9 +60,9 @@ public class ESJobSearchImpl implements IESJobSearchService
     // 锁的key（唯一标识ES索引初始化）
     private static final String ES_INIT_LOCK_KEY = "es:job_document:init:lock";
     // 锁过期时间（30分钟，确保初始化完成）
-    private static final Integer LOCK_EXPIRE_SECONDS = 600;//1800
+    private static final Integer LOCK_EXPIRE_SECONDS = 1800;
     // 等待锁时间（5分钟，避免无限等待）
-    private static final Integer WAIT_LOCK_SECONDS = 1;//300
+    private static final Integer WAIT_LOCK_SECONDS = 10;//300
 
 
     @Autowired