ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Purpose

This WS designed to deactivate Authentication method

Specification

Apiary

Authorization

  • Verify the validity of access token

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'authentication_method_request:deactivate_pis')

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: authentication_method:deactivate_pis') in case of invalid scope(s)

  • Check that token contains person_id

    • in case of error - return (401, 'Invalid access token')

Validate person

  • Get person_id from token (x-person-id header)

  • Validate patient status is active (status = ‘active' & is_active = 'true’)

    • in case of error - return 404 ('not found')

Validate confidant person and relationship (optional)

If person is not legally capable - system must ensure that Person authentication method request deactivated by confidant person and there is registered and verified their relationship

Get applicant_person_id from token, compare it to person_id from token:

  • If equals - check that person must not be authorized by confidant person, so it doesn’t correspond to following rules:

    • persons age < no_self_registration_age global parameter;

    • persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PIS_PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;

    • persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process Check confidant person relationship with person_id = person from request - expected :ok, :approved response)

      • In case of error - return 409 (‘Request must be authorized by confidant person’)

  • If not equal - validate relationship with following steps:

    • Check that there is registered relationship between person_id and applicant_person_id(MPI.confidant_person_relationships)

    • Check that relationship is VERIFIED

      • In case of error - return 409 (‘Can’t confirm relationship’)

    • Check that applicant_person_id exists (status = 'active' & is_active = 'true') and has verification_status any but NOT_VERIFIED

      • In case of error - return 409 (‘Confidant person not found or is not verified’)

Validate request

  • Validate auth method. il.authentication_method_request.auth_method.type = THIRD_PERSON

    • in case of error - return 403 ('Only THIRD_PERSON authentication method type could be deactivated')

  • Validate auth method belongs to the person

    1. In case of error - return 404 ('Such authentication method does not belong to this person')

  • Check that person has other active methods in mpi.person_authentication_methods

    • in case of error - return 403 ('You can't deactivate the last authentication method')

  • Check person in request don't has confidant_person_relationship with person

    • in case of error - return 403 ('Person in request is the confidant person')

  • Validate that auth_method is active (person_authentication_methods.ended_at > now())

    • in case of error - return 422 ('Authentication method isn’t active')

Service logic

  1. Get person_id from token (x-person-id header).

  2. Deactivate person authentication method

    1. person’s auth method that was before becomes inactive - set ended_at = now() (Get current date-time) and is_active = false

  3. Render response according to specification.

  • No labels