OTP.md
· 1.6 KiB · Markdown
Raw
```plantuml
@startuml
skin rose
actor User
participant RestAPI
participant RegisterAPI
database Redis
database DB
== Login ==
User -> RestAPI: Login(Email, Passwort)
RestAPI --> RestAPI: Login(Email, Password)
RestAPI --> RestAPI: Generate TempToken
RestAPI -> Redis: SET TempToken(CustomerInfo) TTL=120s
RestAPI -> User: TempToken
== OTP Recovery ==
User -> RegisterAPI: OTP_Recovery(TempToken)
RegisterAPI -> Redis: GET TempToken
RegisterAPI --> RegisterAPI: Generate Captcha
RegisterAPI -> User: Captcha-Bild
== Captcha ==
User -> RegisterAPI: Solve_Captcha(TempToken, Captcha-Code)
RegisterAPI --> RegisterAPI: Validate Captcha
RegisterAPI -> User: RecoveryContacts[]
User -> RegisterAPI: Recover(TempToken, RecoveryContacts[0])
== Send RecoveryToken ==
RegisterAPI --> RegisterAPI: Generate RecoveryToken
RegisterAPI -> DB: SET CustomerInfo(RecoveryToken)
RegisterAPI -> User: Send_SMS(RecoveryToken)
== Initialize new OTP ==
User -> RegisterAPI: Initialize_OTP(TempToken, RecoveryToken)
RegisterAPI -> Redis: SET CustomerInfo(OTP-Secret) TTL=?
RegisterAPI -> Redis: GET TempToken(CustomerInfo)
RegisterAPI -> DB: GET CustomerInfo(RecoveryToken)
RegisterAPI --> RegisterAPI: Validate RecoveryToken
RegisterAPI --> RegisterAPI: Generate OTP-Secret
RegisterAPI -> User: OTP-Secret
User --> User: Scan QR-Code/OTP-Secret
User --> User: Generate_OTP(OTP-Secret)
User -> RegisterAPI: Validate_OTP(TempToken, OTP-Code)
RegisterAPI -> Redis: GET TempToken(CustomerInfo)
RegisterAPI -> Redis: GET CustomerInfo(OTP-Secret)
RegisterAPI --> RegisterAPI: Validate_OTP(OTP-Secret, OTP-Code)
RegisterAPI -> DB: UpdateOTP(CustomerInfo, OTP-Secret)
RegisterAPI -> User: OK
@enduml
```
@startuml
skin rose
actor User
participant RestAPI
participant RegisterAPI
database Redis
database DB
== Login ==
User -> RestAPI: Login(Email, Passwort)
RestAPI --> RestAPI: Login(Email, Password)
RestAPI --> RestAPI: Generate TempToken
RestAPI -> Redis: SET TempToken(CustomerInfo) TTL=120s
RestAPI -> User: TempToken
== OTP Recovery ==
User -> RegisterAPI: OTP_Recovery(TempToken)
RegisterAPI -> Redis: GET TempToken
RegisterAPI --> RegisterAPI: Generate Captcha
RegisterAPI -> User: Captcha-Bild
== Captcha ==
User -> RegisterAPI: Solve_Captcha(TempToken, Captcha-Code)
RegisterAPI --> RegisterAPI: Validate Captcha
RegisterAPI -> User: RecoveryContacts[]
User -> RegisterAPI: Recover(TempToken, RecoveryContacts[0])
== Send RecoveryToken ==
RegisterAPI --> RegisterAPI: Generate RecoveryToken
RegisterAPI -> DB: SET CustomerInfo(RecoveryToken)
RegisterAPI -> User: Send_SMS(RecoveryToken)
== Initialize new OTP ==
User -> RegisterAPI: Initialize_OTP(TempToken, RecoveryToken)
RegisterAPI -> Redis: SET CustomerInfo(OTP-Secret) TTL=?
RegisterAPI -> Redis: GET TempToken(CustomerInfo)
RegisterAPI -> DB: GET CustomerInfo(RecoveryToken)
RegisterAPI --> RegisterAPI: Validate RecoveryToken
RegisterAPI --> RegisterAPI: Generate OTP-Secret
RegisterAPI -> User: OTP-Secret
User --> User: Scan QR-Code/OTP-Secret
User --> User: Generate_OTP(OTP-Secret)
User -> RegisterAPI: Validate_OTP(TempToken, OTP-Code)
RegisterAPI -> Redis: GET TempToken(CustomerInfo)
RegisterAPI -> Redis: GET CustomerInfo(OTP-Secret)
RegisterAPI --> RegisterAPI: Validate_OTP(OTP-Secret, OTP-Code)
RegisterAPI -> DB: UpdateOTP(CustomerInfo, OTP-Secret)
RegisterAPI -> User: OK
@enduml