Versions Compared

Old Version 3

changes.mady.by.user Kostenko Vadym

Saved on

compared with

New Version 4

changes.mady.by.user Kostenko Vadym

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
systemBehaviorConfigurations:
  antiPhishingCodeEnabled: trueaccountManagement:
  referralSystemEnabled: true
  multifactorAuthenticationreferralProperty:
    multifactorAuthSystemEnabledreferralCodeLength: true8
   defaultLanguageISOCode referralStartBonus: "en"0
   limitForInputInvalidOneTimeToken registrationBonus: 550
  defaultCountryISOCodemultifactorAuthentication: "UA"
 userTypeToRegister: "regular_user"
 
    multifactorAuthSystemEnabled: true
  passwordRestrictions:
    passwordSimilaritypasswordValidationStrategy:
      enableduppercaseRequired: true
      minPasswordSimilarityValuespecialSymbolsRequired: 0.15true
    passwordSimilarity:
   passwordsForSimilarityCount: 5 #min-1
 limitForPasswordHistoryenabled: true
      enabledminPasswordSimilarityValue: false0.15
      maxPasswordHistoryCountpasswordsForSimilarityCount: 5 
    limitForInputInvalidPassword: 5
  permissionRestrictionregistration:
    permissionRestrictionDurationAfterRecoverySecurityInMillisemailRegistrationEnabled: true
    phoneRegistrationEnabled: 172800000true
    permissionRestrictionDurationAfterChangeSecurityInMillisregistrationViaInviteLinkEnabled: 86400000true
    permissionRestrictionDurationAfterPasswordOperationInMillisregistrationWithVerificationEnabled: 86400000true
  userAvatarPropertyoauth2:
    widthSizefacebook: 400true
    heightSizegoogle: 400true


accountManagement:
  referralPropertydefaultLanguageISOCode: "en"
 defaultCountryISOCode: "UA"
  referralCodeLength: 8limitForInputInvalidOneTimeToken: 5
  limitForPasswordHistory:
    referralStartBonusenabled: 0false
    registrationBonusmaxPasswordHistoryCount: 505
  registrationuserAvatarProperty:
    emailRegistrationEnabledwidthSize: true400
    phoneRegistrationEnabledheightSize: true400



antiPhishingCodeEnabled -> Add anti registrationViaInviteLinkEnabled:phishing true
code to profile api registrationViaFacebook:to true
user who have email. registrationViaGoogle:User true
can add anti phishing registrationWithVerificationEnabled:code true
for  invite:
    inviteNewUser: true
accountManagement is our main section. Here are the configurations that affect the behavior of our project
  • referralSystemEnabled

...

  • multifactorAuthentication

This config is responsible for setting MFA (multi-factor authentication).
We have three different MFA steps.

  1. email 
  2. phone 
  3. google Authenticator. 

If this value -> true, MFA is enabled in our system. The user must introduce tokens to those endpoints that require tokens from users. All tokens you can find in 
profile-api/service/src/main/java/com/knubisoft/service/enums/OneTimeTokenType.java
The user must request the tokens they have enabled for MFA. emailToken, PhoneNumberToken, googleAuthenticatorToken.
When registering, if we have MFA enabled, the system will prompt him to enable MFA step depending on the userKey under which he registers. If he registers using email, he will be prompted to enable emailMfaStep. The same goes for the phone.

Importantly! If we have MFA disabled, we disable a certain part of the endpoints that depend on this setting.
This is to obtain tokens for the login operation and restore security.
In this case, we will have a one-step login. Also, the user will not be able to restore security for the phone, e-mail, and Google Authenticator.

Endpoints:

  1. PUT /api/v1/account/password → Change user password
  2. PUT /api/v1/account/mobile → Endpoint for changing phone number
  3. POST  /api/v1/account/mobile Endpoint for binding phone number to account
  4. PUT /api/v1/account/email → Endpoint for changing email
  5. POST /api/v1/account/emailEndpoint →  for binding email to account
  6. PUT /api/v1/account/antiPhishingCode → Change anti-phishing code
  7. POST /api/v1/account/antiPhishingCode → Add anti-phishing code
  8. POST /api/v1/account/mobile/removing → Endpoint to remove phone number from account
  9. POST /api/v1/account/googleAuthenticator → Endpoint for binding Google Authenticator to account
  10. POST /api/v1/account/googleAuthenticator/removing → Endpoint to remove Google Authenticator from account
  11. POST /api/v1/account/email/removing → Endpoint to remove email from account
  12. POST /api/v1/account/password/recovery/verification → Password recovery verification
  13. POST /api/v1/login/verification → Endpoint to complete login
  14. POST /api/v1/account/security/recovery/verification → Verify that security recovery operation can be performed
  • defaultLanguageISOCode 
Displaying information in a specific language
limitForInputInvalidOneTimeToken
limitForInputInvalidPassword

