Versions Compared

Old Version 3

changes.mady.by.user Kostenko Vadym

Saved on

compared with

New Version Current

changes.mady.by.user Kostenko Vadym

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
accountManagementsystemBehaviorConfigurations:
  referralSystemEnabledantiPhishingCodeEnabled: true
  multifactorAuthentication:
    multifactorAuthSystemEnabledreferralSystemEnabled: true
  defaultLanguageISOCodereferralProperty: "en"
 limitForInputInvalidOneTimeToken: 5
  defaultCountryISOCodereferralCodeLength: "UA"8
  userTypeToRegister: "regular_user"
 passwordRestrictions:
    passwordSimilarity: referralStartBonus: 0
      enabledregistrationBonus: true50
      minPasswordSimilarityValue: 0.15multifactorAuthentication:
      passwordsForSimilarityCountmultifactorAuthSystemEnabled: 5 #min-1
 limitForPasswordHistorytrue
  passwordRestrictions:
      enabledpasswordValidationStrategy: false
      maxPasswordHistoryCountuppercaseRequired: 5true
    limitForInputInvalidPassword: 5
  permissionRestrictionspecialSymbolsRequired: true
    permissionRestrictionDurationAfterRecoverySecurityInMillispasswordSimilarity: 172800000
    permissionRestrictionDurationAfterChangeSecurityInMillis: 86400000
    permissionRestrictionDurationAfterPasswordOperationInMillisenabled: 86400000true
  userAvatarProperty:
    widthSizeminPasswordSimilarityValue: 4000.15
    heightSize: 400
  referralPropertypasswordsForSimilarityCount:
    referralCodeLength:5 8
    referralStartBonuslimitForInputInvalidPassword: 0
    registrationBonus: 505
  registration:
    emailRegistrationEnabled: true
    phoneRegistrationEnabled: true
    registrationViaInviteLinkEnabled: true
    registrationViaFacebookregistrationWithVerificationEnabled: true
  oauth2:
    registrationViaGooglefacebook: true
    registrationWithVerificationEnabledgoogle: true


antiPhishingCodeEnabled -> invite:
Add anti phishing code inviteNewUser: true
accountManagement is our main section. Here are the configurations that affect the behavior of our project
  • referralSystemEnabled

...

  • multifactorAuthentication

This config is responsible for setting MFA (multi-factor authentication).
We have three different MFA steps.

  1. email 
  2. phone 
  3. google Authenticator. 

If this value -> true, MFA is enabled in our system. The user must introduce tokens to those endpoints that require tokens from users. All tokens you can find in 
profile-api/service/src/main/java/com/knubisoft/service/enums/OneTimeTokenType.java
The user must request the tokens they have enabled for MFA. emailToken, PhoneNumberToken, googleAuthenticatorToken.
When registering, if we have MFA enabled, the system will prompt him to enable MFA step depending on the userKey under which he registers. If he registers using email, he will be prompted to enable emailMfaStep. The same goes for the phone.

Importantly! If we have MFA disabled, we disable a certain part of the endpoints that depend on this setting.
This is to obtain tokens for the login operation and restore security.
In this case, we will have a one-step login. Also, the user will not be able to restore security for the phone, e-mail, and Google Authenticator.

Endpoints:

  1. PUT /api/v1/account/password → Change user password
  2. PUT /api/v1/account/mobile → Endpoint for changing phone number
  3. POST  /api/v1/account/mobile Endpoint for binding phone number to account
  4. PUT /api/v1/account/email → Endpoint for changing email
  5. POST /api/v1/account/emailEndpoint →  for binding email to account
  6. PUT /api/v1/account/antiPhishingCode → Change anti-phishing code
  7. POST /api/v1/account/antiPhishingCode → Add anti-phishing code
  8. POST /api/v1/account/mobile/removing → Endpoint to remove phone number from account
  9. POST /api/v1/account/googleAuthenticator → Endpoint for binding Google Authenticator to account
  10. POST /api/v1/account/googleAuthenticator/removing → Endpoint to remove Google Authenticator from account
  11. POST /api/v1/account/email/removing → Endpoint to remove email from account
  12. POST /api/v1/account/password/recovery/verification → Password recovery verification
  13. POST /api/v1/login/verification → Endpoint to complete login
  14. POST /api/v1/account/security/recovery/verification → Verify that security recovery operation can be performed
  • defaultLanguageISOCode 
Displaying information in a specific language
limitForInputInvalidOneTimeToken
limitForInputInvalidPassword

...

to profile api to user who have email. User can add anti phishing code for his account.

