ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Purpose

This WS designed to create authentication method request for Patient

Specification

Apiary

Authorization

  • Verify the validity of access token

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'authentication_method_request:write_pis')

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: 'authentication_method_request:write_pis') in case of invalid scope(s)

  • Check that token contains person_id

    • in case of error - return (401, 'Invalid access token')

Validate person

  • Get person_id from token (x-person-id header)

  • Validate patient status is active (status = ‘active' & is_active = 'true’)

    • in case of error - return 404 ('not found')

Validate confidant person and relationship (optional)

If person is not legally capable - system must ensure that Person authentication method request created by confidant person and there is registered and verified their relationship

Get applicant_person_id from token, compare it to person_id from token:

  • If equals - check that person must not be authorized by confidant person, so it doesn’t correspond to following rules:

    • persons age < no_self_registration_age global parameter;

    • persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PIS_PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;

    • persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process /wiki/spaces/PCAB/pages/17415995422 with person_id = person from request - expected :ok, :approved response)

      • In case of error - return 409 (‘Only THIRD_PERSON authentication method is allowed')

  • If not equal -

    • error - return 409 (‘Only THIRD_PERSON authentication method is allowed’)

Validate request

  • Validate auth method. il.authentication_method_request.auth_method.type = OTP

    • in case of error - return 403 ('Only for OTP authentication method is allowed')

  • phone_number is required

    1. In case of error - return 422 ('required property %{property} was not present')

Check if Person should be sent for OTP verification

  • check the usage limit of this phone number in table person_authentication_methods  with ended_at іs empty or > now() & type = OTP > N

    1. in case of error - return 422 ('This phone number is present more than #{phone_number_auth_limit.limit} times in the system')

  • Get value of PIS_VALIDATE_ALL_PHONES config parameter

    • if it set to false - check that phone from authentication_methods field must be verified (number does not exists in verified_phones table in verifications database)

    • if it set to true - verified phone number by OTP

Service logic

  1. Create authentication method request in il.authentication_method_request with

    • status = NEW

    • action = INSERT

    • authentication_method = $authentication_method

    • authentication_method_current =

    • authentication_method_id = $authentication_method_id

    • channel = PIS

  2. If OTP verification needed

  3. If OTP verification is not needed

    • Search requests where person_id = person.id and authentication_method_requests.status = NEW, then

    • Change the status of all found authentication_method_requests to CANCELED.

    • Update mpi.person_authentication_methods

      • person’s auth method that was before becomes inactive - set ended_at = now() (Get current date-time) and is_active = false

      • set new auth_method in person_auth_methods. Set fields - type,phone_numer, alias(if it is in request)

    • Update authentication method request

      • Change entity status in il.authentication_method_request to COMPLETED

      • Set updated_at - now() (Get current date-time)

  4. Render response according to specification.

  • No labels