Versions Compared

Old Version 36

changes.mady.by.user Dmytro Kulibaba (Unlicensed)

Saved on

compared with

New Version 37

changes.mady.by.user Dmytro Kulibaba (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel3

...

  1. Verify the validity of access token

    • Check user scope authentication_method_request:write in order to perform this action

Request to process the request using a token in the headers

Headers

Наприклад:

Content-Type:application/json

...

  1. Field type must be THIRD_PERSON. (where person_auth_method.id = $authentication_method.id)

    1. check this auth_method is not primary

    2. auth_method_current != NA null (null is set if MPI.person_auth_methods.ended_at <= now())

if action = update

  1. validate authentication_methods.id belong to this person. Search auth method of this person where  MPI.person_authentication_method.person_id = $.person.id

    1. in case error return 422, "such authentication method does not belong to this person"

  2. alias is required.

  3. auth_method_current != NA = null (null is set if MPI.person_auth_methods.ended_at <= now())

if action = insert

  1. if type = OTP ,

    1. phone_number is required and value shouldn’t be set. And field alias is optional.

    2. validate that person.age >global_parameters.no_self_auth_age

    3. Verificate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES

  2. if type = OFFLINE ,

    1. phone_numberand value shouldn’t be set . And field alias is optional.

    2. validate that person.age > global_parameters.no_self_auth_age

    3. auth_method_current != OFFLINE

      1. error - "Person already has auth method OFFLINE"

    4. auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = False)

      1. error - Person cannot set OFFLINE auth method if person had OTP

  3. if type = THIRD_PERSON,

    1. value ,phone_number, alias are required.

    2. Validate phone_number with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.value

    3. auth_method_current != NA= null (null is set if MPI.person_auth_methods.ended_at <= now())

    4. if config THIRD_PERSON_OFFLINE = False - validate that third_person has self method = OTP, else:

      1. error THIRD PERSON can't have OFFLINE self auth method type

...

  1. validate person.id is UUID

    • in case error return 422

  2. search person by person.id in MPI 

    • in case error return 422, "such person doesn't exist"

  3. search person by person.id in MPI 

    • in case error return 422, "third person must be active"

  4. search third_person.age > prm.global_parameters.no_self_auth_age years:

    • in case error return 422, "third person must be adult"

  5. validate third_person.auth_method !=N/A= (MPI.person_auth_methods.ended_at <= now())

    • in case error return 422, "third person must has auth method OTP or OFFLINE"

  6. validate that person hasn’t this third_person isn’t already as third_person

...

Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.

  • Validate that auth_method_current !=NA = null (null is set if MPI.person_auth_methods.ended_at <= now()) if

    • action = deactivate

    • action = update

    • action = insert and type= THIRD_PERSON and person.age>no_self_auth_method

  • else errror - “Person can't be authorized with NA authentication method

...