Purpose

Verifying OTP, update (approval)  2FA item from token.

Request parameters

• token
• otp

Logic WS

• Validate token (2fa_access_token) 
  • If invalid - return error 4xx 
• Search user by token
• Validate user `is_blocked` flag
  • if is_blocked = TRUE
  • return 4xx - "User blocked" 

• Get active 2FA item for non-blocked user by $.user_id

  SELECT *
  FROM authentication_factors AS 2FA
  WHERE
      2FA.user_id = $.user_id
          AND 2FA.is_active = TRUE

  
  
  • If not found - return 409 error "Not found 2FA data for user"
• Extract type & factor from 2FA item for user
• Invoke internal function `verify_OTP (key, code)`, for 2FA.type = SMS, with params:
  • key = 2FA.faсtor
  • code = $.otp
• Get result of call `verify_OTP()`  
• If result = VERIFIED
  • Extract from `tokens.details` this attributes:
    • `request_authentication_factor` 
    • `request_authentication_factor_type` 
  • Update (set values) active 2FA item with `tokens.details.request_authentication_factor_type`:
    • factor = `tokens.details.request_authentication_factor` 
    • update_at = now()
  • Update 2fa_access_token (set `tokens.details.used`=true)
  • Return 200
• If result = UNVERIFIED
  • Update user (set values) by $.user_id
    • Increment `users.priv_settings.otp_error_counter` (+1)
  • If `users.priv_settings.otp_error_counter` > USER_OTP_ERROR_MAX
    • Blocked user - update user (set values) by $.user_id
      • is_blocked = TRUE
      • block_reason = "OTP verify attempts more then USER_OTP_ERROR_MAX"
      • updated_at = now()
  • return 401 error

Response

• 200 if 2FA successful set new.factor  + 2FA_object_view
• 4xx in other case