PIS. Approve Person authentication method request

1 Purpose
2 Specification
3 Authorization
4 Validate person
5 Validate confidant person and relationship (optional)
6 Validate authentication method
7 Service logic

Purpose

This WS designed to Approve Person authentication method request

Specification

Apiary

Authorization

Verify the validity of access token
- Return (401, 'Invalid access token') in case of validation fails
Verify that token is not expired
- in case of error - return (401, 'Invalid access token')
Check user scopes in order to perform this action (scope = 'authentication_method_request:write_pis')
- Return (403, 'Your scope does not allow to access this resource. Missing allowances: authentication_method_request:write_pis') in case of invalid scope(s)
Check that token contains person_id
- in case of error - return (401, 'Invalid access token')

Validate person

Get person_id from token (x-person-id header)
Validate patient status is active (status = ‘active' & is_active = 'true’)
- in case of error - return 404 ('not found')

Validate confidant person and relationship (optional)

If person is not legally capable - system must ensure that Person authentication method request created by confidant person and there is registered and verified their relationship

Get applicant_person_id from token, compare it to person_id from token:

If equals - check that person must not be authorized by confidant person, so it doesn’t correspond to following rules:
- persons age < no_self_registration_age global parameter;
- persons age between no_self_registration_age and person_full_legal_capacity_age global parameters and person does not have document with type from PIS_PERSON_LEGAL_CAPACITY_DOCUMENT_TYPES config parameter;
- persons age > person_full_legal_capacity_age global parameter and exists at least one active and approved confidant person relationship for person (using following process Check confidant person relationship with person_id = person from request - expected :ok, :approved response)
  - In case of error - return 409 (‘Only THIRD_PERSON authentication method is allowed')
If not equal -
- error - return 409 (‘Only THIRD_PERSON authentication method is allowed’)

Validate authentication method

Validate auth method. il.authentication_method_request.auth_method.type = OTP
- in case of error - return 403 ('OTP authentication method is allowed')
Check that authentication_method_request.status = NEW
- in case of error - return 403 ('Only authentication method request with NEW status is allowed')
Check that authentication_method_request belongs to person
- in case of error - return 404 ('not found')

Service logic

Verificate sms (Invoke verification module to verify OTP (OTP Verification)).
1. If OTP is correct add phone number to the verification.verified_phones
Update mpi.person_authentication_methods
- person’s auth method that was before becomes inactive - set ended_at = now() (Get current date-time) and is_active = false
- set new auth_method in person_auth_methods. Set fields - type,phone_numer, alias(if it is in request)
Update authentication method request
- Change entity status in il.authentication_method_request to COMPLETED
- Set updated_at - now() (Get current date-time)
Render response according to specification.