ЕСОЗ - публічна документація
RC_(CSI-1323)_Deactivate Confidant Person relationship request
Purpose
This process describes deactivation Confidant Person relationship for an existing person by creating Confidant Person relationship request with deactivate action.
Key points
Confidant Person relationship data for person can be obtained from following WS: https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/18000249924 .
Documents that prove relationship deactivation must be submitted as well.
In case if person has document that prove legal capacity user must call https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17613193262 and submit this document. This way will deactivate all relationships, so person receives an ability to have personal authentication methods etc.
Specification
Authorization
Verify the validity of access token
Return (401, 'Invalid access token') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'Invalid access token')
Check user scopes in order to perform this action (scope =
confidant_person_relationship_request:write
)Return (403, 'Your scope does not allow to access this resource. Missing allowances: confidant_person_relationship_request:write') in case of invalid scope(s)
Validation
Validate Person
Get person_id from URL
Validate person status is active (status = ‘active' & is_active = 'true’)
in case of error - return 404 ('Person is not found')
Validate request
Check presence of extra parameters
In case of error - return 422 ('schema does not allow additional properties')
Check presence of required parameters
In case of error - return 422 ('required property %{property} was not present')
Validate confidant person relationship
Check that confidant person relationship from
$.confidant_person_relationship.id
exists in https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17613488166/MPI#confidant_person_relationships with person_id = person_id from URL and is_active = true and active_to > now() or nullin case of error - return 422 ('Confidant Person relationship does not belong to this person')
Validate documents relationship
Validate documents
issued_at
dateCheck that issued_at <= now()
in case of error - return 422 ('Document issued date should be in the past')
Check that issued_at => person.birth_date
in case of error - return 422 ('Document issued date should greater than person.birth_date')
Validate document
type
according to DOCUMENT_RELATIONSHIP_TYPE dictionaryIn case of error - return 422 ('value is not allowed in enum')
Check that there are no duplicated document
type
values in requestin case of error - return 422 ('Values are not unique by 'type'.')
Validate document
number
according to regexp (as part of JSON Schema validation)BIRTH_CERTIFICATE -
^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$
In case of error - return 422 error ('string does not match pattern') with the corresponding regexp
Check that document
number
length < 255in case of error - return 422 ('expected value to have a maximum length of 255 but was <<document_number_length>>')
Validate authorize_with
Check that
$.authorize_with
is a valid uuidin case error - return 422 ('string does not match pattern') with uuid regexp
Check that auth method exists in MPI database,
person_authentication_methods
table, belongs to person from URL, is active (ended_at > now() or ended_at is null and is_active = true) and type != NAin case error - return 422 ('person has no corresponding authentication method')
Check that auth method type = THIRD_PERSON and value != confidant_person_id from
$.confidant_person_relationship.id
that is being deactivatedin case of error - return 422 ('Deactivation of relationship must verify another Confidant Person')
Check that third person from auth method has OTP auth method
in case of error - return 422 ('Deactivation of relationship must verify Person who has active authentication method with type OTP')
Service logic
Search confidant person relationship requests
To prevent overlimit and duplication of requests, search for active requests in https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17613422609/IL#confidant_person_relationship_requests table with person_id = person_id from URL and status = NEW.
If found - cancel them, set values:
status = CANCELLED
updated_at = now()
updated_by = user_id (from token)
Determine authentication method current for request
If
$.authorize_with
is existing - set its value as authentication method current for requestIf
$.authorize_with
is not existing - set default auth method as authentication method current for request - use function in mpi that return default auth methodif persons default auth method with type = THIRD_PERSON has value that equals to confidant_person_id from deactivated Confidant Person relationship - skip it, go to next method in list
if no additional methods were found - set authentication method current.type = OFFLINE
Generate upload URL
Depending on the payload system generates list of signed urls for document scan-copies upload.
Signed URLs to be expired after some period of time (according to SECRETS_TTL config parameter). If it has been expired - new confidant person relationship request should be created.
Each link is generated for one one-page document in jpeg format. Document should be no more than 10MB.
Generate URLs for each document from
$.confidant_person_relationship.documents_relationship
with following parameters:action:
PUT
bucket:
MEDIA_STORAGE_CONFIDANT_PERSON_RELATIONSHIP_REQUEST_BUCKET
resource_id:
confidant_person_relationship_request_id
resource_name:
confidant_person_relationship_request_#{type}.jpeg
Create new deactivation relationship request
Create new record to https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17613422609/IL#confidant_person_relationship_requests table, set values:
id = autogenerate uuid
person_id = person_id from URL
confidant_person_id = confidant_person_id from
$.confidant_person_relationship.id
that is being deactivatedconfidant_person_relationship =
$.confidant_person_relationship
status = NEW
action = DEACTIVATE
channel = MIS
authentication_method_current
type = OTP or OFFLINE
phone_number = phone_number from confidant persons active auth method with type = OTP (null if type = OFFLINE)
inserted_by = user_id (from token)
inserted_at = now()
updated_by = user_id (from token)
updated_at = now()
confidant_person_relationship_id =
$.confidant_person_relationship.id
documents_relationship = generated links for documents upload
Generate verification code
Get template for OTP SMS from CONFIDANT_PERSON_RELATIONSHIP_SMS_TEMPLATE
config parameter.
In case if authentication_method_current.type = OTP, invoke Initialize OTP to generate one time password and send it to confidant persons number that is stored in authentication_method_current.phone_number
. At this stage, the person receives an SMS message to confirm this phone and the consent to create confidant person relationship.
Render a response
Render a response according to specification.
ЕСОЗ - публічна документація