You are viewing an old version of this page. View the current version.

Compare with Current Restore this Version View Page History

« Previous Version 3 Next » 

accountManagement:
  referralSystemEnabled: true
  multifactorAuthentication:
    multifactorAuthSystemEnabled: true
  defaultLanguageISOCode: "en"
 limitForInputInvalidOneTimeToken: 5
  defaultCountryISOCode: "UA"
 userTypeToRegister: "regular_user"
 passwordRestrictions:
    passwordSimilarity:
      enabled: true
      minPasswordSimilarityValue: 0.15
      passwordsForSimilarityCount: 5 #min-1
 limitForPasswordHistory:
      enabled: false
      maxPasswordHistoryCount: 5
    limitForInputInvalidPassword: 5
  permissionRestriction:
    permissionRestrictionDurationAfterRecoverySecurityInMillis: 172800000
    permissionRestrictionDurationAfterChangeSecurityInMillis: 86400000
    permissionRestrictionDurationAfterPasswordOperationInMillis: 86400000
  userAvatarProperty:
    widthSize: 400
    heightSize: 400
  referralProperty:
    referralCodeLength: 8
    referralStartBonus: 0
    registrationBonus: 50
  registration:
    emailRegistrationEnabled: true
    phoneRegistrationEnabled: true
    registrationViaInviteLinkEnabled: true
    registrationViaFacebook: true
    registrationViaGoogle: true

    registrationWithVerificationEnabled: true
  invite:
    inviteNewUser: true

accountManagement is our main section. Here are the configurations that affect the behavior of our project
  • referralSystemEnabled

This setting depends on to whether our system will have a referral system. If the value -> true, then at the registration stage we will have an optional field for the referral code so that the user can enter it.
Importantly! The user must enter the correct code. If he entered the wrong code, the system will issue an error.

  • multifactorAuthentication

This config is responsible for setting MFA (multi-factor authentication).
We have three different MFA steps.

  1. email 
  2. phone 
  3. google Authenticator. 

If this value -> true, MFA is enabled in our system. The user must introduce tokens to those endpoints that require tokens from users. All tokens you can find in 
profile-api/service/src/main/java/com/knubisoft/service/enums/OneTimeTokenType.java
The user must request the tokens they have enabled for MFA. emailToken, PhoneNumberToken, googleAuthenticatorToken.
When registering, if we have MFA enabled, the system will prompt him to enable MFA step depending on the userKey under which he registers. If he registers using email, he will be prompted to enable emailMfaStep. The same goes for the phone.

Importantly! If we have MFA disabled, we disable a certain part of the endpoints that depend on this setting.
This is to obtain tokens for the login operation and restore security.
In this case, we will have a one-step login. Also, the user will not be able to restore security for the phone, e-mail, and Google Authenticator.

Endpoints:

  1. PUT /api/v1/account/password → Change user password
  2. PUT /api/v1/account/mobile → Endpoint for changing phone number
  3. POST  /api/v1/account/mobile Endpoint for binding phone number to account
  4. PUT /api/v1/account/email → Endpoint for changing email
  5. POST /api/v1/account/emailEndpoint →  for binding email to account
  6. PUT /api/v1/account/antiPhishingCode → Change anti-phishing code
  7. POST /api/v1/account/antiPhishingCode → Add anti-phishing code
  8. POST /api/v1/account/mobile/removing → Endpoint to remove phone number from account
  9. POST /api/v1/account/googleAuthenticator → Endpoint for binding Google Authenticator to account
  10. POST /api/v1/account/googleAuthenticator/removing → Endpoint to remove Google Authenticator from account
  11. POST /api/v1/account/email/removing → Endpoint to remove email from account
  12. POST /api/v1/account/password/recovery/verification → Password recovery verification
  13. POST /api/v1/login/verification → Endpoint to complete login
  14. POST /api/v1/account/security/recovery/verification → Verify that security recovery operation can be performed


  • defaultLanguageISOCode 
Displaying information in a specific language


  • limitForInputInvalidOneTimeToken
    limitForInputInvalidPassword

We use this value to limit token input during the operation. If the user entered the token incorrectly n times, the token becomes invalid and the user must request a new token.
This value is also used by us to enter the password when logging in. If the user entered the password incorrectly n times, then his account is blocked and he needs to recover the password.

  • defaultCountryISOCode


If we do not have Geolite included, then by default all users will have Location of Ukraine



  • userTypeToRegister

Type of user during registration.


  • passwordSimilarity

passwordSimilarity. This setting is responsible for password similarity. If this configuration is enabled, then when entering a new password/password recovery, it takes the number of previous passwords set using passwordsForSimilarityCount and checks them for similarity.

Compare two passwords for similarity.
* If similarityValue more than 0.15 (85%) passwords are similar.
* If similarityValue less or equal 0.15 passwords are different.
  • limitForPasswordHistory
    maxPasswordHistoryCount: 5

This setting controls how many recent passwords will be stored.


  • userAvatarProperty

Avatar size(height and weight).


  • referralProperty:
     referralCodeLength: 8 -> Referral code length
     referralStartBonus: 0 -> Starting value of bonuses.
     registrationBonus: 50 -> Bonus when registering with a referral code.



  • registration:
      emailRegistrationEnabled: true -> Pattern. Registration by e-mail only
      phoneRegistrationEnabled: true -> Pattern. Registration by phone only.
      registrationViaInviteLinkEnabled: true -> Registration is only an invitation from another user. Always email.
      registrationViaFacebook: true
      registrationViaGoogle: true
      registrationWithVerificationEnabled: true -> Standard registration.
    invite:
      inviteNewUser: true -> Access for an authorized user to create invitations for new user registration.


deviceManagement:
  enabled: true

If this configuration is enabled, the device from which he registered is added to the user device white list. If the user logs in through another device, a message about the new device will be sent to him.

Endpoints that depend on this setting.

@DELETE("/api/v1/account/devices/{deviceId}")
deleteDevice
@GET("/api/v1/account/devices")
getAllUserDevices



ipAddressManagement:
  enabled: true

If this configuration is enabled, the ip address from which he registered is added to the user ip white list. If the user logs in through another ip address, a message about the new ip address will be sent to him.