ЕСОЗ - публічна документація

RC_(CSI-2483,CR-441)_Approve auth method request

Owned by Viacheslav Tybin (SoE eHealth)
Jun 10, 2024
2 min read

Specification

Apiary

Authorize user

  1. Verify the validity of access token

    1. Return 401 in case validation fails

  2. Check scopes in order to perform this action (scope = 'authentication_method_request:write')

    1. Return 403 in case invalid scope(s)

Logic

action = deactivate

  1. validate auth_method_request.auth_method_current:

    1. If auth_method_request.auth_method_current = OTP - Verificate sms (Invoke verification module to verify OTP (OTP Verification))

    2. If auth_method_request.auth_method_current = OFFLINE - verificate download documents ( Media Content Storage)

  2. Update authentication method request

    1. Change entity status in IL_DB.authentication_method_request to COMPLETED

    2. Set updated_at - now() (Get current date-time)

    3. Set updated_by - user_id (Extract user from token)

  3. Update mpi.person_authentication_method:

    1. set ended_at = now() (Get current date-time)

action = update

  1. validate auth_method_request.auth_method_current:

    • If auth_method_request.auth_method_current = OTP - Verificate sms (Invoke verification module to verify OTP (OTP Verification))

    • If auth_method_request.auth_method_current = OFFLINE - verificate download documents

  2. Update authentication method request

    1. Change entity status in IL_DB.authentication_method_request to COMPLETED

    2. Set updated_at - now() (Get current date-time)

    3. Set updated_by - user_id (Extract user from token)

  3. Update mpi.person_authentication_method:

    1. set alias (if it passed in request)

action = insert

  1. if type = THIRD_PERSON, check that person from authentication_method.value is an approved confidant for a person from request – exists active and approved confidant person relationship between person from request and person_id from authentication method value (using following logic: https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17667883028 with person_id = person from request and confidant_person_id = value from auth method - expected :ok, :approved response)

    1. in case of error - return 409 ('Cannot be confirmed by method with not approved confidant person relationship')

  2. validate auth_method_request.auth_method_current:

    1. If auth_method_request.auth_method_current = OTP - Verificate sms (Invoke verification module to verify OTP (OTP Verification))

    2. If auth_method_request.auth_method_current = OFFLINE - verificate download documents

  3. If il.authentication_method_request.authentication_method.type = OFFLINE

    1. verificate download documents

  4. if type = THIRD_PERSON, set

    1. value = il.authentication_method_request.authentication_method.value

    2. alias = il.authentication_method_request.authentication_method.alias

    3. Start date: start_date = Current_date()

    4. End date:

      if (person.age < 18) { end_date =birth_date + no_self_auth_age - 1d;} else {  end_date = start_date + third_person_term;}

  5. Update authentication method request

    1. Change entity status in IL_DB.authentication_method_request to COMPLETED

    2. Set updated_at - now() (Get current date-time)

    3. Set updated_by - user_id (Extract user from token)

  6. Update mpi.person_asuthentication_methods

    1. If active il.authentication_method_request.authentication_method.type = OTP or OFFLINE or NA,

      1. person’s auth method that was before becomes inactive - set ended_at = now() (Get current date-time)

      2. set new auth_method in person_auth_methods. Set fields - type,phone_numer, alias(if it is in request)

  7. If il.authentication_method_request.authentication_method.type = THIRD_PERSON

    1. Add to table person_auth_methods row with type = third_person. Set fields - type,value, alias, ended_at,started_at

Check if Person should be sent for verification*

  • - please note, (GraphQL) Create auth method refers to this validation.

Rules for validation of Persons

  1. Person has OFFLINE auth method (check in Request)

  2. Person’s age < no_self_auth_age and has document with type BIRTH_CERTIFICATE_FOREIGN (check in DB, within mpi.person.documents and mpi.person.confidant_person.documents_relationship)

  3. Person’s age >= no_self_auth_age and has document with type PERMANENT_RESIDENCE_PERMIT (check in DB)

Send Person to manual verification process

checking Rule 01

  • If $.authenticationMethod.type = OFFLINE and action = insert then (
    verification is needed

    • Set MPI.person_verifications.nhs_verification_status = VERIFICATION_NEEDED and

    • Set MPI.person_verifications.nhs_verification_reason = RULES_TRIGGERED and

    • Create StateChangeEvent in event manager with new verification status )

  • elseif $.authenticationMethod.type = OTP and action = insert and MPI.persons.verification_status != VERIFIED
    then (
    checking Rule 02-05

    • if
      (Person’s age < no_self_auth_age and has document with type BIRTH_CERTIFICATE_FOREIGN within mpi.person.documents and mpi.person.confidant_person[:].documents_relationship[:]) or (Person’s age >= no_self_auth_age and has document with type PERMANENT_RESIDENCE_PERMIT) then
      manual verification is needed

      • Set MPI.person_verifications.nhs_verification_status = VERIFICATION_NEEDED and

      • Set MPI.person_verifications.nhs_verification_reason = RULES_TRIGGERED and

      • Create StateChangeEvent in event manager with new verification status

    • else
      manual verification is not needed

      • Set MPI.person_verifications.nhs_verification_status = VERIFIED and

      • Set MPI.person_verifications.nhs_verification_reason = RULES_PASSED and

      • Set MPI.person_verifications.nhs_verification_comment = NULL and

      • Create StateChangeEvent in event manager with new verification status
        )

ЕСОЗ - публічна документація