PIS. Update Person authentication method_EN

1 Purpose
2 Specification
3 Authorization
4 Validate person
5 Validate confidant person and relationship (optional)
6 Validate request
7 Service logic

Purpose

This WS designed to update Authentications method

Specification

Apiary

Authorization

Verify the validity of access token
- Return (401, 'Invalid access token') in case of validation fails
Verify that token is not expired
- in case of error - return (401, 'Invalid access token')
Check user scopes in order to perform this action (scope = 'authentication_method:write_pis')
- Return (403, 'Your scope does not allow to access this resource. Missing allowances: authentication_method:write_pis') in case of invalid scope(s)
Check that token contains person_id
- in case of error - return (401, 'Invalid access token')

Validate person

Get person_id from token (x-person-id header)
Validate patient status is active (status = ‘active' & is_active = 'true’)
- in case of error - return 404 ('not found')

Validate confidant person and relationship (optional)

If person is not legally capable - system must ensure that Person authentication method request updated by confidant person and there is registered and verified their relationship

Get applicant_person_id from token, compare it to person_id from token:

If equals - check that person must not be authorized by confidant person, so it doesn’t correspond to following rules:
- persons age < no_self_registration_age global parameter;
- persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PIS_PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;
- persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process Check confidant person relationship with person_id = person from request - expected :ok, :approved response)
  - In case of error - return 409 (‘Request must be authorized by confidant person’)
If not equal - validate relationship with following steps:
- Check that there is registered relationship between person_id and applicant_person_id(MPI.confidant_person_relationships)
- Check that relationship is VERIFIED
  - In case of error - return 409 (‘Can’t confirm relationship’)
- Check that applicant_person_id exists (status = 'active' & is_active = 'true') and has verification_status any but NOT_VERIFIED
  - In case of error - return 409 (‘Confidant person not found or is not verified’)

Validate request

Validate auth method. il.authentication_method_request.auth_methos_current.type = THIRD_PERSON or ОТР
- in case of error - return 403 ('Only THIRD_PERSON or ОТР authentication method types could be updated')
Validate auth method belongs to person
1. In case of error - return 404 ('Such authentication method does not belong to this person')
Validate that auth_method is active (person_authentication_methods.ended_at > now())
- in case of error - return 422 ('Authentication method isn’t active')
Validate alias is updated
- in case of error - return 422 ('Only alias can be updated')

Service logic

Get person_id from token (x-person-id header).
Update person authentication method
Render response according to specification.