Table of Contents |
---|
Apiary | |||||
| mithril/api/users/{user_id}/actions/request_factor | ||||
Scope | user:request_factor | ||||
Request json-schema |
Purpose
Collect factor from user, save factor & type into token, create OTP for approval factor.
Request parameters
- token
- user_id
- factor
- type
Logic WS
- Validate token & scope
- Validate request JSON-Schema for $.type=SMS
- Validate user_id FK
- Validate $.user_id = token.user_id
- If invalid - return 403 error
Get 2FA item by $.type for non-blocked user by $.user_id
Code Block language sql SELECT * FROM authentication_factors AS 2FA INNER JOIN user AS U ON 2FA.user_id = U.id WHERE U.id = $.user_id AND 2FA.type = $.type AND U.is_active = TRUE AND U.is_blocked = FALSE
For this valid conditions:
Purpose Conditions User change factor (from OLD on NEW) after
successful authorization and getting access_token_type(exist 2FA item for user) AND (token_type = access_token_type) AND (2FA.factor != "" AND 2FA.factor != NULL) User setting factor (from NULL on NEW, after Reset factor )
after successful getting 2fa_access_token_type(exist 2FA item for user) AND (token_type = 2fa_access_token_type) AND (2FA.factor = "" OR 2FA.factor = NULL) - Update exist token (for token_type = 2fa_access_token_type) OR create new 2fa_access_token_type (if token_type in payload = access_token_type)
- insert into `tokens.details` this attributes:
- `request_authentication_factor` = $.factor
- `request_authentication_factor_type` = $.type
- insert into `tokens.details` this attributes:
- Invoke internal function `create OTP (key)`, for 2FA.type = SMS, with params:
- key = 2FA.faсtor
- Get result of call `create OTP()` as `OTP_value`
- Sending (delivery) OTP via channel communication
- for 2FA.type = SMS - via SMS gateway API
- mobile phone = 2FA.factor
- SMS text = OTP_value
- ...
- for 2FA.type = SMS - via SMS gateway API
- Update exist token (for token_type = 2fa_access_token_type) OR create new 2fa_access_token_type (if token_type in payload = access_token_type)
- Return 201
- ...
Response
- 201 if 2FA successful set new.factor + 2FA_object_view
- 4xx in other case