Implement an API to Generate MPIN #84

ashutosh.nehete · 2025-06-06T06:53:26Z

ashutosh.nehete commented

2025-06-06 06:53:26 +00:00

1. Input Received

The API receives a request body containing:
- The employee ID for whom the MPIN is to be generated.
- The raw MPIN value (a number or string, like a 4- or 6-digit PIN).

2. Logged-in Context

The system first identifies:
- The tenant ID (organization-level identifier).
- The currently logged-in employee.

3. Employee Validation

It checks if the employee from the input exists and belongs to the same tenant.
If the employee is not found or the MPIN is missing, the request is rejected with a bad request response.

4. Authorization Check

The API ensures that the logged-in user is only generating or updating their own MPIN.
If an employee tries to create an MPIN for someone else, the request is denied.

5. MPIN Hashing and Token Creation

The MPIN is securely hashed using SHA-256 to avoid storing raw MPIN values.
A token is then generated (similar to a JWT) to associate with the MPIN for secure future use.

6. Database Operation

The system checks if the user already has an MPIN saved:
- If not, it creates a new record with the hashed MPIN and token.
- If a record exists, it updates it with the new MPIN and token.

7. Logging

Logs are recorded throughout the process to track:
- Invalid inputs
- Unauthorized access attempts
- Successful creation or updates of MPIN

8. Response

On success, the system responds with a message and the MPIN token.
On failure (e.g., unauthorized or invalid input), appropriate error messages are returned.

**1. Input Received** - The API receives a request body containing: - The employee ID for whom the MPIN is to be generated. - The raw MPIN value (a number or string, like a 4- or 6-digit PIN). **2. Logged-in Context** - The system first identifies: - The tenant ID (organization-level identifier). - The currently logged-in employee. **3. Employee Validation** - It checks if the employee from the input exists and belongs to the same tenant. - If the employee is not found or the MPIN is missing, the request is rejected with a bad request response. **4. Authorization Check** - The API ensures that the logged-in user is only generating or updating their own MPIN. - If an employee tries to create an MPIN for someone else, the request is denied. **5. MPIN Hashing and Token Creation** - The MPIN is securely hashed using SHA-256 to avoid storing raw MPIN values. - A token is then generated (similar to a JWT) to associate with the MPIN for secure future use. **6. Database Operation** - The system checks if the user already has an MPIN saved: - If not, it creates a new record with the hashed MPIN and token. - If a record exists, it updates it with the new MPIN and token. **7. Logging** - Logs are recorded throughout the process to track: - Invalid inputs - Unauthorized access attempts - Successful creation or updates of MPIN **8. Response** - On success, the system responds with a message and the MPIN token. - On failure (e.g., unauthorized or invalid input), appropriate error messages are returned.

ashutosh.nehete added 1 commit 2025-06-06 06:53:27 +00:00

Implement an API to Generate MPIN 34577c41f7

vikas.nale merged commit 863a154ec6 into Issue_Jun_1W_2

2025-06-06 07:07:38 +00:00

vikas.nale referenced this issue from a commit

2025-06-06 07:07:40 +00:00

Merge pull request 'Implement an API to Generate MPIN' (#84) from Ashutosh_Task#471_Create_MPIN into Issue_Jun_1W_2

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: admin/marco.pms.api#84