User Service

Target release2019-M1
Epic PLAT-1 - Getting issue details... STATUS
Document status
DRAFT
Document owner
Dev StatusNOT STATED
QA StatusNOT STARTED
PO ApprovalPENDING


Context:
The Digit  UserService provides information useful for forcing a user to log in or out, and retrieving information about the user who is currently logged-in and what kind of privileges / roles he/she has.
Current User Service forces single tenant user creation, i.e., a user can only belong to one tenant. For example: Citizen can belong to state and employee can belong to particular ULB or City. It also provides authentication and issues/renews auth tokens for use system wide. Citizens can register as users through a self registration flow that supports OTP based registration of mobile numbers.

Version:

V1 (Jan-2017  To Dec-2018)

    • V1.1(Jan-2019 To March 2019)

What will Rainmaker accomplish : 


    1. Provide an easy-to-access, easy-to-use one-stop-shop for citizens to Pay, Apply, Inform and Resolve
    2. Make people accountable and processes transparent - to the citizen and also within the government
    3. Be easy and fast to deploy - across the government's machinery, across the state
    4. Be easy for eGov to setup the system - with minimal localization and data migration effort

Guidelines :


    1. Mobile first - services, info, dashboard and reporting
    2. Localize - language (app, notifications, tracking, info)
    3. All-browsers and all-device compatibility
    4. UX/UI - "aam aadmi" design and not "silicon valley" design
    5. Accountability of gov employee - never compromise
    6. Standard Ontology - complaints, feedback, updates etc
    7. Should work-well in low speed / no speed networks also


Audience:


    1. Product Managers
    2. Developers
    3. Testers
    4. Co-creation partners
    5. Implementation Team
    6. Third Party(TP) integrators

User Type:

DIGIT system has two types of users currently.


    1. Employee
    2. Citizen

Objectives V1:

Employee:


    1. Enable employee to login into DIGIT system.
    2. Enable employee to access application based on roles.

Citizen:


    1. Enable citizen to login into DIGIT system.
    2. Enable citizen to access application.


Feature List V1:

Employee:


    1. User registration
    2. Search user
    3. Update user details
    4. Forgot password
    5. Change password
    6. User role mapping(Single ulb to  multiple role)
    7. Enable employee to login into DIGIT system based on password.

CItizen:


    1. Create user
    2. Update user
    3. Search user
    4. User registration using OTP
    5. OTP based login

Employee/User Flow V1:


    1. Create Employee, Search Employee, Update Employee. a). Currently any employee is allowed to create user in all ULB API Details: {+}https://egov-micro-dev.egovernments.org/redoc/#tag/User%2Fpaths%2F~1users~1_create%2Fpost+
    2. Login Employee: a). Here first time login is same like any login. API Details: {+}https://egov-micro-dev.egovernments.org/redoc/#tag/User%2Fpaths%2F~1oauth~1token%2Fpost+

UserService V1.1

The main theme of this version is to make user service multi-tenant. A single user/employee can belong to multiple tenant with different role.

Objective V1.1:


    1. Enable employee for multiple ulb access and ULB based  role.
    2. Security
    3. Fixing tech debt
    4. API definition according to eGov standard.
    5. Lock/Unlock user
    6. Limit no. of OTP
    7. Changes in effected services

Feature List For Employee - V1.1


 

Feature

Enhancement (Why)

Currently

Impacted Module





Create user with multiple city and role mapping for each ULB

Employee can have control in multiple ULB where each ULB can have multiple roles.

Employee can operate only in a single(Base) ULB.

API Gateway


Can define state level user which provide ease of accessing state level roles.

State level user not possible.

All module which integrate with user module.




UI





Search user which returns multiple city data.

To support multi tenant user validation

Can't support multi-tenant user validations

API Gateway




All module which integrate with user module.
PT, PGR, TL, Finance




UI





Update user with multiple city and role mapping for each city.

To support multi tenant user update

Can't support multi tenant user update

API Gateway




All module which integrate with user module.




UI





Force to set password at first time login with OTP validation.

Make system more secure

Security issue, who ever is creating role can login into system

UI





Block / Unblock user on login failed for particular time.

Make system secure

Chances to guess password

UI


To avoid brute force attack

Brute force attack






Remove roles from User Service it should be pointing to MDMS roles

Code Cleanup

We need to maintain role at two places

NA


Ease in maintaining roles




Feature List For Citizen V1.1:


    1. Make user registration as two step process, firstly it will create user in inactive mode Once OTP validation is success then the user should be enable for login.
    2. Limit on resend OTP.
    3. Block / Unblock user on failed login attempt(Time based)