ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 23 Next »

This process describes adding an additional authentication method to an existing person, update authentication method and delete it.

Use GET persom/{id}/ authentication_method to find authentication method' id of person

Specification

Apiary

Authorize

  1. Verify the validity of access token

    • Check user scope authentication_method_request:write in order to perform this action

Get global parameters

Invoke Global parameters to get following parameter:

  • phone_number_auth_limit - Check if in table person_authentication_methods  with type = OTP > N, then error 422, such a phone already exists more N times

  • third_person_limit - In table person_auth_methods with type = THIRD_PERSON > N, then error 422

  • third_person_term

cURL example

curl -X GET \
  {:host}/prm/api/global_parameters

Validate request

if action = deactivate

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "deactivate",
  "authentication_method": {
    "id": "057413fb-2c2e-4f33-b2d6-433469212744"
    }
  }
}

if action = update

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "update",
  "authentication_method": {
    "id": "057413fb-2c2e-4f33-b2d6-433469212744",
    "alias": "roksolana",
    "default": "true"
    }
  }
}

if action = insert

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "insert",
  "authentication_method": {
    "type": "THIRD_PERSON",
    "value": "d12888c0-1159-4296-8f03-a592c136f673",
    "phone_number` : "+380656779678",
    "alias": "roksolana"
    }
  }
}

Validate ids

Fiend value is person.id

  • validate person.id UUID

    • in case error return 422

  • search person by person.id in MPI 

    • in case error return 422, "Such person doesn't exist"

Search auth requests by person id

 To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.auth_method_requests.status = NEW, then

Change status of all found person requests:

SET   IL_DB.authentication_method_requests.status = 'CANCELED'
WHERE IL_DB.authentication_method_requests.id IN (:LIST)

Validate by actions

if action = deactivate

  1. Field type must be THIRD_PERSON. (where person_auth_method.id = $authentication_method.id)

    1. check this auth_method.default=False

if action = update

  1. validate authentication_methods.id belong to this person. Search auth method of this person where  MPI.person_authentication_method.person_id = $.person.id

    1. in case error return 422, "such authentication method does not belong to this person"

  2. set default only for auth_method.type = THIRD_PERSON

  3. optional field default must be only = TRUE

  4. alias and default is optiomal, but minimum one of two filds is required.

if action = insert

  1. if type = OTP ,

    1. phone_number is required and value shouldn’t be set. And field alias is optional.

    2. Verificate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES

  2. if type = OFFLINE , phone_numberand value shouldn’t be set . And field alias is optional.

  3. if type = THIRD_PERSON, value ,phone_number, alias are required.

  4. if type = THIRD_PERSON - Validate phone_number with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.value

  5. validate value:

    1. validate person.id is UUID

      • in case error return 422

    2. search person by person.id in MPI 

      • in case error return 422, "such person doesn't exist"

    3. search person by person.id in MPI 

      • in case error return 422, "third person must be active"

    4. search third_person.age > 18 years:

      • in case error return 422, "third person must be adult"

    5. validate third_person.auth_method !=N/A

      • in case error return 422, "third person must has auth method OTP or OFFLINE"


Set auth_method_current

Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return default auth method.

Generate verification code

If auth_method_requests.auth_method_current = OTP 

Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.

cURL example

curl -X POST \
  http://localhost:4000/verifications \
  -H 'content-type: application/json' \
  -d '{
  "phone_number": "+380936235985"
}'

Generate upload URL

If auth_method_requests.auth_method_current = OFFLINE 

  1. Generate URL's with type person.{$.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})

If action = insert and il.auth_method_request.authentication_method.type = OFFLINE:

  1. Generate URL's with type person.{$.person.documents.[:].type}

  • No labels