...
...
...
...
Table of Contents |
---|
Apiary | |||||
| mithril/api/users/{user_id}/actions/requestinit_factor | ||||
Scope | authentication_factoruser:request_factor | ||||
Request json-schema |
Purpose
Collect factor from user, save factor & type into token, create OTP for approval factor.
Request parameters
- tokenuser_id
- factor
- type
Logic WS
- Validate token & scope
- Validate request JSON-Schema for $.type=SMS
- Validate user_id FKSearch user by token, validate user is blocked
- Get 2FA item by $.type for non-blocked user by $.user_id
Code Block language sql SELECT * FROM authentication_factors AS 2FA INNER JOIN user AS U ON 2FA.user_id = U.id WHERE U.id = $.user_id AND 2FA.type = $.type AND U.is_active = TRUE AND U.is_blocked = FALSE
For this valid conditions:
Purpose Conditions User change factor (from OLD on NEW) after
successful authorization and getting access_token_type(exist 2FA item for user) AND (token_type = access_token_type) AND (2FA.factor != "" AND 2FA.factor != NULL) User setting factor (from NULL on NEW, after Reset factor )
after successful getting 2fa_access_token_type(exist 2FA item for user) AND (token_type = 2fa_access_token_type) AND (2FA.factor = "" OR 2FA.factor = NULL) - Update exist token (for token_type = 2fa_access_token_type) OR create new 2fa_access_token_type (if token_type in payload = access_token_type)
- insert into `tokens.details` this attributes:
- `request_authentication_factor` = $.factor
- `request_authentication_factor_type` = $.type
Invoke - insert into `tokens.details` this attributes:
- invoke OTP timeout procedure
- If successful - invoke internal function `create OTP (key)`, for 2FA.type = SMS, with params:
- key = 2FA.faсtor
- Get result of call `create OTP()` as `OTP_value`
- Sending (delivery) OTP via channel communication
- for 2FA.type = SMS - via SMS gateway API
- mobile phone = 2FA.factor
- SMS text = OTP_value
- ...
- for 2FA.type = SMS - via SMS gateway API
- Update exist token (for token_type = 2fa_access_token_type) OR create new 2fa_access_token_type (if token_type in payload = access_token_type)
- Return 201
- ...
Response
- 201 if 2FA successful set new.factor + 2FA_object_view
- 4xx in other case