Versions Compared

Old Version 39

changes.mady.by.user Dmytro Omelchenko (SoE eHealth)

Saved on

compared with

New Version 40

changes.mady.by.user Nickolay Kolotov (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel3

Purpose

This process WS describes adding an additional authentication method to an existing person, update authentication method and delete it.

...

Page Properties

Link

https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/persons/create-authentication-method-request

Resource

/api/persons/{{id}}/authentication_method_requests

Scope

authentication_method_request:write

Components

Patient registry

Microservices

mpi/api

fe/admin-web

Protocol type

REST

Request type

POST

Sync/Async

Sync

Public/Private/Internal

Public

Logic

...

Global and configurable parameters

...

  1. Field type must be THIRD_PERSON. (where person_auth_method.id = $authentication_method.id)

    1. check this auth_method is not primary

    2. auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())

if action = update

  1. validate authentication_methods.id belong to this person. Search auth method of this person where  MPI.person_authentication_method.person_id = $.person.id

    1. in case error return 422, "such authentication method does not belong to this person"

  2. alias is required.

  3. auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())

if action = insert

  1. if type = OTP ,

    1. phone_number is required and value shouldn’t be set. And field alias is optional.

    2. validate that person.age >global_parameters.no_self_auth_age

    3. Verificate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES

  2. if type = OFFLINE ,

    1. phone_numberand value shouldn’t be set . And field alias is optional.

    2. validate that person.age > global_parameters.no_self_auth_age

    3. auth_method_current != OFFLINE

      1. error - "Person already has auth method OFFLINE"

    4. auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = False)

      1. error - Person cannot set OFFLINE auth method if person had OTP

  3. if type = THIRD_PERSON,

    1. value ,phone_number, alias are required.

    2. Validate phone_number with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.value

    3. auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())

    4. if config THIRD_PERSON_OFFLINE = False - validate that third_person has self method = OTP, else:

      1. error THIRD PERSON can't have OFFLINE self auth method type

...

  1. validate person.id is UUID

    • in case error return 422

  2. search person by person.id in MPI 

    • in case error return 422, "such person doesn't exist"

  3. search person by person.id in MPI 

    • in case error return 422, "third person must be active"

  4. search third_person.age > prm.global_parameters.no_self_auth_age years:

    • in case error return 422, "third person must be adult"

  5. validate third_person.auth_method != (MPI.person_auth_methods.ended_at <= now())

    • in case error return 422, "third person must has auth method OTP or OFFLINE"

  6. validate that person hasn’t this third_person isn’t already as third_person

...

Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.

  • Validate that auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now()) if

    • action = deactivate

    • action = update

    • action = insert and type= THIRD_PERSON and person.age>no_self_auth_method

  • else errror - “Person can't be authorized with NA authentication method

...