Specification
Apiary | |
PATCH | mithril/api/users/{user_id}/actions/approve_factor |
Scope | user:approve_factor |
Purpose
Verifying OTP, update (approval) 2FA item from token.
Request parameters
- token
- user_id
- otp
Logic WS
- Validate token (2fa_access_token)
- If invalid - return error 4xx
- Validate $.user_id = token.user_id
- If invalid - return 403 error
- Validate user id & user status
- Validate user `is_blocked` flag
- if is_blocked = TRUE
- return 4xx - "User blocked" (!!! TBD)
Get active 2FA item for non-blocked user by $.user_id
SELECT * FROM authentication_factors AS 2FA WHERE 2FA.user_id = $.user_id AND 2FA.is_active = TRUE
- If not found - return 409 error "Not found 2FA data for user"
- Extract type & factor from 2FA item for user
- Invoke internal function `verify_OTP (key, code)`, for 2FA.type = SMS, with params:
- key = 2FA.faсtor
- code = $.otp
- Get result of call `verify_OTP()`
- If result = VERIFIED
- Extract from `tokens.details` this attributes:
- `request_authentication_factor`
- `request_authentication_factor_type`
- Update (set values) active 2FA item with `tokens.details.request_authentication_factor_type`:
- factor = `tokens.details.request_authentication_factor`
- update_at = now()
- Update 2fa_access_token (set `tokens.details.used`=true)
- Return 200
- Extract from `tokens.details` this attributes:
- If result = UNVERIFIED
- Update user (set values) by $.user_id
- Increment `users.priv_settings.otp_error_counter` (+1)
- If `users.priv_settings.otp_error_counter` > USER_OTP_ERROR_MAX
- Blocked user - update user (set values) by $.user_id
- is_blocked = TRUE
- block_reason = "OTP verify attempts more then USER_OTP_ERROR_MAX"
- updated_at = now()
- Blocked user - update user (set values) by $.user_id
- return 401 error
- Update user (set values) by $.user_id
Response
- 200 if 2FA successful set new.factor + 2FA_object_view
- 4xx in other case