Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

This procedure implementation logic for use timeout/delay in step generate/send OTP in 2FA flow. Its necessary for block process when fraud user click button "resend otp" many time (over and over again) which will allow cut costs for sending SMS .

This procedure used at few entry/cases in 2FA flow:


Logic

  • Use array `users.priv_settings.login_hstr[]` with `login_hstr.type` = `otp`
  • Sort array DESC by time
  • Get count() items from artray for period from `now()` to `now() - OTP_SEND_TIMEOUT`
  • If count() >= OTP_SEND_COUNTER_MAX 
    • return 429 error + message "Sending OTP timeout. Try later." + type "otp_timeout",
    • NO create & sending OTP
  • Else
    • create & sending OTP + store item in otp_hstr[]
  • Importantly: always - delete "old" items (for  `time` < `now() - OTP_SEND_TIMEOUT`).

  • Store OTP sending event at array `users.priv_settings.login_hstr[]` in obj (example)

    Code Block
    {"time": "2017-12-22T10:26:44.255687", "type": "otp", "is_success": true}.