Versions Compared

Old Version 3

changes.mady.by.user Edward Voloshin

Saved on

compared with

New Version 4

changes.mady.by.user Edward Voloshin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

Table of Contents
Specification


Request parameters
Apiary
authorizeset-2faauthentication-via-otpfactor
Status
titlepatch
mithril/api/users/{user_id}/authentication_factors{2fa_id}/actions/createset_otpfactor
Scope

Purpose

Verify OTP & prolongation authentication process (return access_token for getting approvals) .

authentication_factor:set_factor

Purpose

Update value of factor (after RESET logical status of 2fa)

Request parameters

  • token
  • user_id
  • otp
  • token2fa_id
  • new_factor


Logic WS

  • Validate token (2fa_access_token) - ???? 
    • If invalid - return error 4xx 
  • Validate user id & user status
  • Get active 2FA item for & scope
  • Validate user_id FK
  • Validate 2fa_id FK

  • Get 2FA item by 2fa_id  for non-blocked user by $.user_id

    Code Block
    languagesql
    SELECT *
FROM authentication_factors AS 2FA
WHERE 	INNER JOIN user AS U
		ON 2FA.user_id = U.id
WHERE 
	U.id = $.user_id
		AND 2FA.id = $.2fa_id
		AND U.is_active = TRUE
    • If not found - return 409 error "Not found 2FA data for user"
  • Extract type & factor from 2FA item for user
  • Invoke internal function `verify OTP (key, code)`, for 2FA.type = SMS, with params:
    • key = 2FA.faсtor
    • code = $.otp
  • Get result of call `verify OTP()`  
  • If result = VERIFIED
    • Update user (set values) by $.user_id

      • users.priv_settings.otp_error_counter = 0

    • Update 2fa_access_token (set `tokens.details.used`=true)
    • Create & return new access_token (as a existing standart process without 2FA)
    • Return 200
  • If result = UNVERIFIED
  • Update user (set values) by $.user_id
    • Increment `users.priv_settings.otp_error_counter` (+1)
    • If `users.priv_settings.otp_error_counter` > USER_OTP_ERROR_MAXBlocked user - update user (set values) by $.user_id
  • is_blocked = TRUE
  • block_reason = "OTP verify attempts more then USER_OTP_ERROR_MAX"
    • updated
    
		AND U.is_blocked = FALSE
    • If  (exist 2FA item for user) AND (token_type = access_token_type) AND (2FA.factor <> "" AND  2FA.factor <> NULL) - update 2FA item (set values) to logical status = ACTIVE :
      • 2FA.factor = new_factor
      • 2FA.update_at = now()
    • If  (exist 2FA item for user) AND (token_type = 2fa_access_token_type) AND (2FA.factor = "" OR  2FA.factor = NULL) - update 2FA item (set values) to logical status = ACTIVE :
      • 2FA.factor = new_factor
      • 2FA.update_at = now()
    • Else return 401 error

Internal logic for `verify OTP()`

  • Find 1 active OTP (status = NEW) for $.key
    • If not found - return 409 error "Not found active OTP" - ??? or 401 ?
    • If found -  increment  `attempts_count` (+1) for this OTP
      • If OTP.code = $.code - update OTP item:
        • OTP status  ( NEW → VERIFIED)
        • updated_at = now()
      • If (OTP.code <> $.code ) AND (OTP.attempts_countOTP_ERROR_MAX 
        • Update OTP item
          • status ( NEW → UNVERIFIED)
          • updated_at = now()

Response

  • 200 if OTP successful create & send 
    • error 
  • Return 200
  • ...

Response

  • 200 if 2FA successful set new.factor  + 2FA_object_view
  • 4xx in other case