ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Specification

Apiary
PATCHmithril/api/users/{user_id}/actions/approve_factor
Scopeuser:approve_factor

Purpose

Verifying OTP, update (approval)  2FA item from token.

Request parameters

  • token
  • user_id
  • otp


Logic WS

  • Validate token (2fa_access_token) 
    • If invalid - return error 4xx 
  • Validate $.user_id = token.user_id
    • If invalid - return 403 error
  • Validate user id & user status
  • Validate user `is_blocked` flag
    • if is_blocked = TRUE
    • return 4xx - "User blocked"  (!!! TBD)
  • Get active 2FA item for non-blocked user by $.user_id

    SELECT *
    FROM authentication_factors AS 2FA
    WHERE
        2FA.user_id = $.user_id
            AND 2FA.is_active = TRUE

    • If not found - return 409 error "Not found 2FA data for user"
  • Extract type & factor from 2FA item for user
  • Invoke internal function `verify_OTP (key, code)`, for 2FA.type = SMS, with params:
    • key = 2FA.faсtor
    • code = $.otp
  • Get result of call `verify_OTP()`  
  • If result = VERIFIED
    • Extract from `tokens.details` this attributes:
      • `request_authentication_factor` 
      • `request_authentication_factor_type` 
    • Update (set values) active 2FA item with `tokens.details.request_authentication_factor_type`:
      • factor = `tokens.details.request_authentication_factor` 
      • update_at = now()
    • Update 2fa_access_token (set `tokens.details.used`=true)
    • Return 200
  • If result = UNVERIFIED
    • Update user (set values) by $.user_id
      • Increment `users.priv_settings.otp_error_counter` (+1)
    • If `users.priv_settings.otp_error_counter` > USER_OTP_ERROR_MAX
      • Blocked user - update user (set values) by $.user_id
        • is_blocked = TRUE
        • block_reason = "OTP verify attempts more then USER_OTP_ERROR_MAX"
        • updated_at = now()
    • return 401 error

Response

  • 200 if 2FA successful set new.factor  + 2FA_object_view
  • 4xx in other case
  • No labels