PIS. Update Person authentication method_EN

Purpose

This WS designed to update Authentications method

Specification

Apiary

Authorization

• Verify the validity of access token

  • Return (401, 'Invalid access token') in case of validation fails

• Verify that token is not expired

  • in case of error - return (401, 'Invalid access token')

• Check user scopes in order to perform this action (scope = 'authentication_method:write_pis')

  • Return (403, 'Your scope does not allow to access this resource. Missing allowances: authentication_method:write_pis') in case of invalid scope(s)

• Check that token contains person_id

  • in case of error - return (401, 'Invalid access token')

Validate person

• Get person_id from token (x-person-id header)

• Validate patient status is active (status = ‘active' & is_active = 'true’)

  • in case of error - return 404 ('not found')

Validate confidant person and relationship (optional)

If person is not legally capable - system must ensure that Person authentication method request updated by confidant person and there is registered and verified their relationship

Get applicant_person_id from token, compare it to person_id from token:

• If equals - check that person must not be authorized by confidant person, so it doesn’t correspond to following rules:

  • persons age < no_self_registration_age global parameter;

  • persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PIS_PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;

  • persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process Check confidant person relationship with person_id = person from request - expected :ok, :approved response)

    • In case of error - return 409 (‘Request must be authorized by confidant person’)

• If not equal - validate relationship with following steps:

  • Check that there is registered relationship between person_id and applicant_person_id(MPI.confidant_person_relationships)

  • Check that relationship is VERIFIED

    • In case of error - return 409 (‘Can’t confirm relationship’)

  • Check that applicant_person_id exists (status = 'active' & is_active = 'true') and has verification_status any but NOT_VERIFIED

    • In case of error - return 409 (‘Confidant person not found or is not verified’)

Validate request

• Validate auth method. il.authentication_method_request.auth_methos_current.type = THIRD_PERSON or ОТР

  • in case of error - return 403 ('Only THIRD_PERSON or ОТР authentication method types could be updated')

• Validate auth method belongs to person

  1. In case of error - return 404 ('Such authentication method does not belong to this person')

• Validate that auth_method is active (person_authentication_methods.ended_at > now())

  • in case of error - return 422 ('Authentication method isn’t active')

• Validate alias is updated

  • in case of error - return 422 ('Only alias can be updated')

Service logic

1. Get person_id from token (x-person-id header).

2. Update person authentication method

3. Render response according to specification.