Purpose
This WS designed to Approve Person authentication method request
Specification
Authorization
Verify the validity of access token
Return (401, 'Invalid access token') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'Invalid access token')
Check user scopes in order to perform this action (scope = 'authentication_method_request:write_pis')
Return (403, 'Your scope does not allow to access this resource. Missing allowances: authentication_method_request:write_pis') in case of invalid scope(s)
Check that token contains person_id
in case of error - return (401, 'Invalid access token')
Validate person
Get person_id from token (x-person-id header)
Validate patient status is active (status = ‘active' & is_active = 'true’)
in case of error - return 404 ('not found')
Validate confidant person and relationship (optional)
If person is not legally capable - system must ensure that Person authentication method request created by confidant person and there is registered and verified their relationship
Get applicant_person_id
from token, compare it to person_id
from token:
If equals - check that person must not be authorized by confidant person, so it doesn’t correspond to following rules:
persons age < no_self_registration_age global parameter;
persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PIS_PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;
persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process Check confidant person relationship with person_id = person from request - expected
:ok, :approved
response)In case of error - return 409 (‘Only THIRD_PERSON authentication method is allowed')
If not equal -
error - return 409 (‘Only THIRD_PERSON authentication method is allowed’)
Validate authentication method
Validate auth method. il.authentication_method_request.auth_method.type = OTP
in case of error - return 403 ('OTP authentication method is allowed')
Check that authentication_method_request.status = NEW
in case of error - return 403 ('Only authentication method request with NEW status is allowed')
Check that authentication_method_request belongs to person
in case of error - return 404 ('not found')
Service logic
Verificate sms (Invoke verification module to verify OTP (OTP Verification)).
If OTP is correct add phone number to the verification.verified_phones
Update mpi.person_authentication_methods
person’s auth method that was before becomes inactive - set
ended_at
= now() (Get current date-time) and is_active = falseset new auth_method in person_auth_methods. Set fields -
type
,phone_numer
,alias
(if it is in request)
Update authentication method request
Change entity status in il.authentication_method_request to COMPLETED
Set updated_at - now() (Get current date-time)
Render response according to specification.