ЕСОЗ - публічна документація

Approve User Factor

Owned by Edward Voloshin (Unlicensed)
Last updated: Dec 08, 2017
1 min read

Specification

Apiary
approve-user-authentication-factor
PATCHmithril/api/users/actions/approve_factor
Scopeuser:approve_factor

Purpose

Verifying OTP, update (approval)  2FA item from token.

Request parameters

  • token
  • otp


Logic WS

  • Validate token (2fa_access_token) 
    • If invalid - return error 4xx 
  • Search user by token
  • Validate user `is_blocked` flag
    • if is_blocked = TRUE
    • return 4xx - "User blocked" 

  • Get active 2FA item for non-blocked user by $.user_id

    SELECT *
FROM authentication_factors AS 2FA
WHERE
    2FA.user_id = $.user_id
        AND 2FA.is_active = TRUE

    • If not found - return 409 error "Not found 2FA data for user"
  • Extract type & factor from 2FA item for user
  • Invoke internal function `verify_OTP (key, code)`, for 2FA.type = SMS, with params:
    • key = 2FA.faсtor
    • code = $.otp
  • Get result of call `verify_OTP()`  
  • If result = VERIFIED
    • Extract from `tokens.details` this attributes:
      • `request_authentication_factor` 
      • `request_authentication_factor_type` 
    • Update (set values) active 2FA item with `tokens.details.request_authentication_factor_type`:
      • factor = `tokens.details.request_authentication_factor` 
      • update_at = now()
    • Update 2fa_access_token (set `tokens.details.used`=true)
    • Return 200
  • If result = UNVERIFIED
    • Update user (set values) by $.user_id
      • Increment `users.priv_settings.otp_error_counter` (+1)
    • If `users.priv_settings.otp_error_counter` > USER_OTP_ERROR_MAX
      • Blocked user - update user (set values) by $.user_id
        • is_blocked = TRUE
        • block_reason = "OTP verify attempts more then USER_OTP_ERROR_MAX"
        • updated_at = now()
    • return 401 error

Response

  • 200 if 2FA successful set new.factor  + 2FA_object_view
  • 4xx in other case

ЕСОЗ - публічна документація