ThermalCube revised this gist . Go to revision
1 file changed, 3 insertions, 1 deletion
gistfile1.txt renamed to OTP.md
| @@ -1,3 +1,4 @@ | |||
| 1 | + | ```plantuml | |
| 1 | 2 | @startuml | |
| 2 | 3 | ||
| 3 | 4 | skin rose | |
| @@ -56,4 +57,5 @@ RegisterAPI -> DB: UpdateOTP(CustomerInfo, OTP-Secret) | |||
| 56 | 57 | RegisterAPI -> User: OK | |
| 57 | 58 | ||
| 58 | 59 | ||
| 59 | - | @enduml | |
| 60 | + | @enduml | |
| 61 | + | ``` | |
ThermalCube revised this gist . Go to revision
1 file changed, 59 insertions
gistfile1.txt(file created)
| @@ -0,0 +1,59 @@ | |||
| 1 | + | @startuml | |
| 2 | + | ||
| 3 | + | skin rose | |
| 4 | + | ||
| 5 | + | actor User | |
| 6 | + | participant RestAPI | |
| 7 | + | participant RegisterAPI | |
| 8 | + | database Redis | |
| 9 | + | database DB | |
| 10 | + | ||
| 11 | + | == Login == | |
| 12 | + | ||
| 13 | + | User -> RestAPI: Login(Email, Passwort) | |
| 14 | + | RestAPI --> RestAPI: Login(Email, Password) | |
| 15 | + | RestAPI --> RestAPI: Generate TempToken | |
| 16 | + | RestAPI -> Redis: SET TempToken(CustomerInfo) TTL=120s | |
| 17 | + | RestAPI -> User: TempToken | |
| 18 | + | ||
| 19 | + | == OTP Recovery == | |
| 20 | + | ||
| 21 | + | User -> RegisterAPI: OTP_Recovery(TempToken) | |
| 22 | + | RegisterAPI -> Redis: GET TempToken | |
| 23 | + | RegisterAPI --> RegisterAPI: Generate Captcha | |
| 24 | + | RegisterAPI -> User: Captcha-Bild | |
| 25 | + | ||
| 26 | + | == Captcha == | |
| 27 | + | ||
| 28 | + | User -> RegisterAPI: Solve_Captcha(TempToken, Captcha-Code) | |
| 29 | + | RegisterAPI --> RegisterAPI: Validate Captcha | |
| 30 | + | ||
| 31 | + | RegisterAPI -> User: RecoveryContacts[] | |
| 32 | + | User -> RegisterAPI: Recover(TempToken, RecoveryContacts[0]) | |
| 33 | + | ||
| 34 | + | == Send RecoveryToken == | |
| 35 | + | ||
| 36 | + | RegisterAPI --> RegisterAPI: Generate RecoveryToken | |
| 37 | + | RegisterAPI -> DB: SET CustomerInfo(RecoveryToken) | |
| 38 | + | RegisterAPI -> User: Send_SMS(RecoveryToken) | |
| 39 | + | ||
| 40 | + | == Initialize new OTP == | |
| 41 | + | ||
| 42 | + | User -> RegisterAPI: Initialize_OTP(TempToken, RecoveryToken) | |
| 43 | + | RegisterAPI -> Redis: SET CustomerInfo(OTP-Secret) TTL=? | |
| 44 | + | RegisterAPI -> Redis: GET TempToken(CustomerInfo) | |
| 45 | + | RegisterAPI -> DB: GET CustomerInfo(RecoveryToken) | |
| 46 | + | RegisterAPI --> RegisterAPI: Validate RecoveryToken | |
| 47 | + | RegisterAPI --> RegisterAPI: Generate OTP-Secret | |
| 48 | + | RegisterAPI -> User: OTP-Secret | |
| 49 | + | User --> User: Scan QR-Code/OTP-Secret | |
| 50 | + | User --> User: Generate_OTP(OTP-Secret) | |
| 51 | + | User -> RegisterAPI: Validate_OTP(TempToken, OTP-Code) | |
| 52 | + | RegisterAPI -> Redis: GET TempToken(CustomerInfo) | |
| 53 | + | RegisterAPI -> Redis: GET CustomerInfo(OTP-Secret) | |
| 54 | + | RegisterAPI --> RegisterAPI: Validate_OTP(OTP-Secret, OTP-Code) | |
| 55 | + | RegisterAPI -> DB: UpdateOTP(CustomerInfo, OTP-Secret) | |
| 56 | + | RegisterAPI -> User: OK | |
| 57 | + | ||
| 58 | + | ||
| 59 | + | @enduml | |
Newer
Older