endpoint that work from this config:

POST endpoint for add or change anti phishing code → /api/v1/account/antiPhishingCode

POST endpoint for send token for add or change anti phishing code → /api/v1/token/antiPhishingCode/changing

...

referralSystemEnabled -> Referral system in ProfileApi that awards bonuses to users if someone used their referral code during registration. Used when registering a user

...

multifactorAuthSystemEnabled -> Multi factor authentication during login flow. 

this configuration enables multi factor authentication.
multi factor authentication is presented for:
- email
- phone number
- google authenticator.
The user can enable the selection of the option for multi factor authentication during authorization(login). In this case, user must request a token from our system for authentication.

endpoint that work from this config:

POST endpoint for send tokens for MFA authorization → /api/v1/token/login

POST endpoint for complete MFA authorization → /api/v1/login/verification

GET endpoint for get enabled MFA steps for user → /api/v1/account/details/mfa

POST endpoint for adding google authenticator to user account → /api/v1/account/googleAuthenticator

POST endpoint for removing google authenticator from user account → /api/v1/account/googleAuthenticator/removing

POST endpoint for enabling email MFA → /api/v1/account/email/mfa/enabling

POST endpoint for enabling phone number MFA → /api/v1/account/mobile/mfa/enabling

POST endpoint for disabling email MFA → /api/v1/account/email/mfa/disabling

POST endpoint for disabling phone number MFA → /api/v1/account/mobile/mfa/disabling

POST endpoint for sending a token to disabling MFA step (EMAIL, PHONE, GOOGLE) → /api/v1/token/mfa/disabling

POST endpoint for sending a token to a new key during user key recovery → /api/v1/token/userKeys/recovery/newKey

POST endpoint for user key recovery verification → /api/v1/token/userKeys/recovery/verification

...

passwordValidationStrategy 

Configuration for password validation.
uppercaseRequired: Upper case for password validation. Password must Contains at least 1 Upper case
specialSymbolsRequired: Special symbols for password validation. Password must Contains at least 1 Special symbols (!@ # $ % ^ & * ( ) _ - + = )
passwordSimilarity
Compare provided password with your previous password and if they similar → reduce operation
minPasswordSimilarityValue -> 0.15
  • defaultCountryISOCode

If we do not have Geolite included, then by default all users will have Location of Ukraine

  • userTypeToRegister

Type of user during registration.

  • passwordSimilarity

passwordSimilarity. This setting is responsible for password similarity. If this configuration is enabled, then when entering a new password/password recovery, it takes the number of previous passwords set using passwordsForSimilarityCount and checks them for similarity.

Compare two passwords for similarity.
* If similarityValue more than 0.15 (85%) passwords are similar.
*  If similarityValue less or equal 0.15 passwords are different.
  • limitForPasswordHistory
    maxPasswordHistoryCount: 5

This setting controls how many recent passwords will be stored.

  • userAvatarProperty

Avatar size(height and weight).

referralProperty:
 referralCodeLength: 8 -> Referral code length
 referralStartBonus: 0 -> Starting value of bonuses.
 registrationBonus: 50 -> Bonus when registering with a referral code.
registration:
  emailRegistrationEnabled: true -> Pattern. Registration by e-mail only
  phoneRegistrationEnabled: true -> Pattern. Registration by phone only.
  registrationViaInviteLinkEnabled: true -> Registration is only an invitation from another user. Always email.
  registrationViaFacebook: true
  registrationViaGoogle: true
  registrationWithVerificationEnabled: true -> Standard registration.
invite:
  inviteNewUser: true -> Access for an authorized user to create invitations for new user registration.
deviceManagement:
  enabled: true

If this configuration is enabled, the device from which he registered is added to the user device white list. If the user logs in through another device, a message about the new device will be sent to him.

Endpoints that depend on this setting.

@DELETE("/api/v1/account/devices/{deviceId}")
deleteDevice
@GET("/api/v1/account/devices")
getAllUserDevices

...

passwordsForSimilarityCount -> number of passwords to compare

...

registration

Configurations for registration flow
emailRegistrationEnabled -> Enable/disable registration via email. Used in validation at the api level.
phoneRegistrationEnabled -> Enable/disable registration via phone number. Used in validation at the api level.
registrationWithVerificationEnabled -> Default registration flow. More details -> Registration Flow
registrationViaInviteLinkEnabled -> Registration via invitation flow. More details -> Registration Flow

...

oauth2 -> These settings are responsible for registration or login through social networks. You can login via Google Facebook Apple Okta or Twitter. More details → Sign in/up with social networks.

...