...

his account.

endpoint that work from this config:

POST endpoint for add or change anti phishing code → /api/v1/account/antiPhishingCode


POST endpoint for send token for add or change anti phishing code → /api/v1/token/antiPhishingCode/changing


referralSystemEnabled -> Referral system in ProfileApi that awards bonuses to users if someone used their referral code during registration.

Used when registering a user


multifactorAuthSystemEnabled -> Multi factor authentication during login flow.

this configuration enables multi factor authentication.
multi factor authentication is presented for:
- email
- phone number
- google authenticator.
The user can enable the selection of the option for multi factor authentication during authorization(login). In this case, user must request a token from our system for authentication.

endpoint that work from this config:

POST endpoint for send tokens for MFA authorization → /api/v1/token/login

POST endpoint for complete MFA authorization → /api/v1/login/verification

GET endpoint for get enabled MFA steps for user → /api/v1/account/details/mfa

POST endpoint for adding google authenticator to user account → /api/v1/account/googleAuthenticator

POST endpoint for removing google authenticator from user account → /api/v1/account/googleAuthenticator/removing

POST endpoint for enabling email MFA → /api/v1/account/email/mfa/enabling

POST endpoint for enabling phone number MFA → /api/v1/account/mobile/mfa/enabling

POST endpoint for disabling email MFA → /api/v1/account/email/mfa/disabling

POST endpoint for disabling phone number MFA → /api/v1/account/mobile/mfa/disabling

POST endpoint for sending a token to disabling MFA step (EMAIL, PHONE, GOOGLE) → /api/v1/token/mfa/disabling

POST endpoint for sending a token to a new key during user key recovery → /api/v1/token/userKeys/recovery/newKey

POST endpoint for user key recovery verification → /api/v1/token/userKeys/recovery/verification




passwordValidationStrategy 
Configuration for password validation.
uppercaseRequired: Upper case for password validation. Password must Contains at least 1 Upper case
specialSymbolsRequired: Special symbols for password validation. Password must Contains at least 1 Special symbols (!@ # $ % ^ & * ( ) _ - + = )
  • defaultCountryISOCode

If we do not have Geolite included, then by default all users will have Location of Ukraine

  • userTypeToRegister

Type of user during registration.

  • passwordSimilarity

passwordSimilarity. This setting is responsible for password similarity. If this configuration is enabled, then when entering a new password/password recovery, it takes the number of previous passwords set using passwordsForSimilarityCount and checks them for similarity.

Compare two passwords for similarity.
* If similarityValue more than 0.15 (85%) passwords are similar.
* If similarityValue less or equal 0.15 passwords are different.
  • limitForPasswordHistory
    maxPasswordHistoryCount: 5

This setting controls how many recent passwords will be stored.

  • userAvatarProperty

Avatar size(height and weight).

referralProperty:
 referralCodeLength: 8 -> Referral code length
 referralStartBonus: 0 -> Starting value of bonuses.
 registrationBonus: 50 -> Bonus when registering with a referral code.
registration:
  emailRegistrationEnabled: true -> Pattern. Registration by e-mail only
  phoneRegistrationEnabled: true -> Pattern. Registration by phone only.
  registrationViaInviteLinkEnabled: true -> Registration is only an invitation from another user. Always email.
  registrationViaFacebook: true
  registrationViaGoogle: true
  registrationWithVerificationEnabled: true -> Standard registration.
invite:
  inviteNewUser: true -> Access for an authorized user to create invitations for new user registration.
deviceManagement:
  enabled: true

If this configuration is enabled, the device from which he registered is added to the user device white list. If the user logs in through another device, a message about the new device will be sent to him.

Endpoints that depend on this setting.

@DELETE("/api/v1/account/devices/{deviceId}")
deleteDevice
@GET("/api/v1/account/devices")
getAllUserDevices

...