Login
Description#
Allows clients to log into the system.
Input#
Phone number#
- Validation
- Required
OTP#
Additional validation#
- The phone number must belong to an existing client.
Access#
Any non-authenticated user can access this function.
Mechanism#
- If Function inputOTP is not provided
- Generate & save (or overwrite existing) the following OTP data:
- Entity propertyToken - A random 4 digit number
- Entity propertyExpiration date - 2 minutes from the moment of creation
- Entity propertyFailed login attempts - defaults to 0
- Send the generated OTP to the provided Function inputphone number via Twilio.
- Generate & save (or overwrite existing) the following OTP data:
- If Function inputOTP is provided
- Validate the Function inputOTP as follows:
- Check if maximum number of attempts (3) has been reached.
- Check if the Function inputOTP is expired.
- Check if the provided Function inputOTP matches the stored one.
- If the validation fails
- If all the checks pass, but the Function inputOTP is incorrect, increment the failed attempt counter.
- Return an error to the user with the amount of failed attempts and the maximum possible amount of failed attempts.
- If the validation passes
- Mark the client as verified if not already verified.
- Destroy all existing sessions of the client.
- Create a new session for the client.
- Validate the Function inputOTP as follows:
Notes#
Caveats
- The validation of the Function inputOTP is split between the input section and the mechanism section because the mechanism validation failure increases the counter while the input does not.