Closed edzillion closed 5 years ago
Equivalent PR on API https://github.com/CirclesUBI/circles-api/pull/78
AuthSaga initRecoverAccount() signs a message (a timestamp) and sends to API. phone_number and device_id sent in case of phone number or device change.
AuthSaga initRecoverAccount()
phone_number
device_id
body: { message: message, signature: signature, device_id: DeviceInfo.getUniqueID(), phone_number: phone }
usersController.recoverAccount() logic overview:
usersController.recoverAccount()
message
recoverAddress()
signature
getSNSEndpoint()
createSNSEndpoint()
updateSNSEndpoint
updatePhone()
user
At this point the user is signed out and will need to sign in or even use forgot password to recover the login credentials.
Equivalent PR on API https://github.com/CirclesUBI/circles-api/pull/78
FE
AuthSaga initRecoverAccount()signs a message (a timestamp) and sends to API.phone_numberanddevice_idsent in case of phone number or device change.API
usersController.recoverAccount()logic overview:messageto see if timestamp is less than 2.5 minutes old and not in the future. If fail then send 403recoverAddress()frommessageandsignaturegetSNSEndpoint()from aws snscreateSNSEndpoint()device_idhas changed thenupdateSNSEndpointphone_numberhas changed thenupdatePhone()on aws cognitouserto FEAt this point the user is signed out and will need to sign in or even use forgot password to recover the login credentials.