Required parameters are marked with "*"
Якщо інформації по відповідному параметру немає, потрібно зазначити: “API paragraph not found”.
Purpose*
This process describes adding an additional authentication method to an existing person, update authentication method and delete it.
Confluence - https://e-health-ua.atlassian.net/wiki/x/FwC_J
Specification*
Logic*
API paragraph not found
Global and configurable parameters
Variable | Values | Description |
---|---|---|
phone_number_auth_limit | Check if in table person_authentication_methods with type = | |
third_person_limit | In table person_auth_methods with type = | |
third_person_term | ||
person_with_third_person_limit |
cURL example
Input parameters
Input parameter | Values | Type | Description | Example |
---|---|---|---|---|
id | String | Person identifier |
|
Request structure*
See on Apiary
Example:
Authorize*
Verify the validity of access token
Check user scope authentication_method_request:write in order to perform this action
Request to process the request using a token in the headers
Headers*
Наприклад:
Content-Type:application/json
Authorization:Bearer c2778f3064753ea70de870a53795f5c9
api-key:uXhEczJ56adsfh3Ri9SUkc4en
Request data validation*
Validate request
if action = deactivate
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "deactivate", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744" } } }
if action = update
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "update", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744", "alias": "roksolana" } } }
if action = insert
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "insert", "authentication_method": { "type": "THIRD_PERSON", "value": "d12888c0-1159-4296-8f03-a592c136f673", "phone_number` : "+380656779678", "alias": "roksolana" } } }
Validate ids
Fiend value
is person.id
validate person.id UUID
in case error return
404
search person by person.id in MPI or person.is_active = false
in case error return
404
, "Such person doesn't exist"
validate that person is active ( person.status = active)
in case error return
409
, "Such person isn't active"
validate that auth_method is active ( person.auth_method.ended_at > now())
in case error return
422
, “Authentication method isn’t active”
Search auth requests by person id
To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.auth_method_requests.status = NEW, then
Change status of all found person requests:
SET IL_DB.authentication_method_requests.status = 'CANCELED' WHERE IL_DB.authentication_method_requests.id IN (:LIST) |
Validate by actions
if action = deactivate
Field
type
must beTHIRD_PERSON
. (where person_auth_method.id = $authentication_method.id)check this auth_method is not primary
auth_method_current != NA
if action = update
validate authentication_methods.id belong to this person. Search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
alias
is required.auth_method_current != NA
if action = insert
if type = OTP ,
phone_number
is required andvalue
shouldn’t be set. And fieldalias
is optional.validate that person.age >global_parameters.no_self_auth_age
Verificate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES
if type = OFFLINE ,
phone_number
andvalue
shouldn’t be set . And fieldalias
is optional.validate that person.age > global_parameters.no_self_auth_age
auth_method_current != OFFLINE
error - "Person already has auth method OFFLINE"
auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = False)
error -
Person cannot set OFFLINE auth method if person had OTP
if type = THIRD_PERSON,
value
,phone_number
,alias
are required.Validate
phone_number
with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.valueauth_method_current != NA
if config
THIRD_PERSON_OFFLINE
= False - validate that third_person has self method = OTP, else:error
THIRD PERSON can't have OFFLINE self auth method type
validate value:
validate person.id is UUID
in case error return
422
search person by person.id in MPI
in case error return
422
, "such person doesn't exist"
search person by person.id in MPI
in case error return 422, "third person must be active"
search third_person.age > prm.global_parameters.no_self_auth_age years:
in case error return 422, "third person must be adult"
validate third_person.auth_method !=N/A
in case error return 422, "third person must has auth method OTP or OFFLINE"
validate that person hasn’t this third_person isn’t already as third_person
Processing*
Set auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.
Validate that auth_method_current !=NA if
action = deactivate
action = update
action = insert and type= THIRD_PERSON and person.age>no_self_auth_method
else errror - “
Person can't be authorized with NA authentication method
“
Generate verification code
If auth_method_requests.auth_method_current = OTP
Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.
cURL example
curl -X POST \ http://localhost:4000/verifications \ -H 'content-type: application/json' \ -d '{ "phone_number": "+380936235985" }' |
Generate upload URL
If auth_method_requests.auth_method_current = OFFLINE
Generate URL's with type person.{$.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
If action = insert
and il.auth_method_request.authentication_method.type = OFFLINE:
Generate URL's with type person.{$.person.documents.[:].type}
Response structure*
See on Apiary
Example:
Post-processing processes*
API paragraph not found