admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Implement API to log in through OTP verification #86

Merged
ashutosh.nehete merged 1 commits from Ashutosh_Task#483_Login_OTP into Issue_Jun_1W_2 2025-06-07 06:32:22 +00:00
Conversation 0 Commits 1 Files Changed 6 +2805
ashutosh.nehete commented 2025-06-07 06:25:25 +00:00
Collaborator
Copy Link

1. Input Validation

  • Validates that both Email and OTP are provided.
  • Ensures OTP is exactly 4 digits and numeric.
  • Returns 400 Bad Request if the input is invalid and logs a warning.

2. Fetch Employee by Email

  • Queries the Employees table (including related ApplicationUser) where:
    • Email matches,
    • Employee is active.
  • If no match is found, logs a warning and returns 404 Not Found.

3. Get User ID

  • Parses the employee's ApplicationUserId to get the userId (GUID).

4. Fetch Latest OTP

  • Retrieves the most recent OTP record from OTPDetails for this user and tenant.
  • If no OTP is found, logs a warning and returns 404 Not Found.
  1. Validate OTP Expiry
  • Calculates the expiry by adding ExpriesInSec to the TimeStamp.
  • If current time is beyond expiry or the OTP is already used:
    • Logs a warning,
    • Returns 400 Bad Request with an "OTP expired" message.

6. Match OTP

  • Compares the OTP provided with the one stored in the database.
  • If mismatch:
    • Logs the attempt,
    • Returns 401 Unauthorized.

7. Generate Tokens

  • If OTP is valid:
    • Generates a JWT access token using _refreshTokenService.GenerateJwtToken(...).
    • Creates a refresh token using _refreshTokenService.CreateRefreshToken(...).

8. Fetch MPIN Token

  • Looks for an existing MPIN token from MPINDetails (if set).

9. Mark OTP as Used

  • Updates the OTP record to set IsUsed = true and saves changes to prevent reuse.

10. Build and Return Response

  • Constructs the response with:
    • accessToken
    • refreshToken
    • Optional mpinToken (if found)
  • Logs successful login and returns 200 OK with token details.

11. Error Handling

  • Catches any unhandled exceptions.
  • Logs the error with the user's email for debugging.
  • Returns 500 Internal Server Error with a generic error message.
**1. Input Validation** * Validates that both Email and OTP are provided. * Ensures OTP is exactly 4 digits and numeric. * Returns 400 Bad Request if the input is invalid and logs a warning. **2. Fetch Employee by Email** * Queries the Employees table (including related ApplicationUser) where: * Email matches, * Employee is active. * If no match is found, logs a warning and returns 404 Not Found. **3. Get User ID** * Parses the employee's ApplicationUserId to get the userId (GUID). **4. Fetch Latest OTP** * Retrieves the most recent OTP record from OTPDetails for this user and tenant. * If no OTP is found, logs a warning and returns 404 Not Found. 5. Validate OTP Expiry * Calculates the expiry by adding ExpriesInSec to the TimeStamp. * If current time is beyond expiry or the OTP is already used: * Logs a warning, * Returns 400 Bad Request with an "OTP expired" message. **6. Match OTP** * Compares the OTP provided with the one stored in the database. * If mismatch: * Logs the attempt, * Returns 401 Unauthorized. **7. Generate Tokens** * If OTP is valid: * Generates a JWT access token using _refreshTokenService.GenerateJwtToken(...). * Creates a refresh token using _refreshTokenService.CreateRefreshToken(...). **8. Fetch MPIN Token** * Looks for an existing MPIN token from MPINDetails (if set). **9. Mark OTP as Used** * Updates the OTP record to set IsUsed = true and saves changes to prevent reuse. **10. Build and Return Response** * Constructs the response with: * accessToken * refreshToken * Optional mpinToken (if found) * Logs successful login and returns 200 OK with token details. **11. Error Handling** * Catches any unhandled exceptions. * Logs the error with the user's email for debugging. * Returns 500 Internal Server Error with a generic error message.
ashutosh.nehete added 1 commit 2025-06-07 06:25:26 +00:00
ashutosh.nehete merged commit 2fc44ec499 into Issue_Jun_1W_2 2025-06-07 06:32:22 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ashutosh.nehete kartik.sharma pooja.mali pramod.mahajan umesh.desai vaibhav.surve vikas.nale admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: admin/marco.pms.api#86
No description provided.
Delete Branch "Ashutosh_Task#483_Login_OTP"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?