[FEAT] Multiple Recovery Account Endpoint- BACKEND

[ZainabAlayande]

Description

Enable users to recover their accounts using multiple recovery options such as email, SMS, and security questions. This feature will improve user experience by offering a flexible and secure way to regain access to their accounts.

Acceptance Criteria

• Users can set up multiple account recovery options, including email, SMS, and security questions.
• Users can recover their accounts using any of the configured recovery options.
• The recovery process is secure and prevents unauthorized access.
• Implement proper error handling and validation for recovery information.
• Ensure the recovery options adhere to best practices for security and user experience.

Purpose

The goal is to provide users with various methods to recover their accounts, enhancing both security and user experience. By offering multiple recovery options, users can choose the most convenient and secure method for them.

Requirements

• Implement a RESTful Endpoint for Account Recovery Setup
• Ensure the endpoint allows users to configure and manage their recovery options.
• Implement a RESTful Endpoint for Account Recovery
• Ensure the endpoint validates and processes recovery requests based on the configured recovery options.
• Follow best practices for RESTful API design and security
• Write Unit and End-to-End Tests

Endpoints

URL

1. ADD RECOVERY EMAIL

/api/v1/account/add-recovery-email

METHOD

POST

Request Body

• email (required): The recovery email to be added to the user account for account recovery.

  {
  "email": "adamgrant@gmail.com"
  }

RESPONSE

Success Response (json)

{
  "message": "Recovery email successfully added",
  "status_code": 200,
  "data": {}
}

Error Response (json)

{
  "message": "Invalid recovery email",
  "status_code": 400,
  "data": {}
}

2. DISPLAY SECURITY QUESTIONS

/api/v1/account/security-questions

METHOD

GET

RESPONSE

Success Response (json)

{
  "message": "Security Questions",
  "status_code": 200,
  "data": {
       "question_1": "What is your mother's maiden name?",
       "question_2": "In what city were you born?",
       "question_3": "What is the name of your first pet?",
  }
}

Error Response (json)

{
  "message": "Could not find security questions",
  "status_code": 404,
  "data": {}
}

3. SUBMIT ANWSERS TO SECURITY QUESTIONS

/api/v1/account/submit-security-answers

METHOD

POST

Request Body

{
  "answers": [
    {
      "question_1": "What is your mother's maiden name?",
      "answer_1": "User's Answer"
    },
    {
      "question_2": "In what city were you born?",
      "answer_2": "User's Answer"
    },
    {
      "question_3": "What is the name of your first pet?",
      "answer_3": "User's Answer"
    }
  ]
}

RESPONSE

Success Response (json)

{
  "message": "Security answers submitted successfully",
  "status_code": 200,
  "data": {}
}

Error Response (json)

{
  "message": "Could not submit security questions",
  "status_code": 400,
  "data": {}
}

4. ADD RECOVERY PHONE NUMBER

/api/v1/account/recovery-number

METHOD

POST

Request Body

• recovery-number (required): The recovery phone number to be added to the user account for account recovery.

{
  "phone_number": "09035678812"
}

RESPONSE

Success Response (json)

{
  "message": "Recovery phone number successfully added",
  "status_code": 200,
  "data": {}
}

Error Response (json)

{
  "message": "Invalid phone number",
  "status_code": 400,
  "data": {}
}

5. UPDATE RECOVERY OPTIONS

/api/v1/account/update-recovery-options

METHOD

PUT

Request Body

{
  "email": "newemail@example.com",
  "phone_number": "09012345678",
  "security_questions": [
    {
      "question_1": "What is your mother's maiden name?",
      "answer_1": "New Answer"
    },
    {
      "question_2": "In what city were you born?",
      "answer_2": "New Answer"
    },
{
      "question_3": "What is the name of your first pet?",
      "answer_3": "New Answer"
    }
  ]
}

RESPONSE

Success Response (json)

{
  "message": "Recovery options updated",
  "status_code": 200,
  "data": {}
}

Error Response (json)

{
  "message": "Invalid recovery options",
  "status_code": 400,
  "data": {}
}

6. DELETE RECOVERY OPTIONS

/api/v1/account/delete-recovery-options

METHOD

DELETE

Request Body

{
  "options": ["email", "phone_number", "security_questions"]
}

RESPONSE

Success Response (json)

{
  "message": "Recovery options successfully deleted",
  "status_code": 200,
  "data": {}
}

Error Response (json)

{
  "message": "Error deleting recovery options",
  "status_code": 400,
  "data": {}
}

TASK

• [ ] Design the account recovery endpoints for email, SMS, and security questions.
• [ ] Implement the recovery setup flow, allowing users to configure their preferred recovery options.
• [ ] Implement the account recovery flow, allowing users to recover their accounts using their configured recovery options.
• [ ] Integrate the recovery endpoints with the existing user database to validate and update user records.
• [ ] Implement secure handling and storage of recovery information.
• [ ] Implement error handling and validation for recovery information and user requests.
• [ ] Write unit tests for the recovery functionality.

Expected Outcome

• Functional account recovery endpoints that meet all acceptance criteria.
• Users can securely set up and use multiple recovery options (email, SMS, security questions).
• Recovery information is handled securely and stored appropriately.
• The system accurately processes recovery requests based on the provided recovery information.

[Shullyd7]

Add versioning to your endpoint and you're good to go