ЕСОЗ - публічна документація

PIS. Create Person authentication method request_EN

Owned by Dmytro Omelchenko (SoE eHealth)
Last updated: May 17, 2024Version comment
2 min read

 

Purpose

This WS designed to create authentication method request for Patient

Specification

Apiary

Authorization

  • Verify the validity of access token

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'authentication_method_request:write_pis')

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: 'authentication_method_request:write_pis') in case of invalid scope(s)

  • Check that token contains person_id

    • in case of error - return (401, 'Invalid access token')

Validate person

  • Get person_id from token (x-person-id header)

  • Validate patient status is active (status = ‘active' & is_active = 'true’)

    • in case of error - return 404 ('not found')

Validate confidant person and relationship (optional)

If person is not legally capable - system must ensure that Person authentication method request created by confidant person and there is registered and verified their relationship

Get applicant_person_id from token, compare it to person_id from token:

Validate request

  • Validate auth method. il.authentication_method_request.auth_method.type = OTP

    • in case of error - return 403 ('Only for OTP authentication method is allowed')

  • phone_number is required

    1. In case of error - return 422 ('required property %{property} was not present')

Check if Person should be sent for OTP verification

  • check the usage limit of this phone number in table person_authentication_methods  with ended_at іs empty or > now() & type = OTP > N

    1. in case of error - return 422 ('This phone number is present more than #{phone_number_auth_limit.limit} times in the system')

  • Get value of PIS_VALIDATE_ALL_PHONES config parameter

    • if it set to false - check that phone from authentication_methods field must be verified (number does not exists in verified_phones table in verifications database)

    • if it set to true - verified phone number by OTP

Service logic

  1. Create authentication method request in il.authentication_method_request with

    • status = NEW

    • action = INSERT

    • authentication_method = $authentication_method

    • authentication_method_current =

    • authentication_method_id = $authentication_method_id

    • channel = PIS

  2. If OTP verification needed

    • Invoke Initialize OTP to generate one-time password and send it to the client number.

    • Search requests where person_id = person.id and authentication_method_requests.status = NEW, then

    • Change the status of all found authentication_method_requests to CANCELED.

    • then Approve Person authentication method request

  3. If OTP verification is not needed

    • Search requests where person_id = person.id and authentication_method_requests.status = NEW, then

    • Change the status of all found authentication_method_requests to CANCELED.

    • Update mpi.person_authentication_methods

      • person’s auth method that was before becomes inactive - set ended_at = now() (Get current date-time) and is_active = false

      • set new auth_method in person_auth_methods. Set fields - type,phone_numer, alias(if it is in request)

    • Update authentication method request

      • Change entity status in il.authentication_method_request to COMPLETED

      • Set updated_at - now() (Get current date-time)

  4. Render response according to specification.

ЕСОЗ - публічна документація