accountManagementsystemBehaviorConfigurations:
referralSystemEnabledantiPhishingCodeEnabled: true
multifactorAuthentication:
multifactorAuthSystemEnabledreferralSystemEnabled: true
defaultLanguageISOCodereferralProperty: "en"
limitForInputInvalidOneTimeToken: 5
defaultCountryISOCodereferralCodeLength: "UA"8
userTypeToRegister: "regular_user"
passwordRestrictions:
passwordSimilarity: referralStartBonus: 0
enabledregistrationBonus: true50
minPasswordSimilarityValue: 0.15multifactorAuthentication:
passwordsForSimilarityCountmultifactorAuthSystemEnabled: 5 #min-1
limitForPasswordHistorytrue
passwordRestrictions:
enabledpasswordValidationStrategy: false
maxPasswordHistoryCountuppercaseRequired: 5true
limitForInputInvalidPassword: 5
specialSymbolsRequired: permissionRestriction:true
permissionRestrictionDurationAfterRecoverySecurityInMillispasswordSimilarity: 172800000
permissionRestrictionDurationAfterChangeSecurityInMillis: 86400000
permissionRestrictionDurationAfterPasswordOperationInMillisenabled: 86400000true
userAvatarProperty:
widthSizeminPasswordSimilarityValue: 4000.15
heightSize: 400
referralPropertypasswordsForSimilarityCount:
5 referralCodeLength: 8
referralStartBonuslimitForInputInvalidPassword: 0
registrationBonus: 505
registration:
emailRegistrationEnabled: true
phoneRegistrationEnabled: true
registrationViaInviteLinkEnabled: true
registrationViaFacebookregistrationWithVerificationEnabled: true
oauth2:
registrationViaGooglefacebook: true
registrationWithVerificationEnabledgoogle: true
antiPhishingCodeEnabled -> invite:
Add anti phishing code inviteNewUser: true
accountManagement is our main section. Here are the configurations that affect the behavior of our project
referralSystemEnabled
...
multifactorAuthentication
This config is responsible for setting MFA (multi-factor authentication).
We have three different MFA steps.
- phone
- google Authenticator.
If this value -> true, MFA is enabled in our system. The user must introduce tokens to those endpoints that require tokens from users. All tokens you can find in
profile-api/service/src/main/java/com/knubisoft/service/enums/OneTimeTokenType.java
The user must request the tokens they have enabled for MFA. emailToken, PhoneNumberToken, googleAuthenticatorToken.
When registering, if we have MFA enabled, the system will prompt him to enable MFA step depending on the userKey under which he registers. If he registers using email, he will be prompted to enable emailMfaStep. The same goes for the phone.
Importantly! If we have MFA disabled, we disable a certain part of the endpoints that depend on this setting.
This is to obtain tokens for the login operation and restore security.
In this case, we will have a one-step login. Also, the user will not be able to restore security for the phone, e-mail, and Google Authenticator.
defaultLanguageISOCode
Displaying information in a specific languagelimitForInputInvalidOneTimeTokenlimitForInputInvalidPassword...
to profile api to user who have email. User can add anti phishing code for his account.endpoint that work from this config:
POST endpoint for add or change anti phishing code → /api/v1/account/antiPhishingCode
POST endpoint for send token for add or change anti phishing code → /api/v1/token/antiPhishingCode/changing
...
referralSystemEnabled -> Referral system in ProfileApi that awards bonuses to users if someone used their referral code during registration. Used when registering a user
...
multifactorAuthSystemEnabled -> Multi factor authentication during login flow.
this configuration enables multi factor authentication.
multi factor authentication is presented for:
- email
- phone number
- google authenticator.
The user can enable the selection of the option for multi factor authentication during authorization(login). In this case, user must request a token from our system for authentication.
endpoint that work from this config:
POST endpoint for send tokens for MFA authorization → /api/v1/token/login
POST endpoint for complete MFA authorization → /api/v1/login/verification
GET endpoint for get enabled MFA steps for user → /api/v1/account/details/mfa
POST endpoint for adding google authenticator to user account → /api/v1/account/googleAuthenticator
POST endpoint for removing google authenticator from user account → /api/v1/account/googleAuthenticator/removing
POST endpoint for enabling email MFA → /api/v1/account/email/mfa/enabling
POST endpoint for enabling phone number MFA → /api/v1/account/mobile/mfa/enabling
POST endpoint for disabling email MFA → /api/v1/account/email/mfa/disabling
POST endpoint for disabling phone number MFA → /api/v1/account/mobile/mfa/disabling
POST endpoint for sending a token to disabling MFA step (EMAIL, PHONE, GOOGLE) → /api/v1/token/mfa/disabling
POST endpoint for sending a token to a new key during user key recovery → /api/v1/token/userKeys/recovery/newKey
POST endpoint for user key recovery verification → /api/v1/token/userKeys/recovery/verification
...
passwordValidationStrategy
Configuration for password validation.uppercaseRequired: Upper case for password validation. Password must Contains at least 1 Upper case
specialSymbolsRequired: Special symbols for password validation. Password must Contains at least 1 Special symbols (!@ # $ % ^ & * ( ) _ - + = )
passwordSimilarityCompare provided password with your previous password and if they similar → reduce operationminPasswordSimilarityValue -> 0.15
defaultCountryISOCode
If we do not have Geolite included, then by default all users will have Location of Ukraine
userTypeToRegister
Type of user during registration.
passwordSimilarity
passwordSimilarity. This setting is responsible for password similarity. If this configuration is enabled, then when entering a new password/password recovery, it takes the number of previous passwords set using passwordsForSimilarityCount and checks them for similarity.
Compare two passwords for similarity.
* If similarityValue more than 0.15 (85%) passwords are similar.
* If similarityValue less or equal 0.15 passwords are different.
limitForPasswordHistorymaxPasswordHistoryCount: 5
This setting controls how many recent passwords will be stored.
userAvatarProperty
Avatar size(height and weight).
referralProperty:
referralCodeLength: 8 -> Referral code length
referralStartBonus: 0 -> Starting value of bonuses.
registrationBonus: 50 -> Bonus when registering with a referral code.
registration:
emailRegistrationEnabled: true -> Pattern. Registration by e-mail only
phoneRegistrationEnabled: true -> Pattern. Registration by phone only.
registrationViaInviteLinkEnabled: true -> Registration is only an invitation from another user. Always email.
registrationViaFacebook: true
registrationViaGoogle: true
registrationWithVerificationEnabled: true -> Standard registration.
invite:
inviteNewUser: true -> Access for an authorized user to create invitations for new user registration.
deviceManagement:
enabled: true
If this configuration is enabled, the device from which he registered is added to the user device white list. If the user logs in through another device, a message about the new device will be sent to him.
Endpoints that depend on this setting.
@DELETE("/api/v1/account/devices/{deviceId}")
deleteDevice
@GET("/api/v1/account/devices")
getAllUserDevices
...
passwordsForSimilarityCount -> number of passwords to compare
...
registration
Configurations for registration flowemailRegistrationEnabled -> Enable/disable registration via email. Used in validation at the api level.
phoneRegistrationEnabled -> Enable/disable registration via phone number. Used in validation at the api level.
registrationWithVerificationEnabled -> Default registration flow. More details -> Registration Flow
registrationViaInviteLinkEnabled -> Registration via invitation flow. More details -> Registration Flow
...
oauth2 -> These settings are responsible for registration or login through social networks. You can login via Google Facebook Apple Okta or Twitter. More details → Sign in/up with social networks.